Android 4.0 + Security in the face of Custom ROMs
Max will give an overview of Android’s device protection mechanisms in 4.0+ and how they can be circumvented or unintentionally undermined by device manufacturers, 'cause each device manufacturer or carrier can add or modify code from the Android Open Source Project (AOSP). This can include access to device memory, exploitable processes which run as the root user, initialization scripts which perform privileged actions without proper validation, or APKs which leak access to otherwise-protected information sources. The talk will also detail /boot and /recovery differences between OEMs, how signature checks are performed, and demonstrate some of our tools to examine new devices and find potential security flaws.