AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection

The Android framework has raised increased security concerns with regards to its access control enforcement. Particularly, existing research efforts successfully demonstrate that framework security checks are not always consistent across appaccessible APIs. However, existing efforts fall short in addressing peculiarities that characterize the complex Android access control and the diversity introduced by the heavy vendor customization. In this paper, we develop a new analysis framework AceDroid that models Android access control in a path-sensitive manner and normalizes diverse checks to a canonical form. We applied our proposed modeling to perform inconsistency analysis for 12 images. Our tool proved to be quite effective, enabling to detect a significant number of inconsistencies introduced by various vendors and to suppress substantial false alarms. Through investigating the results, we uncovered high impact attacks enabling to write a key logger, send premium sms messages, bypass user restrictions, perform a major denial of services and other critical operations.

[1]  Yajin Zhou,et al.  Systematic Detection of Capability Leaks in Stock Android Smartphones , 2012, NDSS.

[2]  Jacques Klein,et al.  Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis , 2013 .

[3]  Hang Zhang,et al.  Android ION Hazard: the Curse of Customizable Memory Management System , 2016, CCS.

[4]  Tao Xie,et al.  WHYPER: Towards Automating Risk Assessment of Mobile Applications , 2013, USENIX Security Symposium.

[5]  Xiao Zhang,et al.  Life after App Uninstallation: Are the Data Still Alive? Data Residue Attacks on Android , 2016, NDSS.

[6]  Wenke Lee,et al.  Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting , 2015, NDSS.

[7]  Helen J. Wang,et al.  Permission Re-Delegation: Attacks and Defenses , 2011, USENIX Security Symposium.

[8]  Erik Derr,et al.  On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis , 2016, USENIX Security Symposium.

[9]  Tongxin Li,et al.  Mayhem in the Push Clouds: Understanding and Mitigating Security Hazards in Mobile Push-Messaging Services , 2014, CCS.

[10]  David Brumley,et al.  An empirical study of cryptographic misuse in android applications , 2013, CCS.

[11]  Dong Hoon Lee,et al.  Predictability of Android OpenSSL's pseudo random number generator , 2013, CCS.

[12]  Zhen Huang,et al.  PScout: analyzing the Android permission specification , 2012, CCS.

[13]  Nan Zhang,et al.  The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations , 2014, 2014 IEEE Symposium on Security and Privacy.

[14]  Peng Wang,et al.  AsDroid: detecting stealthy behaviors in Android applications by user interface and program behavior contradiction , 2014, ICSE.

[15]  Jacques Klein,et al.  I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis , 2014, ArXiv.

[16]  Jeff H. Perkins,et al.  Information Flow Analysis of Android Applications in DroidSafe , 2015, NDSS.

[17]  Xiangyu Zhang,et al.  Detecting sensitive data disclosure via bi-directional text correlation analysis , 2016, SIGSOFT FSE.

[18]  Zhong Chen,et al.  AutoCog: Measuring the Description-to-permission Fidelity in Android Applications , 2014, CCS.

[19]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[20]  Xiao Zhang,et al.  Harvesting Inconsistent Security Configurations in Custom Android ROMs via Differential Analysis , 2016, USENIX Security Symposium.

[21]  Henrique Kawakami,et al.  Security and system architecture: comparison of Android customizations , 2015, WISEC.

[22]  Hao Chen,et al.  AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale , 2012, TRUST.

[23]  Zhuoqing Morley Mao,et al.  Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework , 2016, NDSS.

[24]  Xiao Zhang,et al.  Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References , 2015, CCS.

[25]  E. Ratazzi,et al.  A Systematic Security Evaluation of Android's Multi-User Framework , 2014, ArXiv.

[26]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[27]  Lujo Bauer,et al.  Android taint flow analysis for app sets , 2014, SOAP '14.

[28]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.