Security research institute disclosed that an APP exploited a vulnerability to illegally access user privacy and remote control.

A domestic security researcher DarkNavy posted an article on its public website, claiming that an Internet vendor's app exploited a loophole in the Android system to elevate its privileges, thus obtaining users' privacy and preventing itself from being uninstalled.
The first hacking technique used by the Internet vendor in its own seemingly harmless App is to exploit a seemingly obscure, but actually very effective attack in recent years Bundle feng shui - Android Parcel serialization and deserialization mismatch series of vulnerabilities to achieve a 0day/Nday attack, thereby bypassing the system checksum! The first is a system-level StartAnyWhere capability.
After gaining control of the cell phone system, the App opens a series of non-compliant operations, bypassing privacy compliance regulation and collecting users' private information (including social media account information, location information, Wi-Fi information, base station information, and even router information, etc.) The App further uses another hacking technique to read and write system App and sensitive system application files by utilizing the root-path FileContentProvider exported from the cell phone manufacturer's OEM code; and then breaks through the sandbox mechanism and bypasses the permission system to rewrite key system configuration files to keep itself alive. path FileContentProvider derived from the OEM code of the mobile phone manufacturer to read and write System App and sensitive system application files; then break through the sandbox mechanism, bypass the permission system to rewrite the key system configuration files to keep itself alive, modify the user's desktop (Launcher) configuration to hide itself or deceive the user to realize the uninstallation prevention; and then, further through the way of overwriting dynamic code files to hijack other applications to inject a backdoor. Subsequently, it further hijacks other applications by overwriting dynamic code files to inject backdoor execution code for a more covert long-term residency; it even realizes the same remote control mechanism as spyware, controlling the start and pause of illegal behaviors through a remote "cloud control switch" to avoid detection.