All your sessions are belong to us: Investigating authenticator leakage through backup channels on Android

Security of authentication protocols heavily relies on the confidentiality of credentials (or authenticators) like passwords and session IDs. However, unlike browser-based web applications for which highly evolved browsers manage the authenticators, Android apps have to construct their own management. We find that most apps simply locate their authenticators into the persistent storage and entrust underlying Android OS for mediation. Consequently, these authenticators can be leaked through compromised backup channels. In this work, we conduct the first systematic investigation on this previously overlooked attack vector. We find that nearly all backup apps on Google Play inadvertently expose backup data to any app with internet and SD card permissions. With this exposure, the malicious apps can steal other apps' authenticators and obtain complete control over the authenticated sessions. We show that this can be stealthily and efficiently done by building a proof-of-concept app named AuthSniffer. We find that 80 (68.4%) out of the 117 tested top-ranked apps which have implemented authentication schemes are subject to this threat. Our study should raise the awareness of app developers and protocol analysts about this attack vector.No Full Tex

Moderating factors.

Optimizing the trade-off between economic growth and public health is a major goal of public administration, especially during public health events. Although containment measures are widely used to combat the Covid-19 outbreak, it is still debated how the measures affect the economy. Using a simplified susceptible-infected-recovered (SIR) model, this study investigates the dynamic impact of lockdown policy on social costs during the epidemic and the underlying mechanism, revealing that the lockdown policy has both a “shutdown effect” and an “anti-epidemic effect”, and should be implemented and lifted in a timely manner. Based on a micro-level dataset of 57,547 private enterprises in China in 2020, this study provided empirical evidence for the presence of negative “shutdown effect” and positive “anti-epidemic effect” of lockdown on reopening, both of which are in part mediated by labor input, factor mobility, and market demand recovery. Furthermore, the shutdown effect is weaker in regions with sufficient testing and quarantine resources, government capacity and preference for targeted response, whereas the anti-epidemic effect is stronger in densely populated areas with relatively low public compliance. Additionally, digital measures can aid in the containment of epidemics. The findings not only contribute to a better understanding of the rationality and effectiveness of the lockdown policy, but also provides practical evidence and implications for the government to improve the synergistic efficiency of epidemic control tools and strengthen the resilience of local economic growth.</div

Descriptive statistics of COVID-19 data in prefecture-level cities in China (excluding imported or unconfirmed cases).

Descriptive statistics of COVID-19 data in prefecture-level cities in China (excluding imported or unconfirmed cases).</p

Logit regression of work and production resumption on lockdown and local COVID-19 cases (sub-samples).

Logit regression of work and production resumption on lockdown and local COVID-19 cases (sub-samples).</p

Descriptive statistics of key variables.

Optimizing the trade-off between economic growth and public health is a major goal of public administration, especially during public health events. Although containment measures are widely used to combat the Covid-19 outbreak, it is still debated how the measures affect the economy. Using a simplified susceptible-infected-recovered (SIR) model, this study investigates the dynamic impact of lockdown policy on social costs during the epidemic and the underlying mechanism, revealing that the lockdown policy has both a “shutdown effect” and an “anti-epidemic effect”, and should be implemented and lifted in a timely manner. Based on a micro-level dataset of 57,547 private enterprises in China in 2020, this study provided empirical evidence for the presence of negative “shutdown effect” and positive “anti-epidemic effect” of lockdown on reopening, both of which are in part mediated by labor input, factor mobility, and market demand recovery. Furthermore, the shutdown effect is weaker in regions with sufficient testing and quarantine resources, government capacity and preference for targeted response, whereas the anti-epidemic effect is stronger in densely populated areas with relatively low public compliance. Additionally, digital measures can aid in the containment of epidemics. The findings not only contribute to a better understanding of the rationality and effectiveness of the lockdown policy, but also provides practical evidence and implications for the government to improve the synergistic efficiency of epidemic control tools and strengthen the resilience of local economic growth.</div

Logit regression of work and production resumption on lockdown and COVID-19 cases in other regions.

Logit regression of work and production resumption on lockdown and COVID-19 cases in other regions.</p

Start date of emergency response level in each province/autonomous region/municipality (“/” denotes default).

Start date of emergency response level in each province/autonomous region/municipality (“/” denotes default).</p

Moderating effects on the relationship between containment measures and production resumption.

Moderating effects on the relationship between containment measures and production resumption.</p