Android Class Load Hijacking
Android Class Load Hijacking
Description
The applications loads jar/apk stored in an insecure location.
This load process can be hijacked, allowing access to private data and unexpected arbitrary code execution by malicious applications
Recommendation
If you use DexClassLoader to load and execute additional DEX code:
- Do NOT use a world-writable directory (such as the SD card) for the dexPath
- Do NOT use a world-writable directory (such as the SD card) for the ODEX (optimized DEX which is the second paramter of the DexClassLoader constructor)
If you use PathClassLoader to load and execute additional jar/resources:
- Do NOT use a world-writable directory (such as the SD card) for the path
- Do NOT use a world-writable directory (such as the SD card) for the libpath. By default, the external storage is mounted with the noexec flag to prevent the execution of any native binaries on the mounted file system.
Links
Standards
- OWASP_MASVS_L1:
- MSTG_PLATFORM_2
- OWASP_MASVS_L2:
- MSTG_PLATFORM_2
- CWE_TOP_25:
- CWE_22
- PCI_STANDARDS:
- REQ_2_2
- REQ_3_5
- REQ_6_2
- REQ_6_3
- REQ_11_3