DPerm: Assisting the Migration of Android Apps to Runtime Permissions

Android apps require permissions when accessing resources related to privacy or system integrity. Starting from Android 6, these permissions have to be asked at runtime. However, migrating to the new permission model poses multiple challenges for developers. First, developers have to discover where the app uses permissions, which requires a permission specification. To date several such specifications have been built, yet these are either imprecise, incomplete or don't support all types of protected resources. We first present DPSpec, a novel permission specification built from several documentation formats supplied with the Android SDK. Compared with the state the art specification, it contains 2.5x as many entries for protected methods and detects dangerous permission usages in more than twice as many apps. A second challenge for developers is where to insert permission requests, with possible locations restricted by the request mechanism. We also present DPerm, a static analysis for Android apps that recommends locations for permission requests in code. It achieves high precision through context sensitivity and improves recall through a general call graph augmentation algorithm for incomplete code. Our empirical evaluation on 32 apps shows a precision of 96% and recall of 89%.

[1]  David A. Wagner,et al.  Android Permissions Remystified: A Field Study on Contextual Integrity , 2015, USENIX Security Symposium.

[2]  Yves Le Traon,et al.  Automatically securing permission-based software by reducing the attack surface: an application to Android , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[3]  Premkumar T. Devanbu,et al.  Asking for (and about) permissions used by Android apps , 2013, 2013 10th Working Conference on Mining Software Repositories (MSR).

[4]  Zhuoqing Morley Mao,et al.  Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework , 2016, NDSS.

[5]  Ondrej Lhoták,et al.  Scaling Java Points-to Analysis Using SPARK , 2003, CC.

[6]  Erik Derr,et al.  On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis , 2016, USENIX Security Symposium.

[7]  Jacques Klein,et al.  IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[8]  Ninghui Li,et al.  Android permissions: a perspective combining risks and benefits , 2012, SACMAT '12.

[9]  Ondrej Lhoták,et al.  Program analysis using binary decision diagrams , 2006 .

[10]  Zhen Huang,et al.  PScout: analyzing the Android permission specification , 2012, CCS.

[11]  Charles Zhang,et al.  Geometric encoding: forging the high performance context sensitive points-to analysis for Java , 2011, ISSTA '11.

[12]  Tao Su,et al.  How dangerous is your Android app?: an evaluation methodology , 2014, MobiQuitous.

[13]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[14]  Jason Crampton,et al.  Sleeping android: the danger of dormant permissions , 2013, SPSM '13.

[15]  Hao Chen,et al.  revDroid: Code Analysis of the Side Effects after Dynamic Permission Revocation of Android Apps , 2016, AsiaCCS.

[16]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[17]  Laurie Hendren,et al.  Soot: a Java bytecode optimization framework , 2010, CASCON.

[18]  Benjamin Livshits,et al.  Automatic Mediation of Privacy-Sensitive Resource Access in Smartphone Applications , 2013, USENIX Security Symposium.