Breaking Business as Usual: Attacking Android Enterprise Solutions

Explore the security challenges and vulnerabilities in Android enterprise solutions in this 36-minute conference talk from BSidesLV. Dive into the Android Work Profiles ecosystem, examining its design and threat model from the perspectives of IT administrators, Enterprise Mobility Management (EMM) service providers, and work app developers. Investigate potential security risks, including personal apps accessing work data, IT admin privilege escalation, and the impact of rootkits and malicious apps on both work and personal profiles. Witness proof of concept walkthroughs and exploits demonstrating these vulnerabilities. Gain actionable insights with a comprehensive cheat sheet for securing work profile configurations across various EMM services. Engage in a critical discussion on balancing security, control, and privacy in the evolving mobile security landscape.