Why does it have anything to do with the OS? The app developer more or less "chose" to share information, even if they did not do it on purpose. No reason proper permissions nor encryption could not of been used.
I'm that dude, and the POC doesn't use root. It has app level UID.
I was showing the permissions with a root shell, because that is what I have adbD running as on my daily phone.
To read a subdirectory under/data/ you need exec premissions on/data, but you don't have them.
He was using root shell, thus the story is moot.
Being the OP of the article, you are completely wrong. I had no problem reproducing it on stock, unrooted phones.
Research, then comment.
Test it? Still doubt? Once its fixed I will release source.
Slashdot Mirror
Ah thanks, I learned long ago not to click comment links, so I didn't follow it
Why does it have anything to do with the OS? The app developer more or less "chose" to share information, even if they did not do it on purpose. No reason proper permissions nor encryption could not of been used.
I'm that dude, and the POC doesn't use root. It has app level UID. I was showing the permissions with a root shell, because that is what I have adbD running as on my daily phone.
To read a subdirectory under /data/ you need exec premissions on /data, but you don't have them.
He was using root shell, thus the story is moot.
Being the OP of the article, you are completely wrong. I had no problem reproducing it on stock, unrooted phones. Research, then comment. Test it? Still doubt? Once its fixed I will release source.