0

Situation: Emulating Android devices for pen-testing

Problem: Choosing between emulating Android x86 or emulating Android on Qemu runing on ARM

Question: In terms of vulnerabilities/exploitability, does Android x86 and Android on Qemu ARM share the same security flaws given that their CPU instruction sets are different?

Additional information: While I would love to plug in an external Android device, it is simply not possible in my situation

Timothy Wong
  • 173
  • 8

1 Answers1

2

Answer: Low-level vulnerabilities, such as buffer overflows in the stagefright binary or underlying Linux kernel, will behave differently on every system that you run them on (ie: x86 Android, QEMU ARM, native ARM). Userland-level security vulnerabilities will be largely the same as they live at a high level of abstraction from the processor architecture.

disinformat
  • 61
  • 3
  • 1
    And by "userland" I don't mean Linux userland, I'm referring to the application layer of the Android OS. Meaning where apps are run. – disinformat Jan 31 '19 at 06:09
  • Welcome, @disinformat! You can [edit] your answer instead of adding additional information in the comments. – Tobi Nary Jan 31 '19 at 08:46