16 February 2017 By Tara Seals
A pair of newly uncovered Android vulnerabilities allow maliciously crafted personal apps to silently view, steal and even manipulate content that should be safely locked in the Work profile of Android.
Google’s work features in Android were developed to address the massive demand for using personal devices in the business environment. The basic idea is to create a separate profile on the device which has business-level controls, while leaving the original, personal profile open and unmanaged.
The Android mechanism of user separation relies on an additional sandbox or secure container, where apps outside the sandbox cannot access data inside the sandbox,” explained Yair Amit, CTO and co-founder, Skycure, in a blog. “In other words, no application installed within the device’s personal profile should have any kind of access to the activity or content in the work profile.”
Powered by WPeMatico