David Barrera
Paul C. van Oorschot
ABSTRACT
We provide a detailed analysis of two largely unexplored aspects of the security decisions made by the Android operating system during the app installation process: update integrity and UID assignment. To inform our analysis, we collect a dataset of Android application metadata and extract features from these binaries to gain a better understanding of how developers interact with the security mechanisms invoked during installation. Using the dataset, we find empirical evidence that Android's current signing architecture does not encourage best security practices. We also find that limitations of Android's UID sharing method force developers to write custom code rather than rely on OS-level mechanisms for secure data transfer between apps. As a result of our analysis, we recommend incrementally deployable improvements, including a novel UID sharing mechanism with applicability to signature-level permissions. We additionally discuss mitigation options for a security bug in Google's Play store, which allows apps to transparently obtain more privileges than those requested in the manifest.
- Anderson, R., Bergadano, F., Crispo, B., Lee, J.-H., Manifavas, C., and Needham, R. A new family of authentication protocols. ACM SIGOPS Operating Systems Review 32, 4 (1998). Google Scholar
Digital Library
- Arkko, J., and Nikander, P. Weak authentication: How to authenticate unknown principals without trusted parties. In Security Protocols (2002).Google Scholar
- Barrera, D., Kayacik, G., van Oorschot, P., and Somayaji, A. A Methodology for Empirical Analysis of Permission-based Security Models and its Application to Android. In CCS (2010). Google ScholarDigital Library
- Barrera, D., and van Oorschot, P. Secure software installation on smartphones. IEEE S&P Magazine 9, 3 (2011). Google ScholarDigital Library
- Becher, M., Freiling, F. C., Hoffmann, J., Holz, T., Uellenbeck, S., and Wolf, C. Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices. In IEEE S&P Symposium (2011). Google ScholarDigital Library
- Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A., and Shastry, B. Towards taming privilege-escalation attacks on Android. In NDSS (2012).Google Scholar
- Chia, P. H., Yamamoto, Y., and Asokan, N. Is this app safe? A large scale study on application permissions and risk signals. In WWW (2012). Google ScholarDigital Library
- Damgard, I., and Koprowski, M. Practical threshold RSA signatures without a trusted dealer. In EUROCRYPT (2001). Google ScholarDigital Library
- Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., and Wallach, D. S. Quire: Lightweight provenance for smart phone operating systems. In USENIX Security (2011). Google ScholarDigital Library
- Eckersley, P., and Burns, J. Is the SSLiverse a safe place? In Chaos Communication Congress (2010).Google Scholar
- Egele, M., Kruegel, C., Kirda, E., and Vigna, G. PiOS: detecting privacy leaks in iOS applications. In NDSS (2011).Google Scholar
- Enck, W. Defending users against smartphone apps: Techniques and future directions. In ICISS (2011). Google ScholarDigital Library
- Enck, W., Gilbert, P., Chun, B.-G., Cox, L. P., Jung, J., McDaniel, P., and Sheth, A. N. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In OSDI (2010). Google ScholarDigital Library
- Enck, W., Octeau, D., McDaniel, P., and Chaudhuri, S. A study of Android application security. In USENIX Security (2011). Google ScholarDigital Library
- Enck, W., Ongtang, M., and McDaniel, P. On lightweight mobile phone application certification. In CCS (2009). Google ScholarDigital Library
- Enck, W., Ongtang, M., and McDaniel, P. Understanding Android security. IEEE S&P Magazine (Jan/Feb 2009). Google ScholarDigital Library
- Felt, A., Chin, E., Hanna, S., Song, D., and Wagner, D. Android permissions demystified. In CCS (2011). Google ScholarDigital Library
- Felt, A., Finifter, M., Chin, E., Hanna, S., and Wagner, D. A survey of mobile malware in the wild. In SPSM (2011). Google ScholarDigital Library
- Felt, A. P., Wang, H. J., Moshchuk, A., Hanna, S., and Chin, E. Permission re-delegation: Attacks and defenses. In USENIX Security (2011). Google ScholarDigital Library
- Gamma, E., Helm, R., Johnson, R., and Vlisides, J. Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, 1995. Google ScholarDigital Library
- Geer Jr., D. E., and Yung, M. Split-and-delegate: Threshold cryptography for the masses. In FC (2002). Google ScholarDigital Library
- Goldberg, I., Mashatan, A., and Stinson, D. On message recognition protocols: Recoverability and explicit confirmation. International Journal of Applied Cryptography 2, 2 (2010). Google ScholarDigital Library
- Grace, M., Zhou, Y., Wang, Z., and Jiang, X. Systematic Detection of Capability Leaks in Stock Android Smartphones. In NDSS (2012).Google Scholar
- Hornyack, P., Han, S., Jung, J., Schechter, S., and Wetherall, D. These aren't the droids you're looking for: retrofitting Android to protect data from imperious applications. In CCS (2011). Google ScholarDigital Library
- Lucks, S., Zenner, E., Weimerskirch, A., and Westhoff, D. Concrete security for entity recognition: The Jane Doe protocol. In INDOCRYPT (2008). Google ScholarDigital Library
- Ongtang, M., McLaughlin, S., Enck, W., and McDaniel, P. Semantically rich application-centric security in android. In ACSAC (2009). Google ScholarDigital Library
- Samuel, J., Mathewson, N., Cappos, J., and Dingledine, R. Survivable key compromise in software update systems. In CCS (2010). Google ScholarDigital Library
- Shoup, V. Practical threshold signatures. In EUROCRYPT (2000). Google ScholarDigital Library
- Six, J. Application Security for the Android Platform: Processes, Permissions, and Other Safeguards. O'Reilly Media, 2011.Google Scholar
- van Oorschot, P., and Wurster, G. Reducing unauthorized modification of digital objects. IEEE Transactions on Software Engineering 38, 1 (2012). Google ScholarDigital Library
- Zhou, Y., Wang, Z., Zhou, W., and Jiang, X. Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In NDSS (2012).Google Scholar
Index Terms
- Understanding and improving app installation security mechanisms through empirical analysis of android
Recommendations
Inter-app communication between Android apps developed in app-inventor and Android studio
MOBILESoft '16: Proceedings of the International Conference on Mobile Software Engineering and SystemsCommunications between mobile apps are an important aspect of mobile platforms. Android is specifically designed with inter-app communication in mind and depends on this to provide different platform specific functionalities. Android Apps can either be ...
An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide WebWith the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
Android: Changing the Mobile Landscape
The mobile phone landscape changed last year with the introduction of smart phones running Android, a platform marketed by Google. Android phones are the first credible threat to the iPhone market. Not only did Google target the same consumers as iPhone,...
Comments