Peep With A Mirror: Breaking The Integrity of Android App Sandboxing via Unprivileged Cache Side Channel

Explore a 15-minute USENIX Security '24 conference presentation that reveals critical vulnerabilities in Android's application sandboxing through cache side-channel attacks. Learn how researchers from Jinan University, Singapore Management University, and Zhejiang Lab demonstrate a novel attack method leveraging dynamic inter-app component sharing to breach sandbox integrity. Discover how their proof-of-concept attack tool ANDROSCOPE successfully extracts sensitive information like driving routes and keystroke patterns from targeted applications, highlighting significant security implications for Android's protective mechanisms. Gain insights into how unprivileged cache side channels can be exploited to conduct non-intrusive, fine-grained probing across different app sandboxes, potentially exposing private program behaviors and user data.