Android inter-app communication threats and detection techniques

Abstract With the digital breakthrough, smart phones have become very essential component for many routine tasks like shopping, paying bills, transferring money, instant messaging, emails etc. Mobile devices are very attractive attack surface for cyber thieves as they hold personal details (accounts, locations, contacts, photos) and have potential capabilities for eavesdropping (with cameras/microphone, wireless connections). Android, being the most popular, is the target of malicious hackers who are trying to use Android app as a tool to break into and control device. Android malware authors use many anti-analysis techniques to hide from analysis tools. Academic researchers and commercial anti-malware companies are putting great effort to detect such malicious apps. They are making use of the combinations of static, dynamic and behavior-based analysis techniques. Despite of all the security mechanisms provided by Android, apps can carry out malicious actions through inter-app communication. One such inter-app communication threats is collusion. In collusion, malicious functionality is divided across multiple apps. Each participating app accomplishes its part and communicate information to another app through Inter Component Communication (ICC). ICC does not require any special permissions. Also there is no compulsion to inform user about the communication. Each participating app needs to request a minimal set of privileges, which may make it appear benign to current state-of-the-art techniques that analyze one app at a time. There are many surveys on app analysis techniques in Android; however they focus on single-app analysis. This survey highlights several inter-app communication threats, in particular collusion among multiple-apps. In this paper, we present Android vulnerabilities that may be exploited for carrying privilege escalation attacks, privacy leakage and collusion attacks. We cover the existing threat analysis, scenarios, and a detailed comparison of tools for intra- and inter-app analysis. To the best of our knowledge this is the first survey on inter-app communication threats, app collusion and state-of-the-art detection tools in Android.

[1]  Lujo Bauer,et al.  Android taint flow analysis for app sets , 2014, SOAP '14.

[2]  Roksana Boreli,et al.  On the effectiveness of dynamic taint analysis for protecting against private information leaks on Android-based devices , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[3]  Hubert Ritzdorf,et al.  Analysis of the communication between colluding applications on modern smartphones , 2012, ACSAC '12.

[4]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[5]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.

[6]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[7]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[9]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[10]  Somesh Jha,et al.  Retargeting Android applications to Java bytecode , 2012, SIGSOFT FSE.

[11]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[12]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[13]  Apu Kapadia,et al.  Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones , 2011, NDSS.

[14]  Yingjiu Li,et al.  Permission based Android security: Issues and countermeasures , 2014, Comput. Secur..

[15]  Jacques Klein,et al.  IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[16]  Ahmad-Reza Sadeghi,et al.  DroidAuditor: Forensic Analysis of Application-Layer Privilege Escalation Attacks on Android (Short Paper) , 2016, Financial Cryptography.

[17]  Ahmad-Reza Sadeghi,et al.  XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks , 2011 .

[18]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[19]  Dan S. Wallach,et al.  A case of collusion: a study of the interface between ad libraries and their apps , 2013, SPSM '13.

[20]  Helen J. Wang,et al.  Permission Re-Delegation: Attacks and Defenses , 2011, USENIX Security Symposium.

[21]  René Rydhof Hansen,et al.  Formalisation and analysis of Dalvik bytecode , 2014, Sci. Comput. Program..

[22]  Marco Pistoia,et al.  Dynamic detection of inter-application communication vulnerabilities in Android , 2015, ISSTA.

[23]  Ulrike Meyer,et al.  Messing with Android's Permission Model , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[24]  Tilo Müller,et al.  A game of Droid and Mouse: The threat of split-personality malware on Android , 2015, Comput. Secur..

[25]  Matthew L. Dering,et al.  Composite Constant Propagation: Application to Android Inter-Component Communication Analysis , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[26]  Zhen Huang,et al.  PScout: analyzing the Android permission specification , 2012, CCS.

[27]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[28]  Zhemin Yang,et al.  LeakMiner: Detect Information Leakage on Android with Static Taint Analysis , 2012, 2012 Third World Congress on Software Engineering.

[29]  Jacques Klein,et al.  Combining static analysis with probabilistic models to enable market-scale Android inter-component analysis , 2016, POPL.

[30]  Tilo Müller,et al.  Divide-and-Conquer: Why Android Malware Cannot Be Stopped , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[31]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[32]  Gang Wang,et al.  Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications , 2017, AsiaCCS.

[33]  Vrizlynn L. L. Thing,et al.  Securing Android , 2015, ACM Comput. Surv..

[34]  Juan E. Tapiador,et al.  Evolution, Detection and Analysis of Malware for Smart Devices , 2014, IEEE Communications Surveys & Tutorials.

[35]  Aristide Fattori,et al.  CopperDroid: Automatic Reconstruction of Android Malware Behaviors , 2015, NDSS.

[36]  A. B. Bhavani Cross-site Scripting Attacks on Android WebView , 2013, ArXiv.

[37]  Ahmad-Reza Sadeghi,et al.  Practical and lightweight domain isolation on Android , 2011, SPSM '11.

[38]  David A. Wagner,et al.  Reducing attack surfaces for intra-application communication in android , 2012, SPSM '12.

[39]  Jeff H. Perkins,et al.  Information Flow Analysis of Android Applications in DroidSafe , 2015, NDSS.

[40]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[41]  Ondrej Lhoták,et al.  The Soot framework for Java program analysis: a retrospective , 2011 .

[42]  Sorin Lerner,et al.  ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[43]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[44]  David Lie,et al.  IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware , 2016, NDSS.

[45]  Hao Chen,et al.  AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale , 2012, TRUST.

[46]  Rui Abreu,et al.  MZoltar: automatic debugging of Android applications , 2013, DeMobile 2013.

[47]  Dirk Westhoff,et al.  QuantDroid: Quantitative approach towards mitigating privilege escalation on Android , 2013, 2013 IEEE International Conference on Communications (ICC).

[48]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[49]  Huzur Saran,et al.  Dynamic code instrumentation to detect and recover from return address corruption , 2006, WODA '06.

[50]  David Callahan,et al.  The program summary graph and flow-sensitive interprocedual data flow analysis , 1988, PLDI '88.

[51]  Gang Wang,et al.  MR-Droid: A Scalable and Prioritized Analysis of Inter-App Communication Risks , 2017, 2017 IEEE Security and Privacy Workshops (SPW).

[52]  Wenke Lee,et al.  CHEX: statically vetting Android apps for component hijacking vulnerabilities , 2012, CCS.

[53]  Mauro Conti,et al.  CRePE: Context-Related Policy Enforcement for Android , 2010, ISC.

[54]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[55]  A Pnueli,et al.  Two Approaches to Interprocedural Data Flow Analysis , 2018 .

[56]  Nguyen Hoang Nga,et al.  Towards Automated Android App Collusion Detection , 2016, IMPS@ESSoS.

[57]  Alfred V. Aho,et al.  Android Malware Static Analysis Techniques , 2015, CISR.

[58]  Peter Szor,et al.  The Art of Computer Virus Research and Defense , 2005 .

[59]  Shashi Shekhar,et al.  QUIRE: Lightweight Provenance for Smart Phone Operating Systems , 2011, USENIX Security Symposium.

[60]  Porfirio Tramontana,et al.  A GUI Crawling-Based Technique for Android Mobile Application Testing , 2011, 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation Workshops.

[61]  Vivek Sarkar,et al.  Automatic detection of inter-application permission leaks in Android applications , 2013, IBM J. Res. Dev..

[62]  Lorrie Faith Cranor,et al.  P3P: Making Privacy Policies More Useful , 2003, IEEE Secur. Priv..

[63]  Zhuoqing Morley Mao,et al.  Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks , 2014, USENIX Security Symposium.

[64]  Cristina Cifuentes,et al.  User-Input Dependence Analysis via Graph Reachability , 2008, 2008 Eighth IEEE International Working Conference on Source Code Analysis and Manipulation.

[65]  Michael Backes,et al.  Android Security Framework: Enabling Generic and Extensible Access Control on Android , 2014, ArXiv.

[66]  Shashi Shekhar,et al.  AdSplit: Separating Smartphone Advertising from Applications , 2012, USENIX Security Symposium.

[67]  Vijay Laxmi,et al.  DRACO: DRoid analyst combo an android malware analysis framework , 2015, SIN.

[68]  Justin Clarke-Salt SQL Injection Attacks and Defense , 2009 .

[69]  Alessandro Armando,et al.  Bring your own device, securely , 2013, SAC '13.

[70]  Xuxian Jiang,et al.  Design and implementation of an Android host-based intrusion prevention system , 2014, ACSAC.

[71]  Ahmad-Reza Sadeghi,et al.  Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies , 2013, USENIX Security Symposium.

[72]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[73]  Jacques Klein,et al.  Automatically Exploiting Potential Component Leaks in Android Applications , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[74]  Hao Chen,et al.  Toward Detecting Collusive Ranking Manipulation Attackers in Mobile App Markets , 2017, AsiaCCS.

[75]  Karim O. Elish User-Intention Based Program Analysis for Android Security , 2015 .

[76]  Ahmad-Reza Sadeghi,et al.  Towards Taming Privilege-Escalation Attacks on Android , 2012, NDSS.

[77]  Barbara G. Ryder,et al.  User-Centric Dependence Analysis For Identifying Malicious Mobile Apps , 2012 .

[78]  Karim O. Elish,et al.  On the Need of Precise Inter-App ICC Classification for Detecting Android , 2015 .

[79]  Jacques Klein,et al.  ApkCombiner: Combining Multiple Android Apps to Support Inter-App Analysis , 2015, SEC.

[80]  Yves Le Traon,et al.  Automatically securing permission-based software by reducing the attack surface: an application to Android , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[81]  Aristides A. G. Requicha,et al.  Accessibility analysis for the automatic inspection of mechanical parts by coordinate measuring machines , 1990, Proceedings., IEEE International Conference on Robotics and Automation.

[82]  D BokefodeJayant.,et al.  Analysis of DAC MAC RBAC Access Control based Models for Security , 2014 .

[83]  Alireza Sadeghi,et al.  Analysis of Android Inter-App Security Vulnerabilities Using COVERT , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[84]  Eric Bodden,et al.  DroidForce: Enforcing Complex, Data-centric, System-wide Policies in Android , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[85]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[86]  William Enck,et al.  Defending Users against Smartphone Apps: Techniques and Future Directions , 2011, ICISS.

[87]  Alireza Sadeghi,et al.  COVERT: Compositional Analysis of Android Inter-App Permission Leakage , 2015, IEEE Transactions on Software Engineering.

[88]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[89]  Jacques Klein,et al.  Dexpler: converting Android Dalvik bytecode to Jimple for static analysis with Soot , 2012, SOAP '12.

[90]  Jacques Klein,et al.  Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis , 2013 .

[91]  Vijay Laxmi,et al.  Intersection Automata Based Model for Android Application Collusion , 2016, 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA).

[92]  Patrick D. McDaniel,et al.  Understanding Android Security , 2009, IEEE Security & Privacy Magazine.

[93]  Norman Hardy,et al.  The Confused Deputy: (or why capabilities might have been invented) , 1988, OPSR.

[94]  Aaron Tomb,et al.  Multi-App Security Analysis with FUSE: Statically Detecting Android App Collusion , 2014, PPREW-4.

[95]  Vijay Laxmi,et al.  Detecting Inter-App Information Leakage Paths , 2017, AsiaCCS.

[96]  Sotiris Ioannidis,et al.  Rage against the virtual machine: hindering dynamic analysis of Android malware , 2014, EuroSec '14.

[97]  Valerio Costamagna,et al.  ARTDroid: A Virtual-Method Hooking Framework on Android ART Runtime , 2016, IMPS@ESSoS.

[98]  Ross J. Anderson,et al.  Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.

[99]  Paramvir Bahl,et al.  Fine-grained power modeling for smartphones using system call tracing , 2011, EuroSys '11.

[100]  Jeremy Clark,et al.  Understanding and improving app installation security mechanisms through empirical analysis of android , 2012, SPSM '12.

[101]  Eugene W. Myers,et al.  A precise inter-procedural data flow algorithm , 1981, POPL '81.