Mobile security is still a fairly young practice, but its not unexplored. Over the past few years, there has been plenty of research on mobile threats, such as exploits, malicious applications, and more recently, drive-by downloads. However, there is at least one aspect of security that is lacking documentation, and that is the physical security of the device. One of Androids great selling points, customization, is also one of its weakest in terms of security. While recent versions of Android support drive encryption, and even remote wipe, these defenses still cant protect you from a physical attack that you didnt even realize happened especially if that phones other defenses have already been weakened by its owner. And thats exactly what this talk intend to do: teach you how to successfully conduct a physical drive-by download on a device; and in some cases, one that may only be accessible for a single minute.