Yajin Zhou,Xuxian Jiang

2013-01-01

Abstract:In this paper, we systematically study two vulnerabilities and their presence in existing Android applications (or “apps”). These two vulnerabilities are rooted in an unprotected Android component, i.e., content provider, inside vulnerable apps. Because of the lack of necessary access control enforcement, affected apps can be exploited to either passively disclose various types of private in-app data or inadvertently manipulate certain security-sensitive in-app settings or configurations that may subsequently cause serious system-wide side effects (e.g., blocking all incoming phone calls or SMS messages). To assess the prevalence of these two vulnerabilities, we analyze 62, 519 apps collected in February 2012 from various Android markets. Our results show that among these apps, 1, 279 (2.0%) and 871 (1.4%) of them are susceptible to these two vulnerabilities, respectively. In addition, we find that 435 (0.7%) and 398 (0.6%) of them are accessible from official Google Play and some of them are extremely popular with more than 10, 000, 000 installs. The presence of a large number of vulnerable apps in popular Android markets as well as the variety of private data for leaks and manipulation reflect the severity of these two vulnerabilities. To address them, we also explore and examine possible mitigation solutions.

Xiangyu Liu,Zhe Zhou,Wenrui Diao,Zhou Li,Kehuan Zhang

DOI: https://doi.org/10.1007/978-3-319-18467-8_36

2015-01-01

Abstract:With millions of apps provided from official and third-party markets, Android has become one of the most active mobile platforms in recent years. These apps facilitate people's lives in a broad spectrum of ways but at the same time touch numerous users' information, raising huge privacy concerns. To prevent leaks of sensitive information, especially from legitimate apps to malicious ones, developers are encouraged to store users' sensitive data into private folders which are isolated and securely protected. But for non-sensitive data, there is no specific guideline on how to manage them, and in many cases, they are simply stored on public storage which lacks fine-grained access control and is almost open to all apps.Such storage model appears to be capable of preventing privacy leaks, as long as the sensitive data are correctly identified and kept in private folders by app developers. Unfortunately, this is not true in reality. In this paper, we carry out a thorough study over a number of Android apps to examine how the sensitive data are handled, and the results turn out to be pretty alarming: most of the apps we surveyed fail to handle the data correctly, including extremely popular apps. Among these problematic apps, some directly store the sensitive data into public storage, while others leave non-sensitive data on public storage which could give out users' private information when being combined with data from other sources. An adversary can exploit these leaks to infer users' location, friends and other information without requiring any critical permission. We refer to both types of data as "non-shared" data, and argue that Android's storage model should be refined to protect the non-shared data if they are saved to public storage. In the end, we propose several approaches to mitigate such privacy leaks.

Shaoyong Du,Pengxiong Zhu,Jingyu Hua,Zhiyun Qian,Zhao Zhang,Xiaoyu Chen,Sheng Zhong

2019-01-01

Abstract:Android shared storage is shared with all the applications (apps for short) and the user. It is common to see that a large amount of apps store different kinds of files on it. It is well known that apps granted the read or write permissions can freely access any files in the shared storage. As a consequence, the shared storage has been demonstrated to expose sensitive information and jeopardize users’ privacy. In this paper, we systematically study a simple but overlooked threat related to the shared storage — the lack of input validation (e.g., integrity verifications) when consuming files on the shared storage. We argue that the untrusted input from the shared storage is a much ubiquitous problem. By undertaking an empirically study through a static analysis tool we develop, we find over 30% of the 13,746 analyzed popular apps on the market suffer from such problem. By investigating the types of files consumed, we find shockingly a large fraction of apps store and consume sensitive files, which allows us to construct end-to-end attacks. Considering the ubiquity of this class of vulnerabilities, we finally define better access control policies for external storage to eliminate them for most apps.

Xiangyu Liu,Zhe Zhou,Wenrui Diao,Zhou Li

DOI: https://doi.org/10.1201/9781315369648-14

2016-01-01

Abstract:Contents Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 5.2 Adversary Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 5.3 Overview of Android Storage Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 5.4 Survey on Information Leaks from Shared Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 995.4.1 Investigation of Popular Apps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 5.4.2 Investigation of Apps on a Large Scale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1055.5 Attacks Based on Nonobvious Sensitive Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 5.5.1 Attack Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 5.5.2 Inferring Your Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1085.5.2.1 Getting Users’ WeChat Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 5.5.2.2 Getting Users’ Profile Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1095.5.2.3 Comparing Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 5.5.2.4 Attack Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1105.5.3 Inferring Your Friends’ Identities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 5.5.4 Inferring Your Chatting Buddy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1125.6 Defense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 5.6.1 Existing Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 5.6.2 Mitigations at Android System Side . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 5.6.3 Mitigation at Android Application Side. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1155.6.3.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 5.6.3.2 Detect Vulnerable Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 5.6.3.3 Trace Back to Problem Origins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 5.6.3.4 Patch the Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1165.7 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 5.8 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1175.8.1 Harvesting Users’ Sensitive Data from Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 5.8.2 Inferring Users’ Information from Social Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 5.8.3 Protecting Users’ Privacy on Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1185.9 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Abstract With millions of apps that can be downloaded from official or third-party markets, Android has become one of the most popular mobile platforms today. These apps help people in all kinds of ways and thus have access to lots of user’s data that in general fall into three categories: sensitive data, data to be shared with other apps, and nonsensitive data not to be shared with others. For the first and second types of data, Android has provided very good storage models: an app’s private sensitive data are saved to its private folder that can only be accessed by the app itself, and the data to be shared are saved to public storage (either the external SD card or the emulated SD card area on internal flash memory). But for the last type, that is, an app’s private (nonshared) and nonsensitive data, we found that there is a big problem in Android’s current storage model that essentially encourages an app to save its nonsensitive private data to shared public storage that can be accessed freely by all other apps.

Yajin Zhou,Kapil Singh,Xuxian Jiang

DOI: https://doi.org/10.1007/978-3-319-08593-7_4

2014-01-01

Abstract:Modern smartphone apps tend to contain and use vast amounts of data that can be broadly classified as structured and unstructured. Structured data, such as an user's geolocation, has predefined semantics that can be retrieved by well-defined platform APIs. Unstructured data, on the other hand, relies on the context of the apps to reflect its meaning and value, and is typically provided by the user directly into an app's interface. Recent research has shown that third-party apps are leaking highly-sensitive unstructured data, including user's banking credentials. Unfortunately, none of the current solutions focus on the protection of unstructured data. In this paper, we propose an owner-centric solution to protect unstructured data on smartphones. Our approach allows the data owners to specify security policies when providing their untrusted data to third-party apps. It tracks the flow of information to enforce the owner's policies at strategic exit points. Based on this approach, we design and implement a system, called <Literal>DataChest</Literal>. We develop several mechanisms to reduce user burden and keep interruption to the minimum, while at the same time preventing the malicious apps from tricking the user. We evaluate our system against a set of real-world malicious apps and a series of synthetic attacks to show that it can successfully prevent the leakage of unstructured data while incurring reasonable performance overhead.

Weili Han,Chang Cao,Hao Chen,Dong Li,Zheran Fang,Wenyuan Xu,X. Sean Wang

DOI: https://doi.org/10.1109/tdsc.2017.2768536

2020-01-01

Abstract:Sensors are widely used in modern mobile devices (e.g., smartphones, watches) and may gather abundant information from environments as well as about users, e.g., photos, sounds and locations. The rich set of sensor data enables various applications (e.g., health monitoring) and personalized apps as well. However, the powerful sensing abilities provide opportunities for attackers to steal both personal sensitive data and commercial secrets like never before. Unfortunately, the current design of smart devices only provides a coarse access control on sensors and does not have the capability to audit sensing. We argue that knowing how often the sensors are accessed and how much sensor data are collected is the first-line defense against sensor data breach. Such an ability is yet to be designed. In this paper, we propose a framework that allows users to acquire sensor data usages. In particular, we leverage a hook-based track method to track sensor accesses. Thus, with no need to change the source codes of the Android system and applications, we can intercept sensing operations to graphic sensors, audio sensors, location sensors, and standard sensors, and audit them from four aspects: flow audit, frequency audit, duration audit and invoker audit. Then, we implement a prototype, referred to as senDroid, which visually shows the quantitative usages of these sensors in real time at a performance overhead of [0.04-8.05] percent. senDroid allows Android users to audit the applications even when they bypass the Android framework via JNI invocations or when the malicious codes are dynamically loaded from the server side. Our empirical study on 1,489 popular apps in three well-known Android app markets shows that 26.32 percent apps access sensors when the apps are launched, and 11.01 percent apps access sensors while the apps run in the background. Furthermore, we analyze the relevance between sensor usage patterns and third-party libraries, and reverse-engineering on suspicious third-party libraries shows that 77.27 percent apps access sensors via third-party libraries. Our results call attentions to address the users' privacy concerns caused by sensor access.

Hao Zhang,Zhuolin Li,Hossain Shahriar,Dan Lo,Fan Wu,Ying Qian

DOI: https://doi.org/10.1109/compsac.2019.00143

2019-01-01

Abstract:Insecure data storage may open a door to malicious malware to steal users' and system sensitive information. These problems may due to developer negligence or lack of security knowledge. Android developers use various storage methods to store data. However, Attackers have attacked these vulnerable data storage. Although the developers have modified the apps after knowing the vulnerability, the user's personal information has been leaked and caused serious consequences. As a result, instead of patching and fixing the vulnerability, we should conduct proactive control for secure Android data storage. In this paper, we analyzed Android external storage vulnerability and discussed the prevention solutions to prevent sensitive information in external storage from disclosure.

Yajin Zhou,Kapil Singh,Xuxian Jiang

DOI: https://doi.org/10.1109/noms.2016.7502850

2016-01-01

Abstract:Mobile apps continue to consume increasing amounts of sensitive data, such as banking credentials and classified documents. At the same time, the number of smartphone thefts is increasing at a rapid speed. As a result, there is an imperative need to protect sensitive data on lost or stolen mobile devices. In this work, we develop a practical solution to protect sensitive data on mobile devices. Our solution enables adaptive protection by pro-actively stepping up or stepping down data security based on perceived contextual risk of the device. We realize our solution for the Android platform in the form of a system called AppShell. AppShell does not require root privilege, nor need any modification to the underlying framework, and hence is a ready-to-deploy solution. It supports both in-memory and on-disk data protection by transparently encrypting the data, and discarding the encryption key, when required, for enhanced protection. We implement a working prototype of AppShell and evaluate it against several popular Android apps. Our results show that AppShell can successfully protect sensitive data in the lost devices with a reasonable performance overhead.

Yajin Zhou,Kunal Patel,Lei Wu,Zhi Wang,Xuxian Jiang

DOI: https://doi.org/10.1145/2714576.2714598

2015-01-01

Abstract:ABSTRACTUsers of Android phones increasingly entrust personal information to third-party apps. However, recent studies reveal that many apps, even benign ones, could leak sensitive information without user awareness or consent. Previous solutions either require to modify the Android framework thus significantly impairing their practical deployment, or could be easily defeated by malicious apps using a native library. In this paper, we propose AppCage, a system that thoroughly confines the run-time behavior of third-party Android apps without requiring framework modifications or root privilege. AppCage leverages two complimentary user-level sandboxes to interpose and regulate an app's access to sensitive APIs. Specifically, dex sandbox hooks into the app's Dalvik virtual machine instance and redirects each sensitive framework API to a proxy which strictly enforces the user-defined policies, and native sandbox leverages software fault isolation to prevent the app's native libraries from directly accessing the protected APIs or subverting the dex sandbox. We have implemented a prototype of AppCage. Our evaluation shows that AppCage can successfully detect and block attempts to leak private information by third-party apps, and the performance overhead caused by AppCage is negligible for apps without native libraries and minor for apps with them.

Weixian Yao,Yexuan Li,Weiye Lin,Tianhui Hu,Imran Chowdhury,Rahat Masood,Suranga Seneviratne

DOI: https://doi.org/10.48550/arXiv.2007.03905

2020-07-08

Abstract:Third-party security apps are an integral part of the Android app ecosystem. Many users install them as an extra layer of protection for their devices. There are hundreds of such security apps, both free and paid in Google Play Store and some of them are downloaded millions of times. By installing security apps, the smartphone users place a significant amount of trust towards the security companies who developed these apps, because a fully functional mobile security app requires access to many smartphone resources such as the storage, text messages and email, browser history, and information about other installed applications. Often these resources contain highly sensitive personal information. As such, it is essential to understand the mobile security apps ecosystem to assess whether is it indeed beneficial to install them. To this end, in this paper, we present the first empirical study of Android security apps. We analyse 100 Android security apps from multiple aspects such as metadata, static analysis, and dynamic analysis and presents insights to their operations and behaviours. Our results show that 20% of the security apps we studied potentially resell the data they collect from smartphones to third parties; in some cases, even without the user consent. Also, our experiments show that around 50% of the security apps fail to identify malware installed on a smartphone.

Cryptography and Security

Shuai Li,Zhemin Yang,Nan Hua,Peng Liu,Xiaohan Zhang,Guangliang Yang,Min Yang

DOI: https://doi.org/10.1145/3548606.3559371

2022-01-01

Abstract:ABSTRACTRecent years have witnessed the interesting trend that modern mobile apps perform more and more likely as user-to-user platforms, where app users can be freely and conveniently connected. Upon these platforms, rich and diverse data is often delivered across users, which brings users great conveniences and plentiful services, but also introduces privacy security concerns. While prior work has primarily studied illegitimate personal data collection problems in mobile apps, few paid little attention to the security of this emerging user-to-user platform feature, thus providing a rather limited understanding of the privacy risks in this aspect. In this paper, we focus on the security of the user-to-user platform feature and shed light on its caused insufficiently-studied but critical privacy risk, which is brought forward by cross-user personal data over-delivery (denoted as XPO). For the first time, this paper reveals the landscape of such XPO risk in wild, along with prevalence and severity assessment. To achieve this, we design a novel automated risk detection framework, named XPOChecker, that leverages the advantages of machine learning and program analysis to extensively and precisely identify potential privacy risks during user-to-user connections, and regulate whether the delivered data is legitimate or not. By applying XPOChecker on 13,820 real-world popular Android apps, we find that XPO is prevalent in practice, with 1,902 apps (13.76%) being affected. In addition to the mere exposure of diverse private user data which causes serious and broad privacy infringement, we demonstrate that the XPO exploits can invalidate privacy preservation mechanisms, leak business secrets, and even restore the sensitive membership of victims which potentially poses personal safety threats. Furthermore, we also confirm the existence of XPO risks in iOS apps for the first time. Last, to help understand and prevent XPO, we have responsibly launched two notification campaigns to inform the developers of the affected apps, with the conclusion of five underlying lessons from developers' feedback. We hope our work can make up for the deficiency of the understandings of XPO, help developers avoid XPO, and motivate further researches.

Yue-heng Zhang,Jun-liang Shu,Juan-ru Li,Qing Wang,Da-wu Gu

DOI: https://doi.org/10.12783/dtcse/wcne2016/5089

2017-01-01

DEStech Transactions on Computer Science and Engineering

Abstract:Android apps rely on secure communication protocol to prove the confidentiality of sensitive data transmission. However, inexperienced developers tend to adopt insecure communication and introduce security risks. To study how prevalent the insecure communication protocols are used by real world Android apps, we conducted an in-depth analysis to examine popular apps from Google Play and MyApp Android app market. We collect 435 apps from major categories, such as gaming, shopping and social networks, and we monitored the communication of those apps and classified their used protocols into three categories: secure, insecure, and proprietary. Then we investigated those proprietary ones to find potential insecure implementation. We designed and implemented RawDroid, a protocol audit system combining network monitoring and program analysis technique to systematically inspect the security of proprietary protocol. We found that a large number of developers frequently use non-standard proprietary protocols. Among all analyzed apps, our security audit revealed that 36.7% apps adopted a proprietary protocol, and all those proprietary protocols fail to achieve confidentiality: some of them send sensitive data in the form of plaintext to servers; some misuse cryptographic algorithms and lead to the exposure of transferred privacy even if the content is encrypted. We believe this kind of protocols pose great security threats to Android ecosystem.

Min Yang,Jianjun Zhang

2012-01-01

Abstract:Most mobile devices are now based on the Android operating system platform with almost all applications(called apps) downloaded from a few centralized software distribution sites,called marketplaces.However,the lack of effective security vetting mechanisms as well as the Android openness means that the marketplaces may unintentionally be hosting many apps developed by third parties who intend to manipulate and collect user privacy data for a variety of purposes.This paper reports an empirical study of the privacy leakage problem for about 330 of the most popular apps from seven representative Android marketplaces in China.A two-step process was used to minimize false alarms with each app initially examined by a static analysis tool and,if this examination reported suspicious code segments,the app was then tracked dynamically within a controlled run-time environment to identify the actual privacy leakage.The evaluation results show that more than 58% of the apps lead privacy data without user consent.

Daojing He,Shihao Li,Cong Li,Sencun Zhu,Sammy Chan,Weidong Min,Nadra Guizani

DOI: https://doi.org/10.1109/mnet.011.2000025

IF: 10.294

2020-01-01

IEEE Network

Abstract:As digital currency wallets are gaining popularity, security incidents related to them are also increasing. They lead to the disclosure of users' private information and security threats of users' assets. This article analyzes the security risks of digital wallets in Android, which is the most popular mobile operating system. it first establishes the threat model and the security goals, and then analyzes the attack surface and attack vectors from the aspects of wallet apps and the Android system. Experiments are conducted on two realworld digital currency wallet apps, and the results reveal several serious security risks in these apps, which highlight the necessity and importance of developing secure cryptocurrency wallets.

Xueqiang Wang,Yifan Zhang,XiaoFeng Wang,Yan Jia,Luyi Xing

2023-01-01

Abstract:Malicious third-party libraries have become a major source of security risks to the Android software supply chain. A recent study shows that a malicious library could harvest data from other libraries hosted in the same app via unauthorized API accesses. However, it is unclear whether third-party libraries could still pose a threat to other libraries after their code and APIs are thoroughly vetted for security. A third-party Android library often contains diverse resources to support its operations. These resources, along with resources from other libraries, are managed by the Android resource compiler (ARC) during the app build process. ARC needs to mediate the resources in case multiple libraries have duplicate resources. In this paper, we report a new attack surface on the Android app supply chain: duplicate resource mismediation (Duress). This attack surface provides an opportunity for attackers to contaminate security- and privacy-sensitive resources of a victim library by exploiting ARC, using duplicate resources in malicious libraries. Our attack cases demonstrate that with several effective attack strategies, an attacker can stealthily mislead the victim library and its users to expose sensitive data, and lower down the security protections, etc. Further, we conduct the first systematic study to understand the impacts of Duress risks. Our study has brought to light the pervasiveness of the Duress risks in third-party libraries: an analysis of over 23K libraries and 150K apps discovered that 18.4% libraries have sensitive resources that are exposed to Duress risks, 25.7% libraries have duplicate sensitive resources with other libraries, i.e., integration risks, and over 400 apps in the wild are affected by potential occurrences of Duress, etc. To mitigate the risks, we discuss a lightweight and compile-time resource isolation method to prevent malicious libraries from contaminating the sensitive resources of other libraries.

Jiangrong Wu,Yuhong Nan,Luyi Xing,Jiatao Cheng,Zimin Lin,Zibin Zheng,Min Yang

DOI: https://doi.org/10.14722/ndss.2024.24138

2024-01-01

Abstract:Cross-app content sharing is one of the prominent features widely used in mobile apps.For example, a short video from one app can be shared to another (e.g., a messaging app) and further viewed by other users.In many cases, such Crossapp content sharing activities could have privacy implications for both the sharer and sharee, such as exposing app users' personal interests.In this paper, we provide the first in-depth study on the privacy implications of Cross-app content sharing (as we call Cracs) activities in the mobile ecosystem.Our research showed that during the sharing process, the adversary can not only track and infer user interests as traditional web trackers but also cause other severe privacy implications to app users.More specifically, due to multiple privacy-intrusive designs and implementations of Cracs, an adversary can easily reveal a user's social relations to an outside party, or unnecessarily expose user identities and her associated personal data (e.g., user accounts in another app).Such privacy implications are indeed a concern for app users, as confirmed by a user study we have performed with 300 participants.To further evaluate the impact of our identified privacy implications at large, we have designed an automatic pipeline named Shark, combined with static analysis and dynamic analysis to effectively identify whether a given app introduces unnecessary data exposure in Cracs.We analyzed 300 top downloaded apps collected from app stores in both the US and China.The analysis results showed that over 55% of the apps from China and 10% from the US are indeed problematic.

Luyi Xing,Xiaolong Bai,Tongxin Li,XiaoFeng Wang,Kai Chen,Xiaojing Liao,Shi-Min Hu,Xinhui Han

DOI: https://doi.org/10.48550/arXiv.1505.06836

2015-05-26

Abstract:On modern operating systems, applications under the same user are separated from each other, for the purpose of protecting them against malware and compromised programs. Given the complexity of today's OSes, less clear is whether such isolation is effective against different kind of cross-app resource access attacks (called XARA in our research). To better understand the problem, on the less-studied Apple platforms, we conducted a systematic security analysis on MAC OS~X and iOS. Our research leads to the discovery of a series of high-impact security weaknesses, which enable a sandboxed malicious app, approved by the Apple Stores, to gain unauthorized access to other apps' sensitive data. More specifically, we found that the inter-app interaction services, including the keychain, WebSocket and NSConnection on OS~X and URL Scheme on the MAC OS and iOS, can all be exploited by the malware to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote. Further, the design of the app sandbox on OS~X was found to be vulnerable, exposing an app's private directory to the sandboxed malware that hijacks its Apple Bundle ID. As a result, sensitive user data, like the notes and user contacts under Evernote and photos under WeChat, have all been disclosed. Fundamentally, these problems are caused by the lack of app-to-app and app-to-OS authentications. To better understand their impacts, we developed a scanner that automatically analyzes the binaries of MAC OS and iOS apps to determine whether proper protection is missing in their code. Running it on hundreds of binaries, we confirmed the pervasiveness of the weaknesses among high-impact Apple apps. Since the issues may not be easily fixed, we built a simple program that detects exploit attempts on OS~X, helping protect vulnerable apps before the problems can be fully addressed.

Cryptography and Security

Jice Wang,Yue Xiao,Xueqiang Wang,Yuhong Nan,Luyi Xing,Xiaojing Liao,JinWei Dong,Nicolas Serrano,Haoran Lu,XiaoFeng Wang,Yuqing Zhang

2021-01-01

Abstract:Recent years have witnessed the rise of security risks of libraries integrated in mobile apps, which are reported to steal private user data from the host apps and the app backend servers. Their security implications, however, have never been fully understood. In our research, we brought to light a new attack vector long been ignored yet with serious privacy impacts - malicious libraries strategically target other vendors' SDKs integrated in the same host app to harvest private user data (e.g., Facebook's user profile). Using a methodology that incorporates semantic analysis on an SDK's Terms of Services (ToS, which describes restricted data access and sharing policies) and code analysis on cross-library interactions, we were able to investigate 1.3 million Google Play apps and the ToSes from 40 highly-popular SDKs, leading to the discovery of 42 distinct libraries stealthily harvesting data from 16 popular SDKs, which affect more than 19K apps with a total of 9 billion downloads. Our study further sheds light on the underground ecosystem behind such library-based data harvesting (e.g., monetary incentives for SDK integration), their unique strategies (e.g., hiding data in crash reports and using C2 server to schedule data exfiltration) and significant impacts.

Andrei Bytes,Jay Prakash,Jianying Zhou,Tony Q.S. Quek

DOI: https://doi.org/10.48550/arXiv.2002.03144

2020-04-26

Abstract:The number of active users of Wi-Fi Direct Device-to-Device file sharing applications on Android has exceeded 1.8 billion. Wi-Fi Direct, also known as Wi-Fi P2P, is commonly used for peer-to-peer, high-speed file transfer between mobile devices, as well as a close proximity connection mode for wireless cameras, network printers, TVs and other IoT and mobile devices. For its end users, such type of direct file transfer does not incur cellular data charges. However, despite the popularity of such applications, we observe that the software vendors tend to prioritize the ease of user flow over the security in their implementations, which leads to serious security flaws. We perform a comprehensive security analysis in the context of security and usability and report our findings in the form of 17 Common Vulnerabilities and Exposures (CVE) which have been disclosed to the corresponding vendors. To address the similar flaws at the early stage of the application design, we propose a joint consideration of security and usability for such applications and their protocols that can be visualized in form of a customised User Journey Map (UJM).

Cryptography and Security,Human-Computer Interaction,Networking and Internet Architecture

Mario Linares-Vasquez,Gabriele Bavota,Camilo Escobar-Velasquez

DOI: https://doi.org/10.48550/arXiv.1704.03356

2017-04-11

Abstract:Mobile devices are used more and more in everyday life. They are our cameras, wallets, and keys. Basically, they embed most of our private information in our pocket. For this and other reasons, mobile devices, and in particular the software that runs on them, are considered first-class citizens in the software-vulnerabilities landscape. Several studies investigated the software-vulnerabilities phenomenon in the context of mobile apps and, more in general, mobile devices. Most of these studies focused on vulnerabilities that could affect mobile apps, while just few investigated vulnerabilities affecting the underlying platform on which mobile apps run: the Operating System (OS). Also, these studies have been run on a very limited set of vulnerabilities. In this paper we present the largest study at date investigating Android-related vulnerabilities, with a specific focus on the ones affecting the Android OS. In particular, we (i) define a detailed taxonomy of the types of Android-related vulnerability; (ii) investigate the layers and subsystems from the Android OS affected by vulnerabilities; and (iii) study the survivability of vulnerabilities (i.e., the number of days between the vulnerability introduction and its fixing). Our findings could help OS and apps developers in focusing their verification & validation activities, and researchers in building vulnerability detection tools tailored for the mobile world.

Software Engineering,Cryptography and Security