Kathy Wain Yee Au
ABSTRACT
Modern smartphone operating systems (OSs) have been developed with a greater emphasis on security and protecting privacy. One of the mechanisms these systems use to protect users is a permission system, which requires developers to declare what sensitive resources their applications will use, has users agree with this request when they install the application and constrains the application to the requested resources during runtime. As these permission systems become more common, questions have risen about their design and implementation. In this paper, we perform an analysis of the permission system of the Android smartphone OS in an attempt to begin answering some of these questions. Because the documentation of Android's permission system is incomplete and because we wanted to be able to analyze several versions of Android, we developed PScout, a tool that extracts the permission specification from the Android OS source code using static analysis. PScout overcomes several challenges, such as scalability due to Android's 3.4 million line code base, accounting for permission enforcement across processes due to Android's use of IPC, and abstracting Android's diverse permission checking mechanisms into a single primitive for analysis.
We use PScout to analyze 4 versions of Android spanning version 2.2 up to the recently released Android 4.0. Our main findings are that while Android has over 75 permissions, there is little redundancy in the permission specification. However, if applications could be constrained to only use documented APIs, then about 22% of the non-system permissions are actually unnecessary. Finally, we find that a trade-off exists between enabling least-privilege security with fine-grained permissions and maintaining stability of the permission specification as the Android OS evolves.
- K. W. Y. Au, Y. F. Zhou, Z. Huang, P. Gill, and D. Lie. Short paper: A look at smartphone permission models. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), pages 63--68, Oct. 2011. Google Scholar
Digital Library
- T. Ball, R. Majumdar, T. Millstein, and S. K. Rajamani. Automatic predicate abstraction of C programs. In Proceedings of the 2001 ACM Conference on Programming Language Design and Implementation (PLDI), pages 203--213, June 2001. Google ScholarDigital Library
- D. Barrera, H. Kayacik, P. van Oorschot, and A. Somayaji. A methodology for empirical analysis of permission-based security models and its application to Android. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS), Oct. 2010. Google ScholarDigital Library
- A. Bartel, J. Klein, M. Monperrus, and Y. Le Traon. Automatically securing permission-based software by reducing the attack surface: An application to Android. Technical report, University of Luxembourg, SNT, 2011. Tech Report.Google Scholar
- L. Batyuk, M. Herpich, S. Camtepe, K. Raddatz, A. Schmidt, and S. Albayrak. Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications. In Proceedings of the 6th International Conference on Malicious and Unwanted Software (MALWARE), pages 66--72, Oct. 2011. Google ScholarDigital Library
- A. Bose, X. Hu, K. G. Shin, and T. Park. Behavioral detection of malware on mobile handsets. In Proceedings of the 6th International Conference on Mobile Systems, Applications and Services (MobiSys), pages 225--238, June 2008. Google ScholarDigital Library
- I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani. Crowdroid: Behavior-based malware detection system for Android. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), pages 15--26, Oct. 2011. Google ScholarDigital Library
- A. Chaudhuri. Language-based security on Android. In Proceedings of the ACM Fourth Workshop on Programming Languages and Analysis for Security (PLAS), pages 1--7, 2009. Google ScholarDigital Library
- J. C. Corbett, M. B. Dwyer, J. Hatcli , S. Laubach, C. S. Pasareanu, Robby, and H. Zheng. Bandera: Extracting finite-state models from Java source code. In Proceedings of the 22nd International Conference on Software Engineering (ICSE), pages 439--448, June 2000. Google ScholarDigital Library
- J. Dean, D. Grove, and C. Chambers. Optimization of object-oriented programs using static class hierarchy analysis. In Proceedings of the 9th European Conference on Object-Oriented Programming (ECOOP), pages 77--101, Aug. 1995. Google ScholarDigital Library
- W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (OSDI), pages 393--407, Oct. 2010. Google ScholarDigital Library
- W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of Android application security. In Proceedings of the 20th USENIX Security Symposium, pages 21--36, Aug. 2011. Google ScholarDigital Library
- W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), pages 235--245, Nov. 2009. Google ScholarDigital Library
- A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), pages 627--638, Oct. 2011. Google ScholarDigital Library
- A. P. Felt, K. Greenwood, and D. Wagner. The effectiveness of application permissions. In Proceedings of the 2nd USENIX Conference on Web Application Development, pages 7--18, June 2011. Google ScholarDigital Library
- A. P. Felt, H. Wang, A. Moshchuk, S. Hanna, and E. Chin. Permission re-delegation: Attacks and defenses. In Proceedings of the 20th USENIX Security Symposium, pages 22--37, Aug. 2011. Google ScholarDigital Library
- T. A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In Proceedings of the 29th ACM Symposium on Principles of Programming Languages (POPL), pages 58--70, Jan. 2002. Google ScholarDigital Library
- P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall. "These aren't the droids you're looking for": Retrofitting Android to protect data from imperious applications. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), pages 639--652, Oct. 2011. Google ScholarDigital Library
- D. Lie, A. Chou, D. Engler, and D. Dill. A simple method for extracting models from protocol code. In Proceedings of the 28th International Symposium on Computer Architecture (ISCA), pages 192--203, July 2001. Google ScholarDigital Library
- R. Vallee-Rai, P. Co, E. Gagnon, L. Hendren, P. Lam, and V. Sundaresan. Soot - a Java bytecode optimization framework. In Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research, CASCON '99, page 13. IBM Press, 1999. Google ScholarDigital Library
- T. Vidas, N. Christin, and L. Cranor. Curbing Android permission creep. In Proceedings of the Web 2.0 Security and Privacy 2011 workshop (W2SP 2011), Oakland, CA, May 2011.Google Scholar
Index Terms
- PScout: analyzing the Android permission specification
Recommendations
Android permissions demystified
CCS '11: Proceedings of the 18th ACM conference on Computer and communications securityAndroid provides third-party applications with an extensive API that includes access to phone hardware, settings, and user data. Access to privacy- and security-relevant parts of the API is controlled with an install-time application permission system. ...
MAPPER: Mapping Application Description to Permissions
Risks and Security of Internet and SystemsAbstractAndroid operating system has seen phenomenal growth, and Android Applications (Apps) have proliferated into mainstream usage across the globe. Are users informed by the developers about everything an App does when they consent to install an App ...
Information flows as a permission mechanism
ASE '14: Proceedings of the 29th ACM/IEEE International Conference on Automated Software EngineeringThis paper proposes Flow Permissions, an extension to the Android permission mechanism. Unlike the existing permission mechanism, our permission mechanism contains semantic information based on information flows. Flow Permissions allow users to examine ...
Comments