From Anime Game to Android System Security Vulnerability

A massive amount of Android devices are affected by a bug that causes /proc to be mounted without hidepid=2, which opens up the ability for unprivileged applications to read many information of other processes. Google promptly updated its Compatibility Test Suite (CTS) to prevent any future systems* containing this bug from shipping to end users. This vulnerability is not severe but still should be fixed since it is part of the Android application sandbox. The way to mitigate this issue is either through a system upgrade, or remounting /proc with proper flags with root permission.
I created the app ProcGate to let you detect (no root) and fix this issue (only if rooted), you can download it here.

* CTS is only required for devices with Google Services, which pretty much means all Android devices other than those in China and Amazon Android devices.

Fate/Grand Order

Experiments

Analysis

Digging Deeper

com.cih.game_cih
com.hexview.android.memspector
cn.mm.gk
pl.Nyki.Dax
catch_.me_.if_.you_.can_
com.sbgamehacker
jp.kbc.ma34.devicefaker
com.saurik.substrate
de.robv.android.xposed.installer
com.felixheller.sharedprefseditor
cn.mc.sq
cn.mc1.sq
com.cih.game_cih
pl.aqua.gameguardian
org.sbtools.gamehack
com.hexview.android.memspector
mr.big.stuff
cat.dcat.roothide
de.robv.android.xposed.installer
com.saurik.substrate
com.topjohnwu.magisk
com.loserskater.suhidegui
eu.chainfire.suhide
eu.chainfire.supersu
eu.chainfire.supersu.pro
com.noshufou.android.su
com.koushikdutta.superuser
me.phh.superuser
/system/app/superuser.apk
/system/app/Superuser.apk
/system/app/SuperUser.apk
/system/app/SUPERUSER.apk
/su/suhide
A snippet of the strace output

ProcFS Leak

PID 2665 and PID 4654 should not show up here

The Bug

What’s the Issue?

Widespread

ProcGate

Conclusion

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store