With all the vulnerabilities that we are able to find with respect to Android apps, it is important to understand what could potentially happen if attackers elevate privilege on the device from the app. This section focuses on vulnerabilities on the device itself rather than on an app.
Implementation vulnerabilities are of two types:
Let's take an example of packages that are running under the UID 1000. The following screenshot shows how many apps are running under the same UID. These shared IDs can be taken advantage of by malicious apps in order to control the device, even if it is not rooted. The following command is used to show how many apps are running under the same UID:
run app.package.list –u 1000
One more example is system accounts being stored in plaintext...