An Android Inline Hooking Framework for the Securing Transmitted Data

Information leaks can occur through many Android applications, including unauthorized access to sensors data. Hooking is an important technique for protecting Android applications and add security features to them even without its source code. Various hooking frameworks are developed to intercept events and process their own specific events. The hooking tools for Java methods are varied, however, the native hook has few methods. Besides, the commonly used Android hook frameworks cannot meet the requirement of hooking the native methods in shared libraries on non-root devices. Even though some approaches are able to hook these methods, they have limitations or are complicated to implement. In the paper, a feasible hooking approach for Android native methods is proposed and implemented, which does not need any modifications to both the Android framework and app’s code. In this approach, the method’s reference address is modified and control flow is redirected. Beyond that, this study combines this approach with VirtualXposed which aims to run it without root privileges. This hooking framework can be used to enforce security policies and monitor sensitive methods in shared objects. The evaluation of the scheme demonstrates its capability to perform hook operation without a significant runtime performance overhead on real devices and it is compatible and functional for the native hook.

[1]  Yajin Zhou,et al.  Detecting Passive Content Leaks and Pollution in Android Applications , 2013, NDSS.

[2]  Xiangyu Zhang,et al.  TaintMan: An ART-Compatible Dynamic Taint Analysis Framework on Unmodified and Non-Rooted Android Devices , 2017, IEEE Transactions on Dependable and Secure Computing.

[3]  Zhiyuan Tan,et al.  Design of multi-view based email classification for IoT systems via semi-supervised learning , 2019, J. Netw. Comput. Appl..

[4]  William K. Robertson,et al.  PatchDroid: scalable third-party security patches for Android devices , 2013, ACSAC.

[5]  Sakir Sezer,et al.  Analysis of Bayesian classification-based approaches for Android malware detection , 2016, IET Inf. Secur..

[6]  Marvin Wißfeld ArtHook: Callee-side Method Hook Injection on the New Android Runtime ART , 2015 .

[7]  Michael Backes,et al.  Boxify: Full-fledged App Sandboxing for Stock Android , 2015, USENIX Security Symposium.

[8]  Donghai Tian,et al.  MSYM: A multichannel communication system for android devices , 2020, Comput. Networks.

[9]  Sencun Zhu,et al.  Privacy Risk Analysis and Mitigation of Analytics Libraries in the Android Ecosystem , 2020, IEEE Transactions on Mobile Computing.

[10]  Yidong Li,et al.  BotMark: Automated botnet detection with hybrid analysis of flow-based and graph-based traffic behaviors , 2020, Inf. Sci..

[11]  Wenjuan Li,et al.  EFM: Enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism , 2014, Comput. Secur..

[12]  Witold Pedrycz,et al.  NewMCOS: Towards a Practical Multi-Cloud Oblivious Storage Scheme , 2020, IEEE Transactions on Knowledge and Data Engineering.

[13]  Xiangliang Zhang,et al.  Exploring Permission-Induced Risk in Android Applications for Malicious Application Detection , 2014, IEEE Transactions on Information Forensics and Security.

[14]  Xiao Chen,et al.  Android HIV: A Study of Repackaging Malware for Evading Machine-Learning Detection , 2018, IEEE Transactions on Information Forensics and Security.

[15]  Vivek Sarkar,et al.  Automatic detection of inter-application permission leaks in Android applications , 2013, IBM J. Res. Dev..

[16]  Xuxian Jiang,et al.  DroidChameleon: evaluating Android anti-malware against transformation attacks , 2013, ASIA CCS '13.

[17]  Wenjing Lou,et al.  Searchable Symmetric Encryption with Forward Search Privacy , 2019, IEEE Transactions on Dependable and Secure Computing.

[18]  Dieter Hogrefe,et al.  Secure APIT Localization Scheme Against Sybil Attacks in Distributed Wireless Sensor Networks , 2018, IEEE Access.

[19]  Longfei Wu,et al.  Cross-lingual multi-keyword rank search with semantic extension over encrypted data , 2020, Inf. Sci..

[20]  Thomas Schreck,et al.  Mobile-sandbox: having a deeper look into android applications , 2013, SAC '13.

[21]  John C. S. Lui,et al.  TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime , 2016, CCS.

[22]  Ross J. Anderson,et al.  Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.

[23]  Christopher Krügel,et al.  NJAS: Sandboxing Unmodified Applications in non-rooted Devices Running stock Android , 2015, SPSM@CCS.

[24]  Christopher Krügel,et al.  Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications , 2014, NDSS.

[25]  Xiaoming Fu,et al.  RACE: Reinforced Cooperative Autonomous Vehicle Collision Avoidance , 2020, IEEE Transactions on Vehicular Technology.

[26]  Valerio Costamagna,et al.  ARTDroid: A Virtual-Method Hooking Framework on Android ART Runtime , 2016, IMPS@ESSoS.

[27]  Yajin Zhou,et al.  Systematic Detection of Capability Leaks in Stock Android Smartphones , 2012, NDSS.

[28]  Wenke Lee,et al.  From Zygote to Morula: Fortifying Weakened ASLR on Android , 2014, 2014 IEEE Symposium on Security and Privacy.

[29]  Ian Goldberg,et al.  A Secure Environment for Untrusted Helper Applications ( Confining the Wily Hacker ) , 1996 .

[30]  Wenke Lee,et al.  CHEX: statically vetting Android apps for component hijacking vulnerabilities , 2012, CCS.

[31]  Srikanth V. Krishnamurthy,et al.  Detecting Android Root Exploits by Learning from Root Providers , 2017, USENIX Security Symposium.