Detecting and defending against inter-app permission leaks in android apps

Android encourages inter-app interactions and facilitates functionality reusability by providing flexible inter-component communication (ICC) among apps. Components in apps can communicate with other components within single app or cross different apps. However, through this mechanism, components may leak permissions either carelessly or maliciously. Unfortunately, the current app-level permission model in Android cannot prevent such permissions leaks incurred by inter app communication. Simple permission enforcement is not sufficient as it cannot differentiate between normal permission usage and malicious permission usage (i.e., permission leakage). Therefore, users are required to grant permissions to apps during app installation, which may lead to permission mismanaged. In this paper, we propose IntentChecker that aims to detect permission leakage by proposing a light-weight mechanism. IntentChecker defends against the permission leakage attacks by adding authorization extension to the ICC mechanism and automatically generating patches for vulnerable apps. We evaluate IntentChecker with two benchmarks, i.e., Droidbench and ICCbench, and with 4031 real world apps. IntentChecker finds 324 apps that includes at least one permission leakage. We verify the effectiveness of the defense mechanism with 10 apps randomly selected from the vulnerable apps, which demonstrates that it is effective to prevent inter app permission leakage.

[1]  Lukasz Ziarek,et al.  Information flows as a permission mechanism , 2014, ASE.

[2]  Helen J. Wang,et al.  Permission Re-Delegation: Attacks and Defenses , 2011, USENIX Security Symposium.

[3]  Eric Bodden,et al.  A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks , 2014, NDSS.

[4]  Insik Shin,et al.  FLEXDROID: Enforcing In-App Privilege Separation in Android , 2016, NDSS.

[5]  Ahmad-Reza Sadeghi,et al.  XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks , 2011 .

[6]  Matthew L. Dering,et al.  Composite Constant Propagation: Application to Android Inter-Component Communication Analysis , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[7]  Zhen Huang,et al.  PScout: analyzing the Android permission specification , 2012, CCS.

[8]  Lujo Bauer,et al.  Android taint flow analysis for app sets , 2014, SOAP '14.

[9]  Mu Zhang,et al.  AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking Attacks in Android Applications , 2014, NDSS.

[10]  Wenke Lee,et al.  CHEX: statically vetting Android apps for component hijacking vulnerabilities , 2012, CCS.

[11]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.

[12]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[13]  Jacques Klein,et al.  IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[14]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[15]  Ondrej Lhoták,et al.  The Soot framework for Java program analysis: a retrospective , 2011 .

[16]  Kun Yang,et al.  IntentFuzzer: detecting capability leaks of android applications , 2014, AsiaCCS.

[17]  Ahmad-Reza Sadeghi,et al.  Privilege Escalation Attacks on Android , 2010, ISC.

[18]  Yves Le Traon,et al.  Automatically securing permission-based software by reducing the attack surface: an application to Android , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[19]  Yajin Zhou,et al.  Systematic Detection of Capability Leaks in Stock Android Smartphones , 2012, NDSS.

[20]  Jacques Klein,et al.  Dexpler: converting Android Dalvik bytecode to Jimple for static analysis with Soot , 2012, SOAP '12.

[21]  Jacques Klein,et al.  Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis , 2013 .

[22]  Lukasz Ziarek,et al.  Flow Permissions for Android , 2013, 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[23]  Ahmad-Reza Sadeghi,et al.  Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies , 2013, USENIX Security Symposium.

[24]  Ondrej Lhoták,et al.  Scaling Java Points-to Analysis Using SPARK , 2003, CC.

[25]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.