Yajin Zhou,Kapil Singh,Xuxian Jiang

DOI: https://doi.org/10.1007/978-3-319-08593-7_4

2014-01-01

Abstract:Modern smartphone apps tend to contain and use vast amounts of data that can be broadly classified as structured and unstructured. Structured data, such as an user's geolocation, has predefined semantics that can be retrieved by well-defined platform APIs. Unstructured data, on the other hand, relies on the context of the apps to reflect its meaning and value, and is typically provided by the user directly into an app's interface. Recent research has shown that third-party apps are leaking highly-sensitive unstructured data, including user's banking credentials. Unfortunately, none of the current solutions focus on the protection of unstructured data. In this paper, we propose an owner-centric solution to protect unstructured data on smartphones. Our approach allows the data owners to specify security policies when providing their untrusted data to third-party apps. It tracks the flow of information to enforce the owner's policies at strategic exit points. Based on this approach, we design and implement a system, called <Literal>DataChest</Literal>. We develop several mechanisms to reduce user burden and keep interruption to the minimum, while at the same time preventing the malicious apps from tricking the user. We evaluate our system against a set of real-world malicious apps and a series of synthetic attacks to show that it can successfully prevent the leakage of unstructured data while incurring reasonable performance overhead.

Yajin Zhou,Xinwen Zhang,Xuxian Jiang,Vincent W. Freeh

DOI: https://doi.org/10.1007/978-3-642-21599-5_7

2011-01-01

Abstract:Smartphones have been becoming ubiquitous and mobile users are increasingly relying on them to store and handle personal information. However, recent studies also reveal the disturbing fact that users' personal information is put at risk by (rogue) smartphone applications. Existing solutions exhibit limitations in their capabilities in taming these privacy-violating smartphone applications. In this paper, we argue for the need of a new privacy mode in smartphones. The privacy mode can empower users to flexibly control in a fine-grained manner what kinds of personal information will be accessible to an application. Also, the granted access can be dynamically adjusted at runtime in a fine-grained manner to better suit a user's needs in various scenarios (e.g., in a different time or location). We have developed a system called TISSA that implements such a privacy mode on Android. The evaluation with more than a dozen of information-leaking Android applications demonstrates its effectiveness and practicality. Furthermore, our evaluation shows that TISSA introduces negligible performance overhead.

Chiachih Wu,Yajin Zhou,Kunal Patel,Zhenkai Liang,Xuxian Jiang

DOI: https://doi.org/10.14722/ndss.2014.23164

2014-01-01

Abstract:Recent years have experienced explosive growth of smartphone sales. Inevitably, the rise in the popularity of smartphones also makes them an attractive target for attacks. In light of these threats, current mobile platform providers have developed various server-side vetting processes to block malicious applications (“apps”). While helpful, they are still far from ideal in achieving their goals. To make matters worse, the presence of alternative (less-regulated) mobile marketplaces also opens up new attack vectors, which necessitate client-side solutions (e.g., mobile anti-virus software) to run on mobile devices. However, existing client-side solutions still exhibit limitations in their capability or deployability. In this paper, we present AirBag, a lightweight OS-level virtualization approach to enhance the popular Android platform and boost our defense capability against mobile malware infection. Assuming a trusted smartphone OS kernel and the fact that untrusted apps will be eventually installed onto users’ phones, AirBag is designed to isolate and prevent them from infecting our normal systems (e.g., corrupting the phone firmware) or stealthily leaking private information. More specifically, by dynamically creating an isolated runtime environment with its own dedicated namespace and virtualized system resources, AirBag not only allows for transparent execution of untrusted apps, but also effectively mediates their access to various system resources or phone functionalities (e.g., SMSs or phone calls). We have implemented a proof-of-concept prototype on three representative mobile devices, i.e., Google Nexus One, Nexus 7, and Samsung Galaxy S III. The evaluation results with a number of untrusted apps, including real-world mobile malware, demonstrate its practicality and effectiveness.

Yajin Zhou,Kunal Patel,Lei Wu,Zhi Wang,Xuxian Jiang

DOI: https://doi.org/10.1145/2714576.2714598

2015-01-01

Abstract:ABSTRACTUsers of Android phones increasingly entrust personal information to third-party apps. However, recent studies reveal that many apps, even benign ones, could leak sensitive information without user awareness or consent. Previous solutions either require to modify the Android framework thus significantly impairing their practical deployment, or could be easily defeated by malicious apps using a native library. In this paper, we propose AppCage, a system that thoroughly confines the run-time behavior of third-party Android apps without requiring framework modifications or root privilege. AppCage leverages two complimentary user-level sandboxes to interpose and regulate an app's access to sensitive APIs. Specifically, dex sandbox hooks into the app's Dalvik virtual machine instance and redirects each sensitive framework API to a proxy which strictly enforces the user-defined policies, and native sandbox leverages software fault isolation to prevent the app's native libraries from directly accessing the protected APIs or subverting the dex sandbox. We have implemented a prototype of AppCage. Our evaluation shows that AppCage can successfully detect and block attempts to leak private information by third-party apps, and the performance overhead caused by AppCage is negligible for apps without native libraries and minor for apps with them.

Fang He,Jun Tao

DOI: https://doi.org/10.1109/icears53579.2022.9751938

2022-03-16

Abstract:This article aims to design and implement a smart phone data protection application based on a cloud computing platform to improve data security and prevent data loss and sensitive data leakage. In view of the current state of smart phone data security, on the basis of studying the platform and its development key technologies, mobile platform information security technology, backup strategy, encryption and decryption technology, and cloud computing technology, proprietary communication protocols and tunneling protocols are used. Comprehensive use of layered design, identity verification, and encryption to ensure the security of the transmission channel from both &quot;content encryption&quot; and &quot;channel encryption&quot;, and the security has increased by 7.6%.

Xiangyu Liu,Zhe Zhou,Wenrui Diao,Zhou Li,Kehuan Zhang

DOI: https://doi.org/10.1007/978-3-319-18467-8_36

2015-01-01

Abstract:With millions of apps provided from official and third-party markets, Android has become one of the most active mobile platforms in recent years. These apps facilitate people's lives in a broad spectrum of ways but at the same time touch numerous users' information, raising huge privacy concerns. To prevent leaks of sensitive information, especially from legitimate apps to malicious ones, developers are encouraged to store users' sensitive data into private folders which are isolated and securely protected. But for non-sensitive data, there is no specific guideline on how to manage them, and in many cases, they are simply stored on public storage which lacks fine-grained access control and is almost open to all apps.Such storage model appears to be capable of preventing privacy leaks, as long as the sensitive data are correctly identified and kept in private folders by app developers. Unfortunately, this is not true in reality. In this paper, we carry out a thorough study over a number of Android apps to examine how the sensitive data are handled, and the results turn out to be pretty alarming: most of the apps we surveyed fail to handle the data correctly, including extremely popular apps. Among these problematic apps, some directly store the sensitive data into public storage, while others leave non-sensitive data on public storage which could give out users' private information when being combined with data from other sources. An adversary can exploit these leaks to infer users' location, friends and other information without requiring any critical permission. We refer to both types of data as "non-shared" data, and argue that Android's storage model should be refined to protect the non-shared data if they are saved to public storage. In the end, we propose several approaches to mitigate such privacy leaks.

Xiangyu Liu,Zhe Zhou,Wenrui Diao,Zhou Li

DOI: https://doi.org/10.1201/9781315369648-14

2016-01-01

Abstract:Contents Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 5.2 Adversary Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 5.3 Overview of Android Storage Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 5.4 Survey on Information Leaks from Shared Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 995.4.1 Investigation of Popular Apps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 5.4.2 Investigation of Apps on a Large Scale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1055.5 Attacks Based on Nonobvious Sensitive Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 5.5.1 Attack Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 5.5.2 Inferring Your Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1085.5.2.1 Getting Users’ WeChat Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 5.5.2.2 Getting Users’ Profile Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1095.5.2.3 Comparing Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 5.5.2.4 Attack Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1105.5.3 Inferring Your Friends’ Identities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 5.5.4 Inferring Your Chatting Buddy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1125.6 Defense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 5.6.1 Existing Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 5.6.2 Mitigations at Android System Side . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 5.6.3 Mitigation at Android Application Side. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1155.6.3.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 5.6.3.2 Detect Vulnerable Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 5.6.3.3 Trace Back to Problem Origins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 5.6.3.4 Patch the Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1165.7 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 5.8 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1175.8.1 Harvesting Users’ Sensitive Data from Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 5.8.2 Inferring Users’ Information from Social Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 5.8.3 Protecting Users’ Privacy on Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1185.9 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Abstract With millions of apps that can be downloaded from official or third-party markets, Android has become one of the most popular mobile platforms today. These apps help people in all kinds of ways and thus have access to lots of user’s data that in general fall into three categories: sensitive data, data to be shared with other apps, and nonsensitive data not to be shared with others. For the first and second types of data, Android has provided very good storage models: an app’s private sensitive data are saved to its private folder that can only be accessed by the app itself, and the data to be shared are saved to public storage (either the external SD card or the emulated SD card area on internal flash memory). But for the last type, that is, an app’s private (nonshared) and nonsensitive data, we found that there is a big problem in Android’s current storage model that essentially encourages an app to save its nonsensitive private data to shared public storage that can be accessed freely by all other apps.

Wei Wang,Tao Zhou,Weili Han

DOI: https://doi.org/10.3969/j.issn.1000-386x.2016.08.067

2016-01-01

Abstract:Sensitive data and perception capacities in Android devices face severe security threats.Current security mechanism cannot efficiently protect the sensitive data of users and perception capacity of devices,because it only provides a coarse-grained access control on application level.Therefore,this paper proposes an access control enhancement mechanism for sensitive data and capacities in Android, which is based on cryptography and fine-grained security policy drive.First,with the help of key management and fine-grained encryption policy,it leverages a high-strength symmetric encryption algorithm to encrypt the sensitive data and this solves the secure storage problem of sensitive data;Then,the mechanism leverages a fine-grained security policy-based access control mechanism to control the access privilege of perception capacities on layer of Android platform to reach the goal of perception data protection.Through prototype system and performance testing,the proposed access control enhancement mechanism for sensitive data and capacity of Android is able to operate on current Android platform with acceptable performance.

Rui Chang,Liehui Jiang,Wenzhi Chen,Hong-qi He,Shuiqiao Yang,Hang Jiang,Wei Liu,Yong Liu

DOI: https://doi.org/10.1002/cpe.4180

2018-01-01

Abstract:This paper discusses security issues on the user equipment, which is the last mile of social networks. One of the main Achilles' heel of social networks is not the organization of networks themselves, but the user devices, typically Android ones. The existing system of privileges makes it easy to infiltrate the network via applications installed on users' devices. Conventional signature-based and static analysis methods are vulnerable. Access to privacy- and security-relevant parts of the application programming interface is controlled by the corresponding permission in a manifest file. While requesting access to permissions, it may offer opportunities to malicious codes, which will cause security issues. Few works among permission analysis, however, pay attention to the prevention of permission leakage on both hardware and software frameworks. In this paper we tackle the challenge of providing our multilayered permission-based security extension scheme on Android platforms. We propose a usage and access control model and an effective method of preventing permission leakage based on ARM TrustZone security extension mechanism. In contrast to previous work, the proposed security architecture provides a permission-based mandatory access control on Android middleware, Linux kernel, and hardware layers. The evaluation results demonstrate the effectiveness of the proposed scheme in mitigating permission leakage vulnerabilities.

Weixian Yao,Yexuan Li,Weiye Lin,Tianhui Hu,Imran Chowdhury,Rahat Masood,Suranga Seneviratne

DOI: https://doi.org/10.48550/arXiv.2007.03905

2020-07-08

Abstract:Third-party security apps are an integral part of the Android app ecosystem. Many users install them as an extra layer of protection for their devices. There are hundreds of such security apps, both free and paid in Google Play Store and some of them are downloaded millions of times. By installing security apps, the smartphone users place a significant amount of trust towards the security companies who developed these apps, because a fully functional mobile security app requires access to many smartphone resources such as the storage, text messages and email, browser history, and information about other installed applications. Often these resources contain highly sensitive personal information. As such, it is essential to understand the mobile security apps ecosystem to assess whether is it indeed beneficial to install them. To this end, in this paper, we present the first empirical study of Android security apps. We analyse 100 Android security apps from multiple aspects such as metadata, static analysis, and dynamic analysis and presents insights to their operations and behaviours. Our results show that 20% of the security apps we studied potentially resell the data they collect from smartphones to third parties; in some cases, even without the user consent. Also, our experiments show that around 50% of the security apps fail to identify malware installed on a smartphone.

Cryptography and Security

Zhengyang Qu,Guanyu Guo,Zhengyue Shao,Vaibhav Rastogi,Yan Chen,Hao Chen,Wangjun Hong

DOI: https://doi.org/10.1007/978-3-319-59608-2_1

2016-01-01

Abstract:Bring-your-own-device (BYOD) is getting popular. Diverse personal devices are used to access enterprise resources, and deployment of the solutions with customized operating system (OS) dependency will thus be restricted. Moreover, device utilization for both business and personal purposes creates new threats involving leakage of sensitive data. As for functionalities, a BYOD solution should isolate an arbitrary number of entities, such as those relating to business and personal uses and provide fine-grained access control on multi-entity management. Existing BYOD solutions lack in these aspects; we propose a system, called AppShield, which supports multi-entity management and role-based access control with file-level granularity, apart from local data sharing/isolation. AppShield includes (1) application rewriting framework for Android apps, which builds Mobile Application Management (MAM) features into app automatically with complete mediation, (2) cross-platform proxy-based data access mechanism, which can enforce arbitrary access control policies. The fully functional controller with data proxy is implemented for both Android and iOS. AppShield allows for enterprise policy management without modifying device OS. The evaluation shows that AppShield is successful at policy enforcement and is reliable. It induces little impact on application’s performance and size, for example, our app rewriting introduces less than 5% code size increment in over 95% apps in our evaluation.

Maximilian Zinkus,Tushar M. Jois,Matthew Green

DOI: https://doi.org/10.48550/arXiv.2105.12613

2021-05-26

Abstract:In this work we present definitive evidence, analysis, and (where needed) speculation to answer the questions, (1) Which concrete security measures in mobile devices meaningfully prevent unauthorized access to user data? (2) In what ways are modern mobile devices accessed by unauthorized parties? (3) How can we improve modern mobile devices to prevent unauthorized access? We examine the two major platforms in the mobile space, iOS and Android, and for each we provide a thorough investigation of existing and historical security features, evidence-based discussion of known security bypass techniques, and concrete recommendations for remediation. We then aggregate and analyze public records, documentation, articles, and blog postings to categorize and discuss unauthorized bypass of security features by hackers and law enforcement alike. We provide in-depth analysis of the data potentially accessed via law enforcement methodologies from both mobile devices and associated cloud services. Our fact-gathering and analysis allow us to make a number of recommendations for improving data security on these devices. The mitigations we propose can be largely summarized as increasing coverage of sensitive data via strong encryption, but we detail various challenges and approaches towards this goal and others. It is our hope that this work stimulates mobile device development and research towards security and privacy, provides a unique reference of information, and acts as an evidence-based argument for the importance of reliable encryption to privacy, which we believe is both a human right and integral to a functioning democracy.

Cryptography and Security,Computers and Society

Rui Chang,Liehui Jiang,Wenzhi Chen,Hongqi He,Shuiqiao Yang

DOI: https://doi.org/10.1109/cit.2016.14

2016-01-01

Abstract:As the number of smart devices continues to grow dramatically, programmes and data handled by such smart devices have become the primary targets of hackers and malwares. ARM-Android is the most widespread platform for smart devices. Access to privacy-and security-relevant parts of the API is controlled by the corresponding permission in a manifest. However, while requesting access to permissions, these applications may offer opportunities to malicious codes to gain access to other inaccessible resources which will cause a series of security issues. Recently, many researchers focus on the permission-based mechanism which restricts accesses of users and applications to critical resources on an ARM-Android device. Few works among permission analysis, however, pay attention to the prevention of permission leakage on both hardware and software frameworks. In this paper we tackle the challenge of providing our permission-based security architecture on ARM-Android platform. We propose an usage and access control model and an effective method of preventing permission leakage based on ARM TrustZone security extension. In contrast to previous work, the proposed security architecture provides a flexible mandatory access control on Android middleware, Linux kernel, and hardware layers. The evaluation results demonstrate the effectiveness in mitigating permission leakage vulnerabilities.

Shaoyong Du,Pengxiong Zhu,Jingyu Hua,Zhiyun Qian,Zhao Zhang,Xiaoyu Chen,Sheng Zhong

DOI: https://doi.org/10.1109/tdsc.2018.2889486

2021-01-01

Abstract:Android shared storage is shared with all the applications (apps for short) and the user. It is common to see that a large amount of apps store different kinds of files on it. It is well known that apps granted the read or write permissions can freely access any files in the shared storage. As a consequence, the shared storage has been demonstrated to expose sensitive information and jeopardize users' privacy. In this paper, we systematically study a simple but overlooked threat related to the shared storage-the lack of input validation (e.g., integrity verifications) when consuming files on the shared storage. We argue that the untrusted input from the shared storage is a much ubiquitous problem. By undertaking an empirically study through a static analysis tool we develop, we find over 30 percent of the 13,746 analyzed popular apps on the market suffer from such problem. By investigating the types of files consumed, we find shockingly a large fraction of apps store and consume sensitive files, which allows us to construct end-to-end attacks. Considering the ubiquity of this class of vulnerabilities, we finally define better access control policies for external storage to eliminate them for most apps.

Yang Xu,Ju Ren,Yaoxue Zhang,Guojun Wang

DOI: https://doi.org/10.1109/ispa/iucc.2017.00116

2017-01-01

Abstract:Android is the world's most popular mobile platform. Nevertheless, in spite of continuous efforts on its permission system, it is still incapable of resisting privilege escalation attacks, specially, the confused deputy attacks on numerous poor-designed applications. Worse yet, most existing security solutions become costly or rigid in recent Android dynamic permission environment. In this paper, we proposed a flexible and efficient security extension to Android middleware for protecting the vulnerable privileged applications from being abused by malwares in the dynamic permission scenario. Our framework maintains fresh permission states of applications at runtime and enforces access control on inter-component communications conservatively by checking the capability differences between applications, so as to provide more precise and temperate protection for applications. Moreover, we also introduced an efficient cache mechanism together with an optimized proactive updating method for decisions, which contributes significantly to improving the inspection efficiency. Finally, experimental results reveal that our framework is effective and adaptable in defending against confused deputy attacks on applications with negligible overhead and limited impact on application usability.

Ang Li,David Darling,Qinghua Li

DOI: https://doi.org/10.48550/arXiv.1810.01046

2018-10-02

Cryptography and Security

Abstract:Nowadays many people store photos in smartphones. Many of the photos contain sensitive, private information, such as a photocopy of driver's license and credit card. An arising privacy concern is with the unauthorized accesses to such private photos by installed apps. Coarse-grained access control systems such as the Android permission system offer all-or-nothing access to photos stored on smartphones, and users are unaware of the exact behavior of installed apps. Our analysis finds that 82% of the top 200 free apps in a popular Android app store have complete access to stored photos and network on a user's smartphone, which indicates possible private photo leakage. In addition, our user survey reveals that 87.5% of the 112 respondents are not aware that certain apps can access their photos without informing users, and all the respondents believe that the stored photos on their smartphones contain different types of private information. Hence, we propose PhotoSafer, a content-based, context-aware private photo protection system for Android phones. PhotoSafer can detect private photos based on photo content with a well-trained deep convolutional neural network, and control access to photos based on system status (e.g., screen locked or not) and app-running status (e.g., app in the background). Evaluations demonstrate that PhotoSafer can accurately identify private photos in real time. The efficacy and efficiency of the implemented prototype system show the potential for practical use.

Wenna Song,Jiang Ming,Lin Jiang,Han Yan,Yi Xiang,Yuan Chen,Jianming Fu,Guojun Peng

DOI: https://doi.org/10.48550/arXiv.2103.03511

2021-03-30

Abstract:Limited by the small keyboard, most mobile apps support the automatic login feature for better user experience. Therefore, users avoid the inconvenience of retyping their ID and password when an app runs in the foreground again. However, this auto-login function can be exploited to launch the so-called "data-clone attack": once the locally-stored, auto-login depended data are cloned by attackers and placed into their own smartphones, attackers can break through the login-device number limit and log in to the victim's account stealthily. A natural countermeasure is to check the consistency of devicespecific attributes. As long as the new device shows different device fingerprints with the previous one, the app will disable the auto-login function and thus prevent data-clone attacks. In this paper, we develop VPDroid, a transparent Android OS-level virtualization platform tailored for security testing. With VPDroid, security analysts can customize different device artifacts, such as CPU model, Android ID, and phone number, in a virtual phone without user-level API hooking. VPDroid's isolation mechanism ensures that user-mode apps in the virtual phone cannot detect device-specific discrepancies. To assess Android apps' susceptibility to the data-clone attack, we use VPDroid to simulate data-clone attacks with 234 most-downloaded apps. Our experiments on five different virtual phone environments show that VPDroid's device attribute customization can deceive all tested apps that perform device-consistency checks, such as Twitter, WeChat, and PayPal. 19 vendors have confirmed our report as a zero-day vulnerability. Our findings paint a cautionary tale: only enforcing a device-consistency check at client side is still vulnerable to an advanced data-clone attack.

Cryptography and Security

Yunxin Liu,Ahmad Rahmati,Yuanhe Huang,Hyukjae Jang,Lin Zhong,Yongguang Zhang,Shensheng Zhang

DOI: https://doi.org/10.1145/1555816.1555819

2009-01-01

Abstract:Loaded with personal data, e.g. photos, contacts, and call history, mobile phones are truly personal devices. Yet it is often necessary or desirable to share our phones with others. This is especially true as mobile phones are integrating features conventionally provided by other dedicated devices, from MP3 players to games consoles. Unfortunately, when we lend our phones to others, we give away complete access because existing phones assume a single user and provide little protection for private data and applications. In this work, we present xShare, a protection solution to address this problem. xShare allows phone owners to rapidly specify what they want to share and place the phone into a restricted mode where only the data and applications intended for sharing can be accessed.We first present findings from two motivational user studies based on which we provide the design requirements of xShare. We then present the design of xShare based on file-level access control. We describe the implementation of xShare on Windows Mobile and report a comprehensive usability evaluation of the implementation, including measurements and user studies. The evaluation demonstrates that our xShare implementation has negligible overhead for interactive phone usage, is extremely favored by mobile users, and provides robust protection against attacks by experienced Windows Mobile users and developers.

Yang Xu,Guojun Wang,Ju Ren,Yaoxue Zhang

DOI: https://doi.org/10.1016/j.future.2018.09.042

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:Android is a successful mobile platform with a thriving application ecosystem. However, despite its security precautions like permission mechanism, it is still vulnerable to privilege escalation threats and particularly confused deputy attacks that exploit the permission leak vulnerabilities of Android applications. Worse, most existing detection and protection techniques have become costly and unresponsive in current Android dynamic permission environments. In this paper, we propose a configurable Android security framework to prevent the exploitation of permission leak vulnerabilities of third-party applications via confused deputy attacks. Our framework collects the runtime states of applications and enforces policy and capability-based access control to restrain riskful inter-application communications, so as to provide more responsive, adaptive, and flexible application protection. Besides, our framework provides users with a flexible runtime policy configuration together with a complementary security mechanism to mitigate risks induced by inappropriate policies. Additionally, we present a sophisticated access decision cache system with a proactive maintenance method that ensures the efficiency and dependability of decision services. Theoretical analysis and experimental evaluation demonstrate that our approach provides configurable and effective protections for third-party applications against permission leak vulnerabilities at small performance and usability costs.

Uri Kanonov,Avishai Wool

DOI: https://doi.org/10.48550/arXiv.1605.08567

2016-05-27

Cryptography and Security

Abstract:Bring Your Own Device (BYOD) is a growing trend among enterprises, aiming to improve workers' mobility and productivity via their smartphones. The threats and dangers posed by the smartphones to the enterprise are also ever-growing. Such dangers can be mitigated by running the enterprise software inside a "secure container" on the smartphone. In our work we present a systematic assessment of security critical areas in design and implementation of a secure container for Android using reverse engineering and attacker-inspired methods. We do this through a case-study of Samsung KNOX, a real-world product deployed on millions of devices. Our research shows how KNOX security features work behind the scenes and lets us compare the vendor's public security claims against reality. Along the way we identified several design weaknesses and a few vulnerabilities that were disclosed to Samsung.