Blog: Android

VTech Innotab Max: it’s getting even worse! Apps run in debug mode

David Lodge 03 Dec 2015

After extracting an image from an Innotab last night using the methods we blogged about yesterday, we mounted it and had a look.

Here’s the /data directory mounted on a Linux VM


Looking at the system/packages list and things get a whole lot scarier

The format below is:

package       UID       debugflag       path


As you can see highlighted, virtually all the com.vtech.* apps have the debugflag enabled.

This means that with an ADB connection you don’t actually need root to read their sandbox or manipulate them.

We covered the significance of this a while back here:

What will we find next??