Jean-Marie 'Histausse' Mineau
d1dba30426
Some checks failed
/ test_checkout (push) Failing after 20s
11 lines
1.2 KiB
Typst
11 lines
1.2 KiB
Typst
#import "../lib.typ": SDK, API, API, etal
|
|
|
|
== Platform Classes <sec:bg-soa-platform>
|
|
|
|
As we said earlier, hidden #API are undocumented methods that can be used by an application, thus making them a potential blind spot when analysing an application.
|
|
However, not a lot a research has been done on the subject.
|
|
Li #etal did an empirical study of the usage and evolution of hidden #API~@li_accessing_2016.
|
|
They found that hidden #API are added and removed in every release of Android, and that they are used both by benign and malicious applications.
|
|
More recently, He #etal~@he_systematic_2023 did a systematic study of hidden service #API related to security.
|
|
They studied how the hidden #API can be used to bypass Android security restrictions and found that although Google countermeasures are effective, they need to be implemented inside the system services and not the hidden #API due to the lack of in-app privilege isolation: the framework code is in the same process as the user code, meaning any restriction in the framework can be bypassed by the user.
|
|
Unfortunately those two contributions do not explore further the consequences of the use of hidden #API for a reverse engineer.
|