Safety First - Android sicher programmieren! Benjamin Reimold & Stephan Linzner

Similar documents
Security Philosophy. Humans have difficulty understanding risk

6.858 Quiz 2 Review. Android Security. Haogang Chen Nov 24, 2014

Android Security Lab WS 2013/14 Lab 2: Android Permission System

Lecture 08. Android Permissions Demystified. Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner. Operating Systems Practical

Android framework. How to use it and extend it

The Broadcast Class Registration Broadcast Processing

Services Broadcast Receivers Permissions

Permissions. Lecture 18

2 Lecture Embedded System Security A.-R. Darmstadt, Android Security Extensions

The Case for Security Enhanced (SE) Android. Stephen Smalley Trusted Systems Research National Security Agency

Android System Architecture. Android Application Fundamentals. Applications in Android. Apps in the Android OS. Program Model 8/31/2015

Scippa: System-Centric IPC Provenance on Android

Android permissions Defining and using permissions Component permissions and related APIs

Chapter 5 Defining the Manifest

Lecture 3 Android Internals

CS Android. Vitaly Shmatikov

Labels and Information Flow

Mobile Application Development Android

OAuth securing the insecure

LECTURE 12 BROADCAST RECEIVERS

Android Fundamentals - Part 1

Lecture 3 MOBILE PLATFORM SECURITY

The Intent Class Starting Activities with Intents. Explicit Activation Implicit Activation via Intent resolution

PAPER ON ANDROID ESWAR COLLEGE OF ENGINEERING SUBMITTED BY:

Application Virtualization and Desktop Security

Outline. V Computer Systems Organization II (Honors) (Introductory Operating Systems) Language-based Protection: Solution

Services are software components designed specifically to perform long background operations.

Privilege Escalation

OFFLINE MODE OF ANDROID

SHWETANK KUMAR GUPTA Only For Education Purpose

Mobile Programming Lecture 10. ContentProviders

Lecture 10. Denial of Service Attacks (cont d) Thursday 24/12/2015

EMBEDDED SYSTEMS PROGRAMMING Android Services

Android Services & Local IPC: Overview of Programming Bound Services

Android Application Sandbox. Thomas Bläsing DAI-Labor TU Berlin

Lecture 2 Android SDK

Mobile Application Development Android

Upgrading Your Android, Elevating My Malware:

White Paper. Secure Coding for Android Applications

Windows Phone 8 Security

CMSC436: Fall 2013 Week 4 Lab

Secure Coding for Android Applications

The Intent Class Starting Activities with Intents. Explicit Activation Implicit Activation via Intent resolution

Applications Mobiles et Internet des Objets Introduction a l architecture d Android

Mobile Application Development Android

Identity-based Access Control

Minds-on: Android. Session 1

Android Services & Local IPC: The Command Processor Pattern (Part 1)

Practical DIFC Enforcement on Android

UnCovert: Evaluating thermal covert channels on Android systems. Pascal Wild

MATT JONES HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING END-TO-END ENCRYPTION

Top 10 Database Security Threats and How to Stop Them. Rob Rachwald Director of Security Strategy

Android Internals. Lecture 3. Operating Systems Practical. 19 October 2016

Security and the.net Framework

Security and the.net Framework

OS security mechanisms:

CS378 -Mobile Computing. Intents

Work with the Outreach App. Schoolwires Centricity2

Confinement (Running Untrusted Programs)

OS Security III: Sandbox and SFI

Intents and Intent Filters

SPIN Operating System

CSCI 420: Mobile Application Security. Lecture 7. Prof. Adwait Nadkarni. Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger

Mobile Application Development Android

Towards Application Security on Untrusted Operating Systems

Mobile Computing. Introduction to Android

Managing SSL/TLS Traffic Flows

Instructions on Yealink s SDK for Yealink T5 Smart Business Phone Series. Instructions on Yealink s SDK for Yealink T5 Smart Business Phone Series

Data storage and exchange in Android

Android System Development Day-4. Team Emertxe

Lab 3: Editing a Rhapsody Model in RMM

The Pennsylvania State University. The Graduate School. Department of Computer Science and Engineering. A Thesis in. Computer Science and Engineering

Helping Developers Construct Secure Mobile Applications. Erika Michelle Chin

Ethical Hacking Guide 2017

Security for Mobile Instant Messaging

MarkLogic Server. Security Guide. MarkLogic 9 May, Copyright 2017 MarkLogic Corporation. All rights reserved.

FlowFence: Practical Data Protection for Emerging IoT Application Frameworks

Oracle Database Security - Top Things You Could & Should Be Doing Differently

Security and privacy in your embedded systems

Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan. Stanford University, Chalmers University of Technology

Why secure the OS? Operating System Security. Privilege levels in 80X86 processors. The basis of protection: Seperation. Privilege levels - A problem

Last time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control

OneDrive for Business

QuantDroid: Quantitative Approach towards Mitigating Privilege Escalation on Android

WHITE PAPER MICRO-SEGMENTATION. illumio.com

Introduction to application framework

C1: Define Security Requirements

Race Condition Vulnerability Lab

Databases - Transactions II. (GF Royle, N Spadaccini ) Databases - Transactions II 1 / 22

Advanced Systems Security: Virtual Machine Systems

Lecture 1 - Introduction to Android

Android Application Development

Secure Architecture Principles

Kepware Whitepaper. Leveraging KEPServerEX and Kepware s New Security Policies Plug-In to Meet Your Security Requirements. By Tony Paine.

8/3/17. Encryption and Decryption centralized Single point of contact First line of defense. Bishop

Laying a Secure Foundation for Mobile Devices. Stephen Smalley Trusted Systems Research National Security Agency

Requirements from the Application Software Extended Package for Web Browsers

Tabular Presentation of the Application Software Extended Package for Web Browsers

(a) Which of these two conditions (high or low) is considered more serious? Justify your answer.

Automatically persisted among application sessions

Transcription:

2011 Safety First - Android sicher programmieren! Benjamin Reimold & Stephan Linzner 7th July, 2011

Introducing Stephan Linzner Benjamin Reimold Freelance Software Engineer Mobile Developer Founder of Stuttgart GTUG Bachelor-Thesis 2011 (DH Stuttgart) Mobile Developer Member of Stuttgart GTUG Contact: @onlythoughtwork XING, Facebook onlythoughtworks@gmail.com Contact: @elektrojunge XING benjamin.reimold@aformatik.de

Agenda The android security model How to obtain information about installed apps Responsibility ahead! We re not done, yet! Conclusion

How android works

Android security model

Coarse-grained security model Process isolation enforced by underlying linux kernel Desktop == single UID Android == UID per application Components always launched with UID of application owner Applications signed with the same key can run with the same UID Communication of android components via Binder IPC

Coarse-Grained security model Sandboxing Resources can be accessed by the owning application only Each application running in it s own VM Binder IPC to relax strict process boundaries (Broadcast-) Intents, Services, Content Providers, AIDL interfaces to exchange data

Coarse-grained security model Signing of applications Android uses a new reputation approach for code signing Responsibility of the developer Developers build trust by building good applications

Fine-grained security model Permissions "A permission is a mechanism that enforces restrictions on the specific operations that a particular process can perform" End-user model

Permission Types adb shell pm list permissions -s System permissions <uses-permission /> Custom permissions <permission /> Permission groups <permission-group /> Permission trees <permission-tree />

How to obtain information about installed apps

PackageManager utility methods Can be retrieved by calling Context.getPackageManager() Gather information about installed applications getinstalledpackages(int flags) getinstalledapplications(int flags) getlaunchintentforpackage(string packagename)

ActivityManager utility methods Gather information about running tasks getrecenttasks(int maxnum, int flags) if the App has GET_TASKS permission Use ActivityManager.RecentTask class to get the base Intent of an Activity

Hello World Activity Manager! Components are exported when... Declaring an IntentFilter Exporting a component explicitly using android:exported Good News: Components are private by default

Intents Intents don t enforce security policy themselves, they are just messengers Never put sensitive data i.e. password "into" an Intent! Tip: Limit the scope of your Intent by adding categories!

IntentFilters IntentFilters do not filter malicious Intents! Attackers can raise priority of their IntentFilter IntentFilter.setPriority(int priority) android:priority attribute Be specific! Add Actions/Categories and Data filters to your IntentFilters to permit Intents to pass and save you from unwanted consequences

Activities Use <activity android:permission= "de.otw.android.harm_user_data"/> Permissions are checked during Activity.startActivity() or Activity.startActivityForResult(); If the caller does not have the required permission then SecurityException will be thrown (same as Context.enforceCallingPermissions()) Tip: Show a dialog to the user!

Services Client: Use Intent.setComponent() to explicitly specify the service Beware when using Binder interfaces! Check permission in ServiceConnection callback using the PackageManager before the exchange of sensitive data Control access with Binder utility methods + Context.check*Permission() methods when using an IInterface (i.e. with RemoteCallableList)

Services Server Enforce permission with <service android:permission /> Finer access control, when using a Binder and Context utility methods

BroadcastReceiver Receiver Enforce permission by using android:permission attribute in the <receiver /> - Tag and ActivityManager will take care Sender Take control who will receive your Intent --> Common source of data leakage Enforce a permission by using Context.sendBroadcast(Intent intent, String receiverpermission) Tip: Don t use sticky broadcasts for sensitive data!

ContentProvider Beware when using ContentProvider internally, explicitly set android:exported="false" Separate read and write permissions android:readpermission android:writepermission android:permission Use <path-permission>-tag to control access to specific uris

ContentProviders Enable uri access for all resources with android:granturipermission="true" Use <grant-uri-permission /> to gain more granular control over Normal use via Intent.FLAG_GRANT_READ_URI_PERMISSION or Intent.FLAG_GRANT_WRITE_URI_PERMISSION Implement your own policy with granturipermission() & revokeuripermission()

ContentProviders Tips: Always check any received data (Intents, Binder Interfaces), which you use in ContentProvider/SQLiteDatabaseHelper queries Clearly separate SQL Statement and the data it contains, use parameterized queries! Make your selection fields final to avoid accidental contamination Completely avoid selections, defining CONTENT_URIs only!

File I/O Files, DB and shared preferences can be created with a Permission ( >> SKYPE! ) Context.MODE_PRIVATE Context.MODE_WORLD_READABLE Context.MODE_WORLD_WRITEABLE

File I/O Tips: Think about the consequences when creating files (sensitive data, permissions), especially if making a file world readable! Ask the user to grant a permission if you do so! Don t store sensitive data on the SD Card/DB unless it is encrypted! (store the key inside the private file area)

You are responsible! Consider how you will keep user's data safe! Protect all user input & data to prevent data leakage! Require a permission or show a dialog to the user that another component is about to access his data! Deal with bad input parameters (i.e. Intent data, queries on ContentProvider)! Minimize application permissions because it minimizes the consequences of potential security flaws!

Android in Stuttgart Article in Android360 2.11! Stuttgart GTUG http://stuttgart.gtugs.org SIG Android http://jugs.de/sig-android.html

?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback