Precise Android API Protection Mapping Derivation and Reasoning

The Android research community has long focused on building an Android API permission specification, which can be leveraged by app developers to determine the optimum set of permissions necessary for a correct and safe execution of their app. However, while prominent existing efforts provide a good approximation of the permission specification, they suffer from a few shortcomings. Dynamic approaches cannot generate complete results, although accurate for the particular execution. In contrast, static approaches provide better coverage, but produce imprecise mappings due to their lack of path-sensitivity. In fact, in light of Android's access control complexity, the approximations hardly abstract the actual co-relations between enforced protections. To address this, we propose to precisely derive Android protection specification in a path-sensitive fashion, using a novel graph abstraction technique. We further showcase how we can apply the generated maps to tackle security issues through logical satisfiability reasoning. Our constructed maps for 4 Android Open Source Project (AOSP) images highlight the significance of our approach, as ~41% of APIs' protections cannot be correctly modeled without our technique.

[1]  Lujo Bauer,et al.  Android taint flow analysis for app sets , 2014, SOAP '14.

[2]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[3]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.

[4]  Xiangyu Zhang,et al.  SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps , 2015, USENIX Security Symposium.

[5]  Xiangyu Zhang,et al.  Detecting sensitive data disclosure via bi-directional text correlation analysis , 2016, SIGSOFT FSE.

[6]  Zhong Chen,et al.  AutoCog: Measuring the Description-to-permission Fidelity in Android Applications , 2014, CCS.

[7]  Erik Derr,et al.  On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis , 2016, USENIX Security Symposium.

[8]  Xiao Zhang,et al.  Life after App Uninstallation: Are the Data Still Alive? Data Residue Attacks on Android , 2016, NDSS.

[9]  Matthew Smith,et al.  Hey, You, Get Off of My Clipboard - On How Usability Trumps Security in Android Password Managers , 2013, Financial Cryptography.

[10]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[11]  David Brumley,et al.  An empirical study of cryptographic misuse in android applications , 2013, CCS.

[12]  Dong Hoon Lee,et al.  Predictability of Android OpenSSL's pseudo random number generator , 2013, CCS.

[13]  Wenke Lee,et al.  CHEX: statically vetting Android apps for component hijacking vulnerabilities , 2012, CCS.

[14]  Xiao Zhang,et al.  Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References , 2015, CCS.

[15]  Zhuoqing Morley Mao,et al.  Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework , 2016, NDSS.

[16]  Jeff H. Perkins,et al.  Information Flow Analysis of Android Applications in DroidSafe , 2015, NDSS.

[17]  Yajin Zhou,et al.  Systematic Detection of Capability Leaks in Stock Android Smartphones , 2012, NDSS.

[18]  Yajin Zhou,et al.  The impact of vendor customizations on android security , 2013, CCS.

[19]  Hao Chen,et al.  AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale , 2012, TRUST.

[20]  Jacques Klein,et al.  Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis , 2013 .

[21]  Ninghui Li,et al.  AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection , 2018, NDSS.

[22]  Yajin Zhou,et al.  Detecting Passive Content Leaks and Pollution in Android Applications , 2013, NDSS.

[23]  Tao Xie,et al.  WHYPER: Towards Automating Risk Assessment of Mobile Applications , 2013, USENIX Security Symposium.

[24]  Wenke Lee,et al.  Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting , 2015, NDSS.

[25]  Helen J. Wang,et al.  Permission Re-Delegation: Attacks and Defenses , 2011, USENIX Security Symposium.

[26]  Zhen Huang,et al.  PScout: analyzing the Android permission specification , 2012, CCS.

[27]  Jacques Klein,et al.  I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis , 2014, ArXiv.

[28]  Tongxin Li,et al.  Mayhem in the Push Clouds: Understanding and Mitigating Security Hazards in Mobile Push-Messaging Services , 2014, CCS.

[29]  Peng Wang,et al.  AsDroid: detecting stealthy behaviors in Android applications by user interface and program behavior contradiction , 2014, ICSE.