Permissions Plugins as Android Apps

The permissions framework for Android is frustratingly inflexible. Once granted a permission, Android will always allow an app to access the resource until the user manually revokes the app's permission. Prior work has proposed extensible plugin frameworks, but they have struggled to support flexible authorization and isolate apps and plugins from each other. In this paper, we propose DALF, a framework for extensible permissions plugins that provides both flexibility and isolation. The insight underlying DALF is that permissions plugins should be treated as apps themselves. This approach allows plugins to maintain state and access system resources such as a device's location while being restricted by Android's process-isolation mechanisms. Experiments with microbenchmarks and case studies with real third-party apps show promising results: plugins are easy to develop and impose acceptable overhead for most resources.

[1]  Yajin Zhou,et al.  Taming Information-Stealing Smartphone Applications (on Android) , 2011, TRUST.

[2]  Dawn Xiaodong Song,et al.  Contextual Policy Enforcement in Android Applications with Permission Event Graphs , 2013, NDSS.

[3]  Xuxian Jiang,et al.  Unsafe exposure analysis of mobile in-app advertisements , 2012, WISEC '12.

[4]  Mauro Conti,et al.  CRePE: Context-Related Policy Enforcement for Android , 2010, ISC.

[5]  Shashi Shekhar,et al.  QUIRE: Lightweight Provenance for Smart Phone Operating Systems , 2011, USENIX Security Symposium.

[6]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.

[7]  Michael Backes,et al.  Android security framework: extensible multi-layered access control on Android , 2014, ACSAC '14.

[8]  Patrick D. McDaniel,et al.  Semantically Rich Application-Centric Security in Android , 2009, 2009 Annual Computer Security Applications Conference.

[9]  Ashwin Machanavajjhala,et al.  What You Mark is What Apps See , 2016, MobiSys.

[10]  Nickolai Zeldovich,et al.  Practical and Effective Sandboxing for Non-root Users , 2013, USENIX Annual Technical Conference.

[11]  Catuscia Palamidessi,et al.  Geo-indistinguishability: differential privacy for location-based systems , 2012, CCS.

[12]  Mani B. Srivastava,et al.  ipShield: A Framework For Enforcing Context-Aware Privacy , 2014, NSDI.

[13]  Michael Backes,et al.  Boxify: Full-fledged App Sandboxing for Stock Android , 2015, USENIX Security Symposium.

[14]  Todd D. Millstein,et al.  Dr. Android and Mr. Hide: fine-grained permissions in android applications , 2012, SPSM '12.

[15]  Zhi Xu,et al.  SemaDroid: A Privacy-Aware Sensor Management Framework for Smartphones , 2015, CODASPY.

[16]  Christopher Krügel,et al.  NJAS: Sandboxing Unmodified Applications in non-rooted Devices Running stock Android , 2015, SPSM@CCS.

[17]  David A. Wagner,et al.  The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[18]  Xin Chen,et al.  SweetDroid: Toward a Context-Sensitive Privacy Policy Enforcement Framework for Android OS , 2017, WPES@CCS.

[19]  David Wu,et al.  A Context-Aware Kernel IPC Firewall for Android , 2016 .

[20]  Ethiopia Nigussie,et al.  CoDRA: Context-based dynamically reconfigurable access control system for android , 2018, J. Netw. Comput. Appl..

[21]  Sencun Zhu,et al.  INSPIRED: Intention-based Privacy-preserving Permission Model , 2017, ArXiv.

[22]  Romit Roy Choudhury,et al.  Tapprints: your finger taps have fingerprints , 2012, MobiSys '12.

[23]  Mohammad Emtiyaz Khan,et al.  SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[24]  Vitaly Shmatikov,et al.  A Scanner Darkly: Protecting User Privacy from Perceptual Applications , 2013, 2013 IEEE Symposium on Security and Privacy.