Fine-Grained Access Control for HTML5-Based Mobile Applications in Android

HTML5-based mobile applications are becoming more and more popular because they can run on different platforms. Several newly introduced mobile OS natively support HTML5-based applications. For those that do not provide native sup-port, such as Android, iOS, and Windows Phone, developers can develop HTML5-based applications using middlewares, such as PhoneGap [17]. In these platforms, programs are loaded into a web component, called WebView, which can render HTML5 pages and execute JavaScript code. In order for the program to access the system resources, which are isolated from the content inside WebView due to its sand-box, bridges need to be built between JavaScript and the native code (e.g. Java code in Android). Unfortunately, such bridges break the existing protection that was origi-nally built into WebView. In this paper, we study the potential risks of HTML5-based applications, and investigate how the existing mobile systems ’ access control supports these applications. We fo-cus on Android and the PhoneGap middleware. However, our ideas can be applied to other platforms. Our studies indicate that Android does not provide an adequate access control for this kind of applications. We propose a fine-grained access control mechanism for the bridge in Android system. We have implemented our scheme in Android and have evaluated its effectiveness and performance. 1

PrivacyGuard: A VPN-Based Approach to Detect Privacy Leakages on Android Devices

The Internet is now the most important and efficient way to gain information, and mobile devices are the easiest way to access the Internet. Furthermore, wearable devices, which can be considered to be the next generation of mobile devices, are becoming popular. The more people rely on mobile devices, the more private information about these people can be gathered from their devices. If a device is lost or compromised, much private information is revealed. Although today’s smartphone operating systems are trying to provide a secure environment, they still fail to provide users with adequate control over and visibility into how third-party applications use their private data. The privacy leakage problem on mobile devices is still severe. For example, according a field study [1] done by CMU recently, Android applications track users’ location every three minutes in average. After the PRISM program, a surveillance program done by NSA, is exposed, people are becoming increasingly aware of the mobile privacy leakages. However, there are few tools available to average users for privacy preserving. Most tools developed by recent work have some problems (details can be found in chapter 2). To address these problems, we present PrivacyGuard, an efficient way to simultaneously detect leakage of multiple types of sensitive data, such as a phone’s IMEI number or location data. PrivacyGuard provides real-time protection. It is possible to modify the leaked information and replace it with crafted data to achieve protection. PrivacyGuard is configurable, extensible and useful for other research. We implement PrivacyGuard on the Android platform by taking advantage of the VPNService class provided by the Android SDK. PrivacyGuard does not require root per- missions to run on a device and does not require any knowledge about VPN technology from users either. The VPN server runs on the device locally. No external servers are required. According to our experiments, PrivacyGuard can effectively detect privacy leak- ages of most applications and advertisement libraries with almost no overhead on power consumption and reasonable overhead on network speed

Code Injection Attacks on HTML5-based Mobile Apps

HTML5-based mobile apps become more and more popular, mostly because they are much easier to be ported across different mobile platforms than native apps. HTML5-based apps are implemented using the standard web technologies, including HTML5, JavaScript and CSS; they depend on some middlewares, such as PhoneGap, to interact with the underlying OS. Knowing that JavaScript is subject to code injection attacks, we have conducted a systematic study on HTML5-based mobile apps, trying to evaluate whether it is safe to rely on the web technologies for mobile app development. Our discoveries are quite surprising. We found out that if HTML5-based mobile apps become popular--it seems to go that direction based on the current projection--many of the things that we normally do today may become dangerous, including reading from 2D barcodes, scanning Wi-Fi access points, playing MP4 videos, pairing with Bluetooth devices, etc. This paper describes how HTML5-based apps can become vulnerable, how attackers can exploit their vulnerabilities through a variety of channels, and what damage can be achieved by the attackers. In addition to demonstrating the attacks through example apps, we have studied 186 PhoneGap plugins, used by apps to achieve a variety of functionalities, and we found that 11 are vulnerable. We also found two real HTML5-based apps that are vulnerable to the attacks.Comment: In Proceedings of the Third Workshop on Mobile Security Technologies (MoST) 2014 (http://arxiv.org/abs/1410.6674

AndroParse - An Android Feature Extraction Framework & Dataset

Android malware has become a major challenge. As a consequence, practitioners and researchers spend a significant time analyzing Android applications (APK). A common procedure (especially for data scientists) is to extract features such as permissions, APIs or strings which can then be analyzed. Current state of the art tools have three major issues: (1) a single tool cannot extract all the significant features used by scientists and practitioners (2) Current tools are not designed to be extensible and (3) Existing parsers do not have runtime efficiency. Therefore, this work presents AndroParse which is an open-source Android parser written in Golang that currently extracts the four most common features: Permissions, APIs, Strings and Intents. AndroParse outputs JSON files as they can easily be used by most major programming languages. Constructing the parser allowed us to create an extensive feature dataset which can be accessed by our independent REST API. Our dataset currently has 67,703 benign and 46,683 malicious APK samples

HybridGuard: A Principal-based Permission and Fine-Grained Policy Enforcement Framework for Web-based Mobile Applications

Web-based or hybrid mobile applications (apps) are widely used and supported by various modern hybrid app development frameworks. In this architecture, any JavaScript code, local or remote, can access available APIs, including JavaScript bridges provided by the hybrid framework, to access device resources. This JavaScript inclusion capability is dangerous, since there is no mechanism to determine the origin of the code to control access, and any JavaScript code running in the mobile app can access the device resources through the exposed APIs. Previous solutions are either limited to a particular platform (e.g., Android) or a specific hybrid framework (e.g., Cordova) or only protect the device resources and disregard the sensitive elements in the web environment. Moreover, most of the solutions require the modification of the base platform. In this paper, we present HybridGuard, a novel policy enforcement framework that can enforce principal-based, stateful policies, on multiple origins without modifying the hybrid frameworks or mobile platforms. In HybridGuard, hybrid app developers can specify principal-based permissions, and define fine-grained, and stateful policies that can mitigate a significant class of attacks caused by potentially malicious JavaScript code included from third-party domains, including ads running inside the app. HybridGuard also provides a mechanism and policy patterns for app developers to specify fine-grained policies for multiple principals. HybridGuard is implemented in JavaScript, therefore, it can be easily adapted for other hybrid frameworks or mobile platforms without modification of these frameworks or platforms. We present attack scenarios and report experimental results to demonstrate how HybridGuard can thwart attacks against hybrid mobile apps

Ghera: A Repository of Android App Vulnerability Benchmarks

Security of mobile apps affects the security of their users. This has fueled the development of techniques to automatically detect vulnerabilities in mobile apps and help developers secure their apps; specifically, in the context of Android platform due to openness and ubiquitousness of the platform. Despite a slew of research efforts in this space, there is no comprehensive repository of up-to-date and lean benchmarks that contain most of the known Android app vulnerabilities and, consequently, can be used to rigorously evaluate both existing and new vulnerability detection techniques and help developers learn about Android app vulnerabilities. In this paper, we describe Ghera, an open source repository of benchmarks that capture 25 known vulnerabilities in Android apps (as pairs of exploited/benign and exploiting/malicious apps). We also present desirable characteristics of vulnerability benchmarks and repositories that we uncovered while creating Ghera.Comment: 10 pages. Accepted at PROMISE'1

Virtualization-Based Malwares: Can We Defend Against Them?

App-Virtualization is a technique that allows an application, called host or container, to create a virtual environment on top of the Android framework. In this virtual environment, other applications, called plugins, can be executed from their apk without being installed on the device. This technique can be used to offer some interesting features, but it can also be exploited for malicious purposes. For instance, it can be exploited to evade anti-malware detection by dynamically loading malicious code. Another common malicious use is to simplify the repackaging of an application: with the standard approach, an attacker must decompile the apk of the target application and then add the malicious payload before he can distribute the repackaged app, on the other hand, by exploiting virtualization it is enough to execute the target application as a plugin in a malicious container. Currently, the countermeasures at our disposal are Third-party Anti-Malware, Anti-Plugin techniques and the state-of-the-art tool VAHunt. Anti-Plugin techniques refer to a series of methods that a developer can implement in his application to ensure that it does not run in a virtual environment. Unfortunately, most of these techniques can be easily bypassed, but the major limitation is that they are rarely adopted by developers. VAHunt is a tool to check whether an app makes use of virtualization, additionally it is able to detect certain suspicious uses of the latter. It has been observed that this tool has some flaws. These are mainly due to the fact that it was built considering just the 2 main virtualization frameworks, namely VirtualApp and DroidPlugin. In this thesis, the behaviour of these malware was investigated in more detail. In particular, malwares were analyzed through both static and dynamic reverse engineering techniques. In addition, it has been proposed Matrioska, a new tool that exploits app-virtualisation itself to perform online a dynamic analysis of applications. This tool is able to detect the malicious use of app-virtualization as an alternative to repackaging with close to 100% accuracy.App-Virtualization is a technique that allows an application, called host or container, to create a virtual environment on top of the Android framework. In this virtual environment, other applications, called plugins, can be executed from their apk without being installed on the device. This technique can be used to offer some interesting features, but it can also be exploited for malicious purposes. For instance, it can be exploited to evade anti-malware detection by dynamically loading malicious code. Another common malicious use is to simplify the repackaging of an application: with the standard approach, an attacker must decompile the apk of the target application and then add the malicious payload before he can distribute the repackaged app, on the other hand, by exploiting virtualization it is enough to execute the target application as a plugin in a malicious container. Currently, the countermeasures at our disposal are Third-party Anti-Malware, Anti-Plugin techniques and the state-of-the-art tool VAHunt. Anti-Plugin techniques refer to a series of methods that a developer can implement in his application to ensure that it does not run in a virtual environment. Unfortunately, most of these techniques can be easily bypassed, but the major limitation is that they are rarely adopted by developers. VAHunt is a tool to check whether an app makes use of virtualization, additionally it is able to detect certain suspicious uses of the latter. It has been observed that this tool has some flaws. These are mainly due to the fact that it was built considering just the 2 main virtualization frameworks, namely VirtualApp and DroidPlugin. In this thesis, the behaviour of these malware was investigated in more detail. In particular, malwares were analyzed through both static and dynamic reverse engineering techniques. In addition, it has been proposed Matrioska, a new tool that exploits app-virtualisation itself to perform online a dynamic analysis of applications. This tool is able to detect the malicious use of app-virtualization as an alternative to repackaging with close to 100% accuracy