How to get Android2.1 to 4.1
Vulnerability name: Android FakeID ,
Introduction : The vulnerability is caused by Android not verifying the certificate trust chain. Generally, programs that use certificates, such as browsers using HTTPS protocol, need to verify the certificate trust chain level by level until the root certificate stored in the system in advance. However, the certificates used by Android developers are generally self-signed and do not need to To verify the certificate trust chain, the Android system does not do this verification. Under this condition, hackers can add certificates to the certificate trust chain at will. When the added certificate is the same as an application certificate in Android, the application written by the hacker can access the data of the application, such as reading user emails, stealing payment information, etc., and can also do anything with the permissions of the application, such as Texting, calling, etc. At the same time, because the Android system supports multiple signatures, hackers can forge multiple certificates and obtain the permissions and data of multiple trusted applications, which aggravates the damage of this vulnerability.
Reference: http://www.hackdig.com/?08/hack-12502.htm
How to get Android5.0 to 8.0
Vulnerability name: Janus (CVE-2017-13156)
Introduction: This vulnerability allows an attacker to arbitrarily modify the code in an Android application without affecting its signature.
Reference: https://juejin.im/entry/5a2e31b151882554bd5100b6
How to get Android 6.0 and below
Vulnerability name: MasterKey
Similar vulnerabilities
"9695860" vulnerability and "9950697" vulnerability
Reference: https://juejin.im/entry/5a2e31b151882554bd5100b6
