AppVeto: mobile application self-defense through resource access veto

Modern mobile operating systems such as Android and Apple iOS allow apps to access various system resources, with or without explicit user permission. Running multiple concurrent apps is also commonly supported, although the OS generally maintains strict separation between apps. However, an app can still get access to another app's private information, such as the user input, through numerous side-channels, mostly enabled by having access to permissioned or permission-less (sometimes even unrelated) resources, e.g., inferring keystroke and swipe gestures from a victim app via the accelerometer or gyroscope. Current mobile OSes do not empower an app to defend itself from such implicit interference from other apps; few exceptions exist such as blocking screenshot captures in Android. We propose a general mechanism for apps to defend themselves from any unwanted implicit or explicit interference from other concurrently running apps. Our AppVeto solution enables an app to easily configure its requirements for a safe environment; a foreground app can request the OS to disallow access---i.e., to enable veto powers---to selected side-channel-prone resources to all other running apps for a certain (short) duration, e.g., no access to the accelerometer during password input. In a sense, we enable a finer-grained access control policy than the current runtime permission model, and delegate the responsibility of the resource access decision (for vetoing) from users to app developers. We implement AppVeto on Android using the Xposed framework, without changing Android APIs. Furthermore, we show that AppVeto imposes negligible overhead, while being effective against several well-known side-channel attacks.

[1]  Ahmad-Reza Sadeghi,et al.  Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies , 2013, USENIX Security Symposium.

[2]  Andrew Hoog Android forensic techniques , 2011 .

[3]  Virginia Teller Review of Speech and language processing: an introduction to natural language processing, computational linguistics, and speech recognition by Daniel Jurafsky and James H. Martin. Prentice Hall 2000. , 2000 .

[4]  Nan Zhang,et al.  Leave Me Alone: App-Level Protection against Runtime Information Gathering on Android , 2015, 2015 IEEE Symposium on Security and Privacy.

[5]  Xin Sun,et al.  TextLogger: inferring longer inputs on touch screen using motion sensors , 2015, WISEC.

[6]  Trent Jaeger,et al.  A Survey on Sensor-based Threats to Internet-of-Things (IoT) Devices and Applications , 2018, ArXiv.

[7]  Zhi Xu,et al.  TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors , 2012, WISEC '12.

[8]  Raphael Spreitzer,et al.  PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices , 2014, SPSM@CCS.

[9]  Romit Roy Choudhury,et al.  Tapprints: your finger taps have fingerprints , 2012, MobiSys '12.

[10]  Ross J. Anderson,et al.  PIN skimmer: inferring PINs through the camera and microphone , 2013, SPSM '13.

[11]  Jan-Michael Frahm,et al.  iSpy: automatic reconstruction of typed input from compromising reflections , 2011, CCS '11.

[12]  Nitesh Saxena,et al.  Slogger: Smashing Motion-based Touchstroke Logging with Transparent System Noise , 2016, WISEC.

[13]  Jun Han,et al.  ACCessory: password inference using accelerometers on smartphones , 2012, HotMobile '12.

[14]  Yuqiong Sun,et al.  AuDroid: Preventing Attacks on Audio Channels in Mobile Devices , 2015, ACSAC.

[15]  Xiaohong Guan,et al.  Input extraction via motion-sensor behavior analysis on smartphones , 2015, Comput. Secur..

[16]  Carl A. Gunter,et al.  What's in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources , 2015, NDSS.

[17]  Stefan Mangard,et al.  Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices , 2016, IEEE Communications Surveys & Tutorials.

[18]  Jeff Yan,et al.  Hearing your touch: A new acoustic side channel on smartphones , 2019, ArXiv.

[19]  Stephen Smalley,et al.  Security Enhanced (SE) Android: Bringing Flexible MAC to Android , 2013, NDSS.

[20]  Adam J. Aviv,et al.  Practicality of accelerometer side channels on smartphones , 2012, ACSAC '12.

[21]  Urs Hengartner,et al.  Two Novel Defenses against Motion-Based Keystroke Inference Attacks , 2014, ArXiv.

[22]  Zhou Li,et al.  BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals , 2019, NDSS.

[23]  Gianluca Stringhini,et al.  MaMaDroid , 2019, ACM Trans. Priv. Secur..

[24]  Feng Xiao,et al.  PatternListener: Cracking Android Pattern Lock Using Acoustic Signals , 2018, CCS.

[25]  Wenliang Du,et al.  PINPOINT: Efficient and Effective Resource Isolation for Mobile Security and Privacy , 2019, ArXiv.

[26]  Zhi Xu,et al.  SemaDroid: A Privacy-Aware Sensor Management Framework for Smartphones , 2015, CODASPY.

[27]  Paola Inverardi,et al.  An Investigation Into Android Run-Time Permissions from the End Users' Perspective , 2018, 2018 IEEE/ACM 5th International Conference on Mobile Software Engineering and Systems (MOBILESoft).

[28]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[29]  Nitesh Saxena,et al.  Sensing-enabled channels for hard-to-detect command and control of mobile devices , 2013, ASIA CCS '13.