Hey, NSA: Stay Away from my Market! Future Proofing App Markets against Powerful Attackers

Mobile devices are evolving as the dominant computing platform and consequently application repositories and app markets are becoming the prevalent paradigm for deploying software. Due to their central and trusted position in the software ecosystem, coerced, hacked or malicious app markets pose a serious threat to user security. Currently, there is little that hinders a nation state adversary (NSA) or other powerful attackers from using such central and trusted points of software distribution to deploy customized (malicious) versions of apps to specific users. Due to intransparencies in the current app installation paradigm, this kind of attack is extremely hard to detect. In this paper, we evaluate the risks and drawbacks of current app deployment in the face of powerful attackers. We assess the app signing practices of 97% of all free Google Play apps and find that the current practices make targeted attacks unnecessarily easy and almost impossible to detect for users and app developers alike. We show that high profile Android apps employ intransparent and unaccountable strategies when they publish apps to (multiple) alternative markets. We then present and evaluate Application Transparency (AT), a new framework that can defend against ``targeted-and-stealthy'' attacks, mount by malicious markets. We deployed AT in the wild and conducted an extensive field study in which we analyzed app installations on 253,819 real world Android devices that participate in a popular anti-virus app's telemetry program. We find that AT can effectively protect users against malicious targeted attack apps and furthermore adds transparency and accountability to the current intransparent signing and packaging strategies employed by many app developers.

[1]  Xuxian Jiang,et al.  AppInk: watermarking android apps for repackaging deterrence , 2013, ASIA CCS '13.

[2]  Evangelos P. Markatos,et al.  Rise of the planet of the apps: a systematic study of the mobile app ecosystem , 2013, Internet Measurement Conference.

[3]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[4]  Pern Hui Chia,et al.  Is this app safe?: a large scale study on application permissions and risk signals , 2012, WWW.

[5]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[6]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[7]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[8]  Mark Ryan,et al.  Enhanced Certificate Transparency and End-to-End Encrypted Mail , 2014, NDSS.

[9]  Hui Zang,et al.  AdRob: examining the landscape and impact of android application plagiarism , 2013, MobiSys '13.

[10]  Yajin Zhou,et al.  Detecting repackaged smartphone applications in third-party android marketplaces , 2012, CODASPY '12.

[11]  Yajin Zhou,et al.  The impact of vendor customizations on android security , 2013, CCS.

[12]  Collin Jackson,et al.  Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure , 2013, WWW.

[13]  Glenn Greenwald,et al.  No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State , 2014 .

[14]  Hui Zang,et al.  AdRob: examining the landscape and impact of android application plagiarism , 2013, MobiSys.

[15]  Nicolas Christin,et al.  Sweetening android lemon markets: measuring and combating malware in application marketplaces , 2013, CODASPY '13.

[16]  Xuxian Jiang,et al.  DroidChameleon: evaluating Android anti-malware against transformation attacks , 2013, ASIA CCS '13.

[17]  Andra Giurgiu,et al.  No Place to Hide – Edward Snowden, the NSA and the Surveillance State , 2015 .

[18]  Jeremy Clark,et al.  Understanding and improving app installation security mechanisms through empirical analysis of android , 2012, SPSM '12.

[19]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[20]  Konstantina Papagiannaki,et al.  What's app?: a wide-scale measurement study of smart phone markets , 2012, MOCO.

[21]  Stuart Haber,et al.  How to Time-Stamp a Digital Document , 1990, CRYPTO.