Understanding and improving app installation security mechanisms through empirical analysis of android

We provide a detailed analysis of two largely unexplored aspects of the security decisions made by the Android operating system during the app installation process: update integrity and UID assignment. To inform our analysis, we collect a dataset of Android application metadata and extract features from these binaries to gain a better understanding of how developers interact with the security mechanisms invoked during installation. Using the dataset, we find empirical evidence that Android's current signing architecture does not encourage best security practices. We also find that limitations of Android's UID sharing method force developers to write custom code rather than rely on OS-level mechanisms for secure data transfer between apps. As a result of our analysis, we recommend incrementally deployable improvements, including a novel UID sharing mechanism with applicability to signature-level permissions. We additionally discuss mitigation options for a security bug in Google's Play store, which allows apps to transparently obtain more privileges than those requested in the manifest.

[1]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[2]  Patrick D. McDaniel,et al.  Understanding Android Security , 2009, IEEE Security & Privacy Magazine.

[3]  Ahmad-Reza Sadeghi,et al.  Towards Taming Privilege-Escalation Attacks on Android , 2012, NDSS.

[4]  Paul C. van Oorschot,et al.  Reducing Unauthorized Modification of Digital Objects , 2012, IEEE Transactions on Software Engineering.

[5]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[6]  Moti Yung,et al.  Split-and-Delegate: Threshold Cryptography for the Masses , 2002, Financial Cryptography.

[7]  Shashi Shekhar,et al.  QUIRE: Lightweight Provenance for Smart Phone Operating Systems , 2011, USENIX Security Symposium.

[8]  Felix C. Freiling,et al.  Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices , 2011, 2011 IEEE Symposium on Security and Privacy.

[9]  Charalampos Manifavas,et al.  A new family of authentication protocols , 1998, OPSR.

[10]  Christopher Krügel,et al.  PiOS: Detecting Privacy Leaks in iOS Applications , 2011, NDSS.

[11]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[12]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[13]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[14]  William Enck,et al.  Defending Users against Smartphone Apps: Techniques and Future Directions , 2011, ICISS.

[15]  Yajin Zhou,et al.  Systematic Detection of Capability Leaks in Stock Android Smartphones , 2012, NDSS.

[16]  Paul C. van Oorschot,et al.  Secure Software Installation on Smartphones , 2011, IEEE Security & Privacy.

[17]  Nick Mathewson,et al.  Survivable key compromise in software update systems , 2010, CCS '10.

[18]  Helen J. Wang,et al.  Permission Re-Delegation: Attacks and Defenses , 2011, USENIX Security Symposium.

[19]  Pern Hui Chia,et al.  Is this app safe?: a large scale study on application permissions and risk signals , 2012, WWW.

[20]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[21]  Ralph Johnson,et al.  Design patterns: elements of reuseable object-oriented software , 1994 .

[22]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[23]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[24]  Pekka Nikander,et al.  Weak Authentication: How to Authenticate Unknown Principals without Trusted Parties , 2002, Security Protocols Workshop.

[25]  Dirk Westhoff,et al.  Concrete Security for Entity Recognition: The Jane Doe Protocol , 2008, INDOCRYPT.

[26]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[27]  Patrick D. McDaniel,et al.  Semantically Rich Application-Centric Security in Android , 2009, 2009 Annual Computer Security Applications Conference.

[28]  Ian Goldberg,et al.  On message recognition protocols: recoverability and explicit confirmation , 2010, Int. J. Appl. Cryptogr..

[29]  Ivan Damgård,et al.  Practical Threshold RSA Signatures without a Trusted Dealer , 2000, EUROCRYPT.