Lecture 08. Android Permissions Demystified. Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner. Operating Systems Practical

Similar documents
Security Philosophy. Humans have difficulty understanding risk

Android System Architecture. Android Application Fundamentals. Applications in Android. Apps in the Android OS. Program Model 8/31/2015

Android Permissions Demystified

PAPER ON ANDROID ESWAR COLLEGE OF ENGINEERING SUBMITTED BY:

SHWETANK KUMAR GUPTA Only For Education Purpose

Lecture 2 Android SDK

Android App Development. Muhammad Sharjeel COMSATS Institute of Information Technology, Lahore

2 Lecture Embedded System Security A.-R. Darmstadt, Android Security Extensions

Introduction. Lecture 1. Operating Systems Practical. 5 October 2016

Minds-on: Android. Session 1

Android Overview. Most of the material in this section comes from

6.858 Quiz 2 Review. Android Security. Haogang Chen Nov 24, 2014

Another difference is that the kernel includes only the suspend to memory mechanism, and not the suspend to hard disk, which is used on PCs.

Lecture 1 Introduction to Android. App Development for Mobile Devices. App Development for Mobile Devices. Announcement.

Introduction To Android

Permissions. Lecture 18

Android Fundamentals - Part 1

Android Internals and the Dalvik VM!

Android App Development

Android Ecosystem and. Revised v4presenter. What s New

Developer s overview of the Android platform

Android. Mobile operating system developed by Google A complete stack. Based on the Linux kernel Open source under the Apache 2 license

STUDY OF PRIVILEGE ESCALATION ATTACK ON ANDROID AND ITS COUNTERMEASURES

Lecture 1 - Introduction to Android

CS260 Intro to Java & Android 04.Android Intro

QuantDroid: Quantitative Approach towards Mitigating Privilege Escalation on Android

Introduction to Android

EMBEDDED SYSTEMS PROGRAMMING Application Basics

Android permissions Defining and using permissions Component permissions and related APIs

COSC 3P97 Mobile Computing

Safety First - Android sicher programmieren! Benjamin Reimold & Stephan Linzner

Static Verification of Android Security

CS 403X Mobile and Ubiquitous Computing Lecture 5: Web Services, Broadcast Receivers, Tracking Location, SQLite Databases Emmanuel Agu

Android App Development. Ahmad Tayeb

Android ATC Android Security Essentials Course Code: AND-402 version 5 Hands on Guide to Android Security Principles

Mobile Computing. Introduction to Android

Introduction to Android

CSCU9YH Development with Android

Questions and Answers. Q.1) Which of the following is the most ^aeuroeresource hungry ^aeuroepart of dealing with activities on android?

RUNTIME PERMISSIONS IN ANDROID 6.0 Lecture 10a

File Synchronization using API Google Drive on Android Operating System

ITG Software Engineering

Mobile Application Development - Android

Android framework. How to use it and extend it

Programming with Android: System Architecture. Dipartimento di Scienze dell Informazione Università di Bologna

Android. Operating System and Architecture. Android. Screens. Main features

Chapter 5 Defining the Manifest

Introduction to Android

Mobile development initiation

Programming with Android: System Architecture. Dipartimento di Scienze dell Informazione Università di Bologna

1. What are the key components of Android Architecture? 2. What are the advantages of having an emulator within the Android environment?

Android. Lesson 1. Introduction. Android Developer Fundamentals. Android Developer Fundamentals. to Android 1

Mobile Platform Security Architectures A perspective on their evolution

Introduction What is Android?

Introduction to Android Android Smartphone Programming. Outline University of Freiburg. What is Android? Background University of Freiburg.

Why Android? Why Android? Android Overview. Why Mobile App Development? 20-Nov-18

Android Overview. Francesco Mercaldo, PhD

SD Module- Android Programming

ANDROID SYLLABUS. Advanced Android

Application Fundamentals

Mobile Application Development Android

Mobile Computing LECTURE # 2

Ariadnima - Android Component Flow Reconstruction and Visualization

Mobile OS. Symbian. BlackBerry. ios. Window mobile. Android

Firefox OS App Days. Overview and High Level Architecture. Author: José M. Cantera Last update: March 2013 TELEFÓNICA I+D

Understand applications and their components. activity service broadcast receiver content provider intent AndroidManifest.xml

Automated Assessment of Security Risks for Mobile Applications

Language-Based Security on Android (call for participation) Avik Chaudhuri

PScout: Analyzing the Android Permission Specification. Kathy Wain Yee Au

An Enhanced Security Policy Framework for Android

CS378 -Mobile Computing. Intents

IGEEKS TECHNOLOGIES. Software Training Division. Academic Live Projects For BE,ME,MCA,BCA and PHD Students

Produced by. Mobile Application Development. David Drohan Department of Computing & Mathematics Waterford Institute of Technology

Android Programming (5 Days)

Lecture Embedded System Security

Identity-based Access Control

Open Mobile Platforms. EE 392I, Lecture-6 May 4 th, 2010

OWASP German Chapter Stammtisch Initiative/Ruhrpott. Android App Pentest Workshop 101

Scippa: System-Centric IPC Provenance on Android

Software Development & Education Center ANDROID. Application Development

Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints

Lecture 2 PLATFORM SECURITY IN ANDROID OS

Lecture 3 Android Internals

CS378 -Mobile Computing. Services and Broadcast Receivers

IJRDTM Kailash ISBN No Vol.17 Issue

CS Android. Vitaly Shmatikov

Multiple Activities. Many apps have multiple activities

MC Android Programming

Android Application Sandbox. Thomas Bläsing DAI-Labor TU Berlin

Mobile Application Development

Mobile Application Development Android

Praktikum Mobile und Verteilte Systeme. Android-Basics. Prof. Dr. Claudia Linnhoff-Popien André Ebert, Sebastian Feld

Android Development Tutorial. Yi Huang

ANDROID APPS (NOW WITH JELLY BEANS!) Jordan Jozwiak November 11, 2012

Research on Improving performance and Battery Backup of Android Mobile with help of Cyanogen Mod, and latest kernel

Reconstructing DALVIK. Applications. Marc Schönefeld CANSECWEST 2009, MAR18

Mobile Application Development Android

COLLEGE OF ENGINEERING, NASHIK-4

Permission Analysis of Health and Fitness Apps in IoT Programming Frameworks

Embedded Systems Programming - PA8001

Transcription:

Lecture 08 Android Permissions Demystified Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner Operating Systems Practical 20 November, 2013 OSP Lecture 08, Android Permissions Demystified 1/42

Introduction Android Permission System Stowaway Keywords Questions OSP Lecture 08, Android Permissions Demystified 2/42

Outline Introduction Android Permission System Stowaway Keywords Questions OSP Lecture 08, Android Permissions Demystified 3/42

Context Android OS security Coarse permission model A lot of research on Android permissions Applications with unnecessary permissions Paper doesn t focus on the malicious use of permissions OSP Lecture 08, Android Permissions Demystified 4/42

Android Applications Java source code compiled into.dex byte-code file.dex file + Manifest file + resources =.apk archive Application isolation system level security Linux process, address space VM (Dalvik Virtual Machine) for each application unique Linux user ID direct access only to its own data API-based access to other apps resources Not a single entry-point (no main) Applications can start each other Based on Components and Intents OSP Lecture 08, Android Permissions Demystified 5/42

Dalvik Virtual Machine.dex - Dalvik Executable format Dalvik is optimised for mobile architectures low memory consumption Dex results in smaller binaries than JAR register-based architecture (JVM is stack-based) Java VM cannot execute Dalvik code 16-bit instructions copy-on-write memory sharing dx cross-compiler - works with javac output (oracle and openjdk, but not GCJ or other java compilers) OSP Lecture 08, Android Permissions Demystified 6/42

Compiling Applications OSP Lecture 08, Android Permissions Demystified 7/42

Android Architecture OSP Lecture 08, Android Permissions Demystified 8/42

Components: Activity Extends Activity base class User interfaces: UI elements(buttons, lists) and user input User interacts with one activity at a time Independent life-cycle, 4 states active (running) paused stopped - still resides in memory killed - removed from memory Activities stack Activities can launch other activities OSP Lecture 08, Android Permissions Demystified 9/42

Components: Service Extends Service base class Background processing It runs by default in the same process as the application Can provide functionality also for other applications OSP Lecture 08, Android Permissions Demystified 10/42

Components: Broadcast Receiver Extends BroadcastReceiver base class Receive broadcast announcements, example: low battery, changed phone settings React to messages: start an activity or use NotificationManager Static registration - specified in the Manifest file Dynamic registration - Context.registerReceiver() Active only while it s responding to a broadcast message, no need to shut it down. OSP Lecture 08, Android Permissions Demystified 11/42

Components: Content Provider Store and Share applications data Required when sharing data between multiple applications Must be declared in the Manifest file Accessed with ContentResolver using URIs Uses relational databases Active only while it s responding to a request from a ContentResolver, no need to shut it down explicitly OSP Lecture 08, Android Permissions Demystified 12/42

Inter-Component Communication Intents Extend Intent class Used for inter-component signaling Used for starting activities, services and sending broadcast messages IntentFilters specified in the Manifest file Contain actions to be performed and data for these actions Example: action = make a phone call, data = phone number ContentProviders do not use intents OSP Lecture 08, Android Permissions Demystified 13/42

AndroidManifest XML configuration file Every application must have it Contains: application s name, icon, labels linked libraries application components: <activity>, <service>, <receiver>, <provider> tags Activity shown at launch time Intent filters Permissions OSP Lecture 08, Android Permissions Demystified 14/42

AndroidManifest Example Panoramio App: OSP Lecture 08, Android Permissions Demystified 15/42

Outline Introduction Android Permission System Stowaway Keywords Questions OSP Lecture 08, Android Permissions Demystified 16/42

Application Framework Security Android Framework Security Mandatory Access Control(MAC) enforced by middleware Components protected using access permission labels declared in the AndroidManifest file can not be changed after installation 4 protection levels normal - always granted dangerous - requires user approval signature - matching certificate signature or system - matching certificate with system image OSP Lecture 08, Android Permissions Demystified 17/42

Permissions At install-time each application requests a list of permissions All permissions must be granted at install time - all or nothing Protect access to Android components, services and APIs e.g API for access to phone s hardware 130 API-defined permissions in Manifest.Permissions class 1 Custom-defined permissions by developers name conflicts may appear current research on Android permissions doesn t take them into consideration 1 http://developer.android.com/reference/android/manifest.permission.html OSP Lecture 08, Android Permissions Demystified 18/42

Permissions in AndroidManifest for components activity restricts access to the activity checked when starting activity throw SecurityException if caller does not have required permission service restricts who can start, stop or bind to the service receiver restricts who can send broadcasts to the BroadcastReceiver checked at delivery, after broadcast was sent does not throw exception in case of permission failure provider restrict who can access the data read and write permissions checked when performing operations(e.g. query, insert) OSP Lecture 08, Android Permissions Demystified 19/42

Permissions in source code Broadcast permissions permission label as parameter to the sending method (sendbroadcast) Direct permission check checkpermission methods check against PID, package name URI Permissions Provide finer control over content sharing Record level delegation Set flags in the Intent that allow access (e.g. Intent.FLAG GRANT READ URI PERMISSION) example: view mail attachments OSP Lecture 08, Android Permissions Demystified 20/42

User Attention, Comprehension, and Behavior Usability study by the same authors Are users paying attention to the permissions? Do users understand the permissions? Can users make correct security decisions? Results: too few users comprehend or pay attention security risks OSP Lecture 08, Android Permissions Demystified 21/42

Outline Introduction Android Permission System Stowaway Keywords Questions OSP Lecture 08, Android Permissions Demystified 22/42

Stowaway The problem: unnecessary use of permissions The proposed solution: static analysis of API calls Permission map - identifies permissions for Intents, Content Provides, API calls Stowaway tool - determines if an app is overprivileged or not 2011 paper research performed on Android 2.2 SDK OSP Lecture 08, Android Permissions Demystified 23/42

Permission Map Map of permissions for each method in the Android API Log permission checks modified middleware Test cases for API calls, Intents, Content Providers OSP Lecture 08, Android Permissions Demystified 24/42

Permission Map: API Calls Feedback-Directed Testing Randoop unit test generator receives a list of classes as input tries to cover all possible combinations of calls use return values as parameters for other methods limitations find an object of the correct type needed to invoke a method object created through API calls with specific parameters methods precede each other in a very specific order native code generate segmentation faults if called out of order OSP Lecture 08, Android Permissions Demystified 25/42

Permission Map: API Calls Customizable Test Case Generation custom tool for building methods unit tests list of method signatures as input outputs at least one unit test for each method allows manual adjustments of test sequences - order, parameters OSP Lecture 08, Android Permissions Demystified 26/42

Permission Map: API Calls Manual Verification solves inconsistencies argument-dependent permission requirment API calls order-dependent test cases with and without permissions identified methods that require INTERNET permission tests run until no security exceptions appeared OSP Lecture 08, Android Permissions Demystified 27/42

Permission Map: Content Providers and Intents Content Providers collected all URIs test operations: query, insert, update, delete run test with and without permissions tests run until no security exceptions appeared Intents send/receive between a pair of applications searched API for all Intent action strings tested all Intent action on the pair of apps triggered system broadcasts OSP Lecture 08, Android Permissions Demystified 28/42

Permission Map Results 85% coverage of Android 2.2 API Proves the limitation of Android documentation of permissions 1259 API calls with permission checks only 78 methods with permission requirements in the documentation documentation for 6 API calls is incorrect Characterized how permissions are distributed in the API system permissions, hierarchical permissions, unused permissions number of checks, permissions granularity Distribution of permissions per classes OSP Lecture 08, Android Permissions Demystified 29/42

Stowaway: Overview Available online for testing overprivileged applications Parses applications API calls Identifies which declared permissions are actually needed OSP Lecture 08, Android Permissions Demystified 30/42

Application analysis Dissasembles Dexfiles - Dedexer tool easy to parse method calls Identifies API calls Identifies Content Provider URIs Uses ComDroid for Intents OSP Lecture 08, Android Permissions Demystified 31/42

Application analysis: API calls Dex files parsing Identifies calls to API methods Problems Java Reflection use heuristics Internet and External Storage permissions enforced by the kernel not the middleware checker Stowaway parses the app s XML files OSP Lecture 08, Android Permissions Demystified 32/42

Application analysis: Content Providers Parses URI strings detects strings with content:// detects URI API constants Cannot know the exact database operation from the URI OSP Lecture 08, Android Permissions Demystified 33/42

Application analysis: Intents Uses ComDroid static analysis tool 2 ComDroid tracks Intents For each Intent Stowaway checks permission to send Intent permission to receive Intent 2 developed by the same authors - http://www.comdroid.org/ OSP Lecture 08, Android Permissions Demystified 34/42

Evaluation Testbed of 940 applications 40 apps - Stowaway vs manual analysis 900 apps - automated analysis 7% false positives rate 35% applications were found to be overprivileged 56% declare one extra permission 94% have 4 or fewer extra permissions OSP Lecture 08, Android Permissions Demystified 35/42

Unncessary permissions Most common unnecessary permissions: Usage - the percentage of applications that request the permission. OSP Lecture 08, Android Permissions Demystified 36/42

Developer errors Confusing permission names request permissions in pairs when only one is required Deputies - app sends Intent to another app the deputy app requires the permission the sender app doesn t need to declare the permission e.g. INSTALL PACKAGES - Google Play app installs packages camera, browser, phone dialer OSP Lecture 08, Android Permissions Demystified 37/42

Developer errors (2) Related Methods - getters and setters (read/write permissions) app uses only getters but declares the WRITE... permission Copy and Paste - copying incorrect examples Deprecated Permissions Testing Artifacts - used when developing and testing the app ACCESS MOCK LOCATION Declared intentionally - for automatic updates OSP Lecture 08, Android Permissions Demystified 38/42

Outline Introduction Android Permission System Stowaway Keywords Questions OSP Lecture 08, Android Permissions Demystified 39/42

Android operating system security permission system overpriviledged permission map API Calls Intents Content providers Randoop automated testing OSP Lecture 08, Android Permissions Demystified 40/42

Resources Stowaway http://android-permissions.org/ Research on Android permissions: http://www.cs.berkeley.edu/~afelt/ Understanding Android Security, William Enck, Machigar Ongtang, and Patrick McDaniel IEEE Security & Privacy Magazine, 7(1):50 57, January/February, 2009 Android Permissions: User Attention, Comprehension, and Behavior, Adrienne Porter Felt et al, Symposium on Usable Privacy and Security (SOUPS) 2012 Android Permissions documentation: http://developer.android.com/guide/topics/ security/permissions.html OSP Lecture 08, Android Permissions Demystified 41/42

Outline Introduction Android Permission System Stowaway Keywords Questions OSP Lecture 08, Android Permissions Demystified 42/42

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback