A Response Measure to the Security Threat of Virtual Space App
Virtual Space App
Recently, the Virtual Space App, which allows you to use the same app dual on one smartphone, has been gaining popularity.
Virtual Space App creates an isolated virtual environment within a single smartphone and provides an environment where the same app can run dually inside.
For example, SNS and chat apps are dually created on one device, so you can log in to two accounts simultaneously without logging out and play the same game with two IDs simultaneously.
his convenience exposes many security threats to users who use Virtual Space App and to users who use Virtual Space App and the APP services they install on Virtual Space App to run dual.
Two Sides of Virtual Space App security threats
With this Virtual Space App, you can easily create dual apps because one app can be run through multiple instances, but behind this convenience, there are also many security problems.
Basically, apps installed on Android manage the data they generate in the sandbox area, which runs with its own UID(user identifier) and GID(group identifier) when the app is installed. These separately managed apps on the system cannot invade each other's sandbox area, so you can isolate apps from each other and protect them from malicious apps.
However, suppose you install certain apps on the Virtual Space App to use dual apps. In that case, the UID and GID of all apps in the Virtual Space App are set to the same, allowing access to each app's usage area and memory, which poses a significant security threat.
For users who use the Virtual Space App, the Guest App installed inside the Virtual Space App requires additional user data access to prevent the app from crashing, dramatically increasing the security threat inside the mobile system.
1. Threats to APP
In Virtual Space App, various isolation mechanisms provided by the Android system, such as permissions, storage, and components, are broken. Even if an app already has basic security functions, when run inside the Virtual Space App, the security sandbox is unlocked, exposing malicious malware apps installed inside to hacking threats such as accessing personal files or replicating and tampering with common apps.
In addition, each other's processes can be accessed within the same Virtual Space App, so you can receive the same level of threats as those from the rooted device, such as memory tampering.
In the case of a specific memory cheating tool, the use of Virtual Space App is recommended among execution methods on non-rooted devices, so it is emerging as one of the threats to be blocked for safe APP service.
The following are the types of attacks that an APP installed in the Virtual Space App can receive.
(1) Increase permissions attack
Generally, when you use a virtual space app, your device pre-applies several permissions and features. If malicious malware APP is installed inside a virtual space app, you can use these permissions to access or leak sensitive data, such as user search history and cookies. This means that customer information of common apps installed inside virtual space apps and important information about app services may be exposed.
Other processes can also access memory on my APP that can be used to expose critical memory and memory tampering attacks.
(2) Code insertion attack
Inside the Virtual Space App, a malicious Malware APP can tamper with the executables of other APPs, which are loaded via dynamic loading. At runtime, most APPs can load executable files (such as .dex files, .jar files, .so files) stored in private directories, and malicious Malware APPs installed inside the Virtual Space App can tamper with or replace these files, which can lead to code insertion attacks on other targeted APPs.
(3) Replication attack
If malicious malware APP A and regular app B are executed in the same Virtual Space App, A can secretly compress and upload important information created and entered when B is running to a remote server. You will be able to log directly into the regular app.
2. Users Who Installed Virtual Space App Will Face the Following Threats
In fact, the Virtual Space App is designed for your convenience. In fact, the Virtual Space App is designed for your convenience. Specifically, users who install Virtual Space App are exposed to hacking threats due to Virtual Space App attacks and malicious malware attacks. Below is a description of the threats faced by the user who installed the Virtual Space App and the hacker attacks.
(1) Hijacking attack
It is a hijacking attack that can arbitrarily control the execution of an APP on a device with the numerous privileges of the Virtual Space App. For example, a malicious Virtual Space App can intercept user input from the login window after APP starts with root permissions on the victim's device. This user's login eligibility is captured, and malware can remotely upload them to the server to intercept and exploit the user's input data.
(2) Ransomware attack
Inside the Virtual Space App, a malicious Malware APP can encrypt or delete files from other APPs. The attacker demands a certain amount of ransom from the user, and the user must pay the ransom to restore the original file. Because this ransomware can be automatically propagated to cloud servers and other client devices, it is also dangerous that files encrypted with malicious Guest App can be uploaded to the cloud through the automatic synchronization mechanism of the cloud.
(3) Phishing attack
In Android 5.0 and later, third-party apps cannot call the getRunningTasks() function to obtain foreground application process information, but this is allowed within the Virtual Space App. This enables a phishing attack in which a malicious Guest App intercepts the security information that the user enters in the Android app. This may expose the information entered by the user.
A Response Measure to the Security Threat of Virtual Space App
The fundamental reason for all these security risks is that the apps installed within the Virtual Space App share the same UID, so access rights are shared.
In any case, it's never a good idea to set a level of security that makes your app data accessible to anyone.
Therefore, in order to defend against these security threats, users should refrain from using the Virtual Space App, and service providers that service the APP should be able to detect and block the APP running in the Virtual Space App.
LIAPP detects that your mobile app is running on the Virtual Space App, protects the app by blocking it from running, and protects it from the risk of exposing sensitive information from APP users.
As Virtual Space App users continue to increase, LIAPP team strongly recommends preparing thoroughly for security.