Cross-User Security on Android
This report takes a closer look at the security of the isolation between different user accounts on Android. In particular, the security of the so-called work profile is examined. This work profile should make it possible to store work data securely on smartphones which are also used privately. In this report, the technical implementation of this functionality on Android is presented. Furthermore, experiments have been conducted to determine whether the isolation of business data can be circumvented. Specifically, it has been investigated whether an application from the private space can deduce actions in the work profile. The experiments show that it is indeed possible to draw conclusions about websites opened in the work profile by analysing data accessible to an application in the private space.