Adrienne Porter Felt
ABSTRACT
Android provides third-party applications with an extensive API that includes access to phone hardware, settings, and user data. Access to privacy- and security-relevant parts of the API is controlled with an install-time application permission system. We study Android applications to determine whether Android developers follow least privilege with their permission requests. We built Stowaway, a tool that detects overprivilege in compiled Android applications. Stowaway determines the set of API calls that an application uses and then maps those API calls to permissions. We used automated testing tools on the Android API in order to build the permission map that is necessary for detecting overprivilege. We apply Stowaway to a set of 940 applications and find that about one-third are overprivileged. We investigate the causes of overprivilege and find evidence that developers are trying to follow least privilege but sometimes fail due to insufficient API documentation.
- Amazon Appstore for Android. http://www.amazon.com/mobile-apps/b?ie=UTF8&node=2350149011.Google Scholar
- Android Developers Reference. http://developer.android.com/reference/.Google Scholar
- Android Market. http://www.android.com/market/.Google Scholar
- Artzi, S., Ernst, M., Kiezun, A., Pacheco, C., and Perkins, J. Finding the needles in the haystack: Generating legal test inputs for object-oriented programs. In Workshop on Model-Based Testing and Object-Oriented Systems (2006).Google Scholar
- Barrera, D., Kayacik, H., van Oorschot, P., and Somayaji, A. A methodology for empirical analysis of permission-based security models and its application to android. In Proc. of the ACM conference on Computer and Communications Security (2010). Google ScholarDigital Library
- Bodden, E., Sewe, A., Sinschek, J., and Mezini, M. Taming reflection: Static analysis in the presence of reflection and custom class loaders. Tech. Rep. TUD-CS-2010-0066, CASED, Mar. 2010.Google Scholar
- Boyapati, C., Khurshid, S., and Marinov, D. Korat: Automated testing based on Java predicates. In Proc. of the 2002 ACM SIGSOFT International Symposium on Software Testing and Analysis (2002). Google ScholarDigital Library
- Chin, E., Felt, A. P., Greenwood, K., and Wagner, D. Analyzing Inter-Application Communication in Android. In Proc. of the Annual International Conference on Mobile Systems, Applications, and Services (2011). Google ScholarDigital Library
- Csallner, C., and Smaragdakis, Y. JCrasher: an automatic robustness tester for Java. Software: Practice and Experience 34, 11 (2004). Google ScholarDigital Library
- Distimo. The battle for the most content and the emerging tablet market. http://www.distimo.com/blog/2011_04_the-battle-for-the-most-content-and-the-emerging-tablet-market.Google Scholar
- Enck, W., Octeau, D., McDaniel, P., and Chaudhuri, S. A Study of Android Application Security. In USENIX Security (2011). Google ScholarDigital Library
- Enck, W., Ongtang, M., and McDaniel, P. On lightweight mobile phone application certification. In Proc. of the ACM conference on Computer and Communications Security (2009). Google ScholarDigital Library
- Enck, W., Ongtang, M., and McDaniel, P. Understanding Android security. IEEE Security and Privacy 7, 1 (2009). Google ScholarDigital Library
- Enhanced JUnit. http://www.silvermark.com/Product/java/enhancedjunit/index.html.Google Scholar
- Felt, A. P., Greenwood, K., and Wagner, D. The Effectiveness of Application Permissions. In Proc. of the USENIX Conference on Web Application Development (2011). Google ScholarDigital Library
- Gibler, C., Crussell, J., Erickson, J., and Chen, H. AndroidLeaks: Detecting Privacy Leaks in Android Applications. Tech. rep., UC Davis, 2011.Google Scholar
- Hackborn, D. Re: List of private / hidden / system APIs? http://groups.google.com/group/android-developers/msg/a9248b18cba59f5a.Google Scholar
- Livshits, B., Whaley, J., and Lam, M. S. Reflection Analysis for Java. In Asian Symposium on Programming Languages and Systems (2005). Google ScholarDigital Library
- McCluskey, G. Using Java Reflection. http://java.sun.com/developer/technicalArticles/ALT/Reflection/, 1998.Google Scholar
- Pacheco, C., and Ernst, M. Randoop. http://code.google.com/p/randoop/.Google Scholar
- Pacheco, C., and Ernst, M. Eclat: Automatic generation and classification of test inputs. European Conference on Object-Oriented Programming (2005). Google ScholarDigital Library
- Pacheco, C., Lahiri, S., Ernst, M., and Ball, T. Feedback-directed random test generation. In Proc. of the International Conference on Software Engineering (2007). Google ScholarDigital Library
- Paller, G. Dedexer. http://dedexer.sourceforge.net.Google Scholar
- Sawin, J., and Rountev, A. Improving static resolution of dynamic class loading in java using dynamically gathered environment information. Automated Software Eng. 16 (June 2009), 357--381. Google ScholarDigital Library
- Stack Overflow. Broadcast Intent when network state has changend. http://stackoverflow.com/questions/2676044/broadcast-intent-when-network-state-has-changend.Google Scholar
- Vennon, T., and Stroop, D. Threat Analysis of the Android Market. Tech. rep., SMobile Systems, 2010.Google Scholar
- Vidas, T., Christin, N., and Cranor, L. Curbing Android Permission Creep. In W2SP (2011).Google Scholar
Index Terms
- Android permissions demystified
Recommendations
MAPPER: Mapping Application Description to Permissions
Risks and Security of Internet and SystemsAbstractAndroid operating system has seen phenomenal growth, and Android Applications (Apps) have proliferated into mainstream usage across the globe. Are users informed by the developers about everything an App does when they consent to install an App ...
SecuRank: Starving Permission-Hungry Apps Using Contextual Permission Analysis
SPSM '16: Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile DevicesCompetition among app developers has caused app stores to be permeated with many groups of general-purpose apps that are functionally-similar. Examples are the many flashlight or alarm clock apps to choose from. Within groups of functionally-similar ...
PERMITME: integrating android permissioning support in the IDE
ETX '14: Proceedings of the 2014 Workshop on Eclipse Technology eXchangeOne of the most common security & privacy issues concerning mobile applications is the unnecessary access to sensitive information and resources. In a mobile application platform like Android, where a permission mechanism is used to maintain access ...
Comments