0

On Android, every app has its own internal storage and supposed to be only accessible through the same app.

What would happen if someone creates an unix 'hard link' in different app to point to the app's internal file (if he knows the file name and the app package's internal file path). Would other app be able to use this 'hard link' to access the app's cache file?

Or the 'hard link' of the app's internal file can only be accessed through the same app?

Searched and not find answer, appreciated if someone knows and share.

lannyf
  • 9,865
  • 12
  • 70
  • 152
  • You cant access another app internal storage, hard link or not this doesn't change. Only if the phone is rooted you can access everything you want. But if files are encrypted probably you can't read them anyway – MatPag Feb 06 '17 at 21:18
  • @MatPag, thanks for responding! But it does allow to create a hardlink from different app point other app's internal data. It has been proved on android 4.4.4, not sure other so tho. The test was done on emulator (not a rooted phone) to create a hardlink from other app#1, and pass back the 'hardlink' path to the original app#1, and the content can be read with that hardlink. – lannyf Feb 06 '17 at 21:27
  • An emulator is "like" a rooted phone, you can read/write internal apps storage with no problems for development reasons – MatPag Feb 06 '17 at 21:32
  • look at http://subs.emis.de/LNI/Proceedings/Proceedings256/67.pdf, it seems the hard link could by pass the 'sandbox'. – lannyf Feb 06 '17 at 22:10
  • It's really interesting, but i think the main problem here is how the app handle external URI. Researchers have found that providing the app with malicious URIs in some cases you can retrieve sensible information from the internal app storage. So if the misconfiguration is present it's an app fault rather than an Android fault. As per [this article](http://www.networkworld.com/article/3051654/security/researchers-reveal-surreptitious-sharing-on-android-vulnerabilities.html) the flaws were corrected in all the apps (except Skype at the time of writing) – MatPag Feb 06 '17 at 23:09

0 Answers0