Intra-Library Collusion: A Potential Privacy Nightmare on Smartphones

Smartphones contain a trove of sensitive personal data including our location, who we talk to, our habits, and our interests. Smartphone users trade access to this data by permitting apps to use it, and in return obtain functionality provided by the apps. In many cases, however, users fail to appreciate the scale or sensitivity of the data that they share with third-parties when they use apps. To this end, prior work has looked at the threat to privacy posed by apps and the third-party libraries that they embed. Prior work, however, fails to paint a realistic picture of the full threat to smartphone users, as it has typically examined apps and third-party libraries in isolation. In this paper, we describe a novel and potentially devastating privilege escalation attack that can be performed by third-party libraries. This attack, which we call intra-library collusion, occurs when a single library embedded in more than one app on a device leverages the combined set of permissions available to it to pilfer sensitive user data. The possibility for intra-library collusion exists because libraries obtain the same privileges as their host app and popular libraries will likely be used by more than one app on a device. Using a real-world dataset of over 30,000 smartphones, we find that many popular third-party libraries have the potential to aggregate significant sensitive data from devices by using intra-library collusion. We demonstrate that several popular libraries already collect enough data to facilitate this attack. Using historical data, we show that risks from intra-library collusion have increased significantly over the last two-and-a-half years. We conclude with recommendations for mitigating the aforementioned problems.

[1]  Xuxian Jiang,et al.  Unsafe exposure analysis of mobile in-app advertisements , 2012, WISEC '12.

[2]  Erik Derr,et al.  Reliable Third-Party Library Detection in Android and its Security Applications , 2016, CCS.

[3]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[4]  Jason Nieh,et al.  A measurement study of google play , 2014, SIGMETRICS '14.

[5]  Dan S. Wallach,et al.  Longitudinal Analysis of Android Ad Library Permissions , 2013, ArXiv.

[6]  Dan S. Wallach,et al.  A case of collusion: a study of the interface between ad libraries and their apps , 2013, SPSM '13.

[7]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[8]  Roxana Geambasu,et al.  XRay: Enhancing the Web's Transparency with Differential Correlation , 2014, USENIX Security Symposium.

[9]  Yajin Zhou,et al.  Systematic Detection of Capability Leaks in Stock Android Smartphones , 2012, NDSS.

[10]  Shashi Shekhar,et al.  AdSplit: Separating Smartphone Advertising from Applications , 2012, USENIX Security Symposium.

[11]  Eric Bodden,et al.  Investigating Users' Reaction to Fine-Grained Data Requests: A Market Experiment , 2016, 2016 49th Hawaii International Conference on System Sciences (HICSS).

[12]  Alastair R. Beresford,et al.  Device analyzer: a privacy-aware platform to support research on the Android ecosystem , 2015, WISEC.

[13]  Insik Shin,et al.  FLEXDROID: Enforcing In-App Privilege Separation in Android , 2016, NDSS.

[14]  Gang Tan,et al.  NativeGuard: protecting android applications from third-party native libraries , 2014, WiSec '14.

[15]  Ivan Martinovic,et al.  SecuRank: Starving Permission-Hungry Apps Using Contextual Permission Analysis , 2016, SPSM@CCS.

[16]  Hao Chen,et al.  Investigating User Privacy in Android Ad Libraries , 2012 .

[17]  David A. Wagner,et al.  AdDroid: privilege separation for applications and advertisers in Android , 2012, ASIACCS '12.

[18]  Wenliang Du,et al.  Compac: enforce component-level access control in android , 2014, CODASPY '14.

[19]  Prasant Mohapatra,et al.  Predicting user traits from a snapshot of apps installed on a smartphone , 2014, MOCO.

[20]  Bin Ma,et al.  Following Devil's Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[21]  Hao Chen,et al.  revDroid: Code Analysis of the Side Effects after Dynamic Permission Revocation of Android Apps , 2016, AsiaCCS.

[22]  Gang Wang,et al.  Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications , 2017, AsiaCCS.

[23]  Yang Wang,et al.  Smart, useful, scary, creepy: perceptions of online behavioral advertising , 2012, SOUPS.

[24]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.

[25]  Siu-Ming Yiu,et al.  DroidChecker: analyzing android applications for capability leak , 2012, WISEC '12.

[26]  Wenke Lee,et al.  CHEX: statically vetting Android apps for component hijacking vulnerabilities , 2012, CCS.

[27]  Ahmad-Reza Sadeghi,et al.  Towards Taming Privilege-Escalation Attacks on Android , 2012, NDSS.

[28]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[29]  R. Shay,et al.  : Privacy on Mobile Devices – It ’ s Complicated , 2016 .

[30]  Tadayoshi Kohno,et al.  Securing Embedded User Interfaces: Android and Beyond , 2013, USENIX Security Symposium.

[31]  Andrew C. Simpson,et al.  Privacy‐preserving targeted mobile advertising: requirements, design and a prototype implementation , 2016, Softw. Pract. Exp..

[32]  Xiao Zhang,et al.  AFrame: isolating advertisements from mobile applications in Android , 2013, ACSAC.

[33]  Helen J. Wang,et al.  Permission Re-Delegation: Attacks and Defenses , 2011, USENIX Security Symposium.

[34]  Christopher Krügel,et al.  On the Privacy and Security of the Ultrasound Ecosystem , 2017, Proc. Priv. Enhancing Technol..

[35]  Zhen Huang,et al.  PScout: analyzing the Android permission specification , 2012, CCS.

[36]  Ivan Martinovic,et al.  To Update or Not to Update: Insights From a Two-Year Study of Android App Evolution , 2017, AsiaCCS.

[37]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.