From cleaners to creepers: The risk of mobile privilege escalation

In this Help Net Security video, Nico Chiaraviglio, Chief Scientist at Zimperium, explores how Android apps can be abused to escalate privileges, giving attackers access to sensitive data and system functions.

Drawing on Zimperium’s recent research, he breaks down two major threat vectors: malicious apps disguised as legitimate tools like cleaners or QR scanners, and vulnerable or misconfigured apps, including pre-installed OEM software.

Chiaraviglio explains how these threats bypass normal safeguards and outlines how organizations can defend against them using app vetting, code audits, and permission checks. Watch now to better understand mobile privilege escalation and how to protect against it.

Key findings from the report include:

• Permissions overload: Many utility and cleaner apps request far more access than needed, enabling them to monitor users, change settings, and hijack devices.
• OEM loopholes: Device makers often grant powerful system permissions to apps, which can be hijacked by malware or misused by compromised apps.
• Accessibility API abuse: Despite Google’s controls, bad actors still exploit the Accessibility API to steal credentials, automate actions, and install malware.
• Sideloading workarounds: Apps installed outside the Play Store can bypass security restrictions using session-based install tricks and dropper apps.
• Malicious “cleaner” apps: Some cleaner apps use their high privileges as cover to launch malware, steal data, and perform fraudulent transactions.
• Pre-installed app risks: Even trusted, factory-installed apps have been found with vulnerabilities exposing private data and system controls.