Possible Security Exploit

Created by: E3V3A

Apparently AIMSICD is debuggable, hopefully because its needed, but possibly because it was forgotten. According to this page , debuggable Apps can be a security risk.

The way to check is:

cat /data/system/packages.list | grep AIMSICD

If the 3rd field is "1", it is debuggable. (You should check all your Apps!)

Then you can also check by pulling the app and then viewing the App's AndroidManifest.xml file with:

aapt d xmltree com.name.apk

jdwp-control = Java Debug Wire Protocol

More info is to be found at Blackhat Media. Can you fix this, @xLaMbChOpSx?

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.