Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android

A common security architecture, called the permission-based security model (used e.g. in Android and Blackberry), entails intrinsic risks. For instance, applications can be granted more permissions than they actually need, what we call a "permission gap". Malware can leverage the unused permissions for achieving their malicious goals, for instance using code injection. In this paper, we present an approach to detecting permission gaps using static analysis. Our prototype implementation in the context of Android shows that the static analysis must take into account a significant amount of platform-specific knowledge. Using our tool on two datasets of Android applications, we found out that a non negligible part of applications suffers from permission gaps, i.e. does not use all the permissions they declare

Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android

A common security architecture is based on the protection of certain resources by permission checks (used e.g., in Android and Blackberry). It has some limitations, for instance, when applications are granted more permissions than they actually need, which facilitates all kinds of malicious usage (e.g., through code injection). The analysis of permission-based framework requires a precise mapping between API methods of the framework and the permissions they require. In this paper, we show that naive static analysis fails miserably when applied with off-the-shelf components on the Android framework. We then present an advanced class-hierarchy and field-sensitive set of analyses to extract this mapping. Those static analyses are capable of analyzing the Android framework. They use novel domain specific optimizations dedicated to Android.Comment: IEEE Transactions on Software Engineering (2014). arXiv admin note: substantial text overlap with arXiv:1206.582

Vetting undesirable behaviors in android apps with permission use analysis

Android platform adopts permissions to protect sensitive resources from untrusted apps. However, after permissions are granted by users at install time, apps could use these permissions (sensitive resources) with no further restrictions. Thus, recent years have witnessed the explosion of undesirable behaviors in Android apps. An important part in the defense is the accurate analysis of Android apps. However, traditional syscall-based analysis techniques are not well-suited for Android, because they could not capture critical interactions between the application and the Android system. This paper presents VetDroid, a dynamic analysis platform for reconstructing sensitive behaviors in Android apps from a novel permission use perspective. VetDroid features a systematic frame-work to effectively construct permission use behaviors, i.e., how applications use permissions to access (sensitive) system resources, and how these acquired permission-sensitive resources are further utilized by the application. With permission use behaviors, security analysts can easily examine the internal sensitive behaviors of an app. Using real-world Android malware, we show that VetDroid can clearly reconstruct fine-grained malicious behaviors to ease malware analysis. We further apply VetDroid to 1,249 top free apps in Google Play. VetDroid can assist in finding more information leaks than TaintDroid [24], a state-of-the-art technique. In addition, we show howwe can use VetDroid to analyze fine-grained causes of information leaks that TaintDroid cannot reveal. Finally, we show that VetDroid can help identify subtle vulnerabilities in some (top free) applications otherwise hard to detect

Identification and analysis of free games\u27 permissions in Google Play

© 2015 IEEE. Smart phones are becoming more prevalent than ever, and so does the use of game applications for mobile phones. Android platform offers an attractive environment for game developers, as it is open source and it is supported by many of the available smart phones. This paper surveys, analyses, and identifies the most requested permissions when installing a new game application on Android. We base on this analysis to draw some conclusions and recommendations about how to recognize suspicious games or malware. The study focuses on Android free game applications and covers 530 games from Google Play. The study shows that \u27full Internet access\u27 is the most requested permission and that 60% of the requested permissions are of high risk. These results clearly call for more vigilance when installing new games/applications and mandate new solutions to secure Android applications and help end-users choose their games/applications safely

The Transitivity of Trust Problem in the Interaction of Android Applications

Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may interact, restricting single applications may create a false sense of security for the end users while data may still leave the mobile phone through other applications. Instead, the information flow needs to be policed for the composite system of applications in a transparent and usable manner. In this paper, we propose to employ static analysis based on the software architecture and focused data flow analysis to scalably detect information flows between components. Specifically, we aim to reveal transitivity of trust problems in multi-component mobile platforms. We demonstrate the feasibility of our approach with Android applications, although the generalization of the analysis to similar composition-based architectures, such as Service-oriented Architecture, can also be explored in the future

A New Protection for Android Applications

Today, Smartphones are very powerful, and many of its applications use wireless multimedia communications. Prevention from the external dangers (threats) has become a big concern for the experts these days. Android security has become a very important issue because of the free application it provides and the feature which make it very easy for anyone to develop and published it on Play store. Some work has already been done on the android security model, including several analyses of the model and frameworks aimed at enforcing security standards. In this article, we introduce a tool called PermisSecure that is able to perform both static and dynamic analysis on Android programs to automatically detect suspicious applications that request unnecessary or dangerous permissions

Android Malware Analysis Using Application Permissions

Smartphones are the most useful devices nowadays because they offer a lot of useful services besides the aspect of mobility that benefit the user even more. In addition, the most popular platform is Android, because it offers verity of thousands free applications and also because the platform is open source. In this case anybody can develop an application and then publishing it on the store. In this research, we are aiming to analyze 400 Android application samples taken from Google’s play store, in order to determine the percentage of having the malware behavior within the collected samples. A confirmed malware dataset will be collected as well and the analysis will be done in order to derive malware patterns (permissions) and then comparing the 400 application samples with the malware derived malware patterns based upon the permissions requested. However, a certain combination of some Android user permissions could create a malware behavior such as the ability to read user contacts and the permission of using the web browser. At this point we can determine that this application has a malware behavior, which can send the user contacts to a third-party server without the knowledge of the user, but this is needed to be confirmed by analyzing the application’s source code. After doing the analysis, we will be able to propose a framework to protect the user private data that will benefit the users and the application developers to avoid designing an application that request such dangerous permissions combination if possible

In-Vivo Bytecode Instrumentation for Improving Privacy on Android Smartphones in Uncertain Environments

In this paper we claim that an efficient and readily applicable means to improve privacy of Android applications is: 1) to perform runtime monitoring by instrumenting the application bytecode and 2) in-vivo, i.e. directly on the smartphone. We present a tool chain to do this and present experimental results showing that this tool chain can run on smartphones in a reasonable amount of time and with a realistic effort. Our findings also identify challenges to be addressed before running powerful runtime monitoring and instrumentations directly on smartphones. We implemented two use-cases leveraging the tool chain: BetterPermissions, a fine-grained user centric permission policy system and AdRemover an advertisement remover. Both prototypes improve the privacy of Android systems thanks to in-vivo bytecode instrumentation.Comment: ISBN: 978-2-87971-111-