Re: Google's Android: remote install backdoor in Google Play Services

[Michael Lazin <microlaser () gmail com>]

I do see the point and even though it is not a deliberate back door the end
result is if your google account is compromised and an attacker wants to be
sneaky they could push software to your android device without
your permission.   Given the history of malware found in the play store I
would recommend making a feature request to google to notify you if someone
pushes software from the web from a previously unknown IP.  If you don't
want to do this I would be happy to and would of course credit you for your
find.

On Fri, Oct 16, 2020, 1:21 PM Pedro Cunha <pedroagracio () gmail com> wrote:

> I don't see how this is an "on-purpose backdoor". As far as I know, this
> feature is used so you can install Android apps on your phone via the web
> interface on another device (like a desktop) logged into the same Google
> account, via the Play Store.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/