Although the Android operating system is rooted in open source software, it is not entirely open source. Each device contains several different types of closed-source, proprietary software. Such closed software is tedious and difficult to review and therefore is often of lower code quality. This can lead to serious security issues remaining undiscovered. This talk aims to shine light on these dark places of Android.
This presentation covers enumeration, reverse engineering, and auditing of the proprietary bits of Android. A summation of results obtained from interrogating the presenter's Android device collection (including those from Samsung, Motorola, LG, and HTC) will be presented. The presenter will provide a plethora of tips and tricks for obtaining and examining these less reviewed pieces of software. Finally, previously undisclosed bugs will be discussed in a brief case study.