Language Based Security for Smartphones

redlemonbalmMobile - Wireless

Dec 10, 2013 (3 years and 6 months ago)


Language Based Security for Smartphones
Ashish Mishra Y N Srikant Aditya Kanade
Computer Science and Automation
Indian Institute of Science
Install time permission model used in Android,may provide
users a control over their privacy and security and may reduce
the impact of bugs and vulnerabilities in applications,however
such a model becomes ineffective if users are uninformed about
the behavior of these applications and their potential harms
once an application is allowed to be installed.In absence of this
information,users base their decision on various other unsound
factors,like applications popularity,other user’s recommenda-
tions,etc.,thereby keeping their security and privacy at risk.
Malicious applications can easily hide in huge market places from
Google,Apple and other third parties and can easily compromise
user’s security and privacy if a user naively installs such an
We present a static analysis tool mapDroid which opens the
black box nature of Android applications and present their
security vulnerabilities and behavior to users.We propose a
precise,generic static analysis for Android applications and
discuss some of its applications.
keywords:Android,Static Analysis,Android Applications
The success of Android [1] and other smart phone Operating
Systems,like iOS,Windows,etc,is generally attributed to
the large market place which allows developers to easily
create third-party applications and users to readily install them.
Access to the privacy and security relevant parts of Android’s
API is controlled by an install-time permission system.Each
application must declare upfront,what permissions it requires,
which is notified to the user during installation.If a user does
not want the asked permissions to be granted to the application,
she can cancel the installation.The problem with this current
model is,that it is an all-or-none approach,where user has
no way to selectively give some permissions and deny others.
The success of install time permission systems like Android
depends on the user’s decision of allowing or rejecting the
install time permissions,but,users are generally unaware
of application requirements,its behavior and its potential
dangers.The problem arises due to the black box nature of
applications causing Android permissions to be generally read
and viewed but not understood by the users [4].We in this
work present a static analysis tool for Android,mapDroid
which analyzes android applications to produce a mapping
between the permissions an application has asked and the
functionality with which this permission is associated.Such
a map could help user to make a more informed decision at
install time.
WhatsApp,a chat application for Android,is one of the
highly downloaded applications for Android phones,this ap-
plication asks for a long list of permissions at the installation
time as shown in a screen shot of an android emulator in
fig 1.Similar is the scenario with many of the popular Android
Fig.1:permission list of WhatsApp messenger application
Even the most expert of the users can never be sure whether
the application legitimately needs all these permissions or it is
because of developer’s naiveness or maliciousness.The effect
is,that most of the users in such a case allow application
installation based on various factors like its popularity,users
ratings etc.,which gives attackers opportunity to exploit vari-
ous vulnerabilities in these applications if these are benign and
the situation is worse if the application is malicious.Thus an
install time permission may provide users a control over their
privacy and security and may reduce the impact of bugs and
vulnerabilities in applications,however such a model becomes
ineffective if users are uninformed about the behavior of these
applications and their potential harms.Thus there is a need to
analyze Android applications for security vulnerabilities and
revealing their behavior to users,so that they can take a more
informed install time decision.
To overcome some of the above listed issues,we propose
a static analysis tool for Android,mapDroid,which produces
a mapping between,the permissions an application has asked
for and the functionality with which it is associated.mapDroid
analyzes a given Android application to find all the API calls
and other security relevant events,like intent passing and
receiving,receiving broadcast,etc.We then associate each
of these events with the permissions needed for them,using
the permission map generated in [2].The output of our static
analysis would be an application call graph where each node
n will be annotated with the set of permissions alive,P
n.If a permission p 2 P
,it signifies that p is used along
some path starting from that node.Since such call graphs,
when generated for real world Android applications could be
fairly large,complex and difficult for users to understand,we
propose to modify the nodes of this graph to visible GUI
events like,pressing a button,selecting an element from a
list,etc.Such a graph can be generated by inflating the GUI
objects (Widgets or Views in Android) and tracking all the
eventHandlers and eventListeners in the application.Although
we have expelled our results in this particular format for user
understandability,our analysis is highly generic and can be
utilized for various purposes.This is an ongoing work and
we are omitting the detailed description of the work and
other possible applications due to space constraints.In next
subsection we present a simple example of a Contact Manager
application and the expected output generated by mapDroid
after analyzing it.
A study example
We present a small Contact Manager application as a study
example here.This is a simple application which allows to
manage user contacts,by allowing reading contact details
and adding new contacts.The applications uses mainly three
permissions as listed in its manifest.These include GETAC-
shows some brief code fragments for the application showing
the main Activity ContactManager,event handlers and some
API calls.We have omitted the details and the other activities
due to limited space.Our tool mapDroid will analyze this
application and generate a graph similar to Fig 3.As men-
tioned earlier,the nodes in this graph are the visible GUI
objects,or events.Each node is associated with a set of live
permissions.Such a map gives user an understanding about
what events a permission is associated with.Such a graph
could be useful to other line of works which target all or none
nature of Android permission systemby giving user the control
to perform selective installation,by allowing some of the
permissions while denying others [3].These works suffer from
a limitation that,although user has the power to select,but not
the required knowledge.For example using our technique (see
Fig.3),the user can know that ContactList functionality can
be used without requiring permissions to read/write contacts.It
can also help user to define fine grained,user specific security
polices.Defining such policies is highly intricate for the user
without the information about application’s behavior.
One of the closely related work is by Felt[2].
We use the mapping generated by their work as one of the
input to our tool,mapDroid.They present a static analysis
tool Stowaway to find over privilege in Android applications,
our work subsumes theirs in a way,as we can also report
about application’s over privilege nature using our generic call
Fig.2:Code fragment from ContactManager application.
Fig.3:An event graph for ContactManager application.
graph.Moreover,Stowaway gives a high false positives due to
its limitations in handling reflective calls.Although handling
reflective calls in Android is an open problem,we propose a
reflective call handling with potentially better resolution than
Stowaway.Kirin [5] checks the permissions asked by the ap-
plication and raises a warning if some dangerous combination
of permissions is being asked.Their analysis is based only on
the manifest and the documentation provided by the developer
and they do not examine how these permissions are used in
the application.Thus our analysis is surely more precise that
[2] Adrienne Porter Felt,Erika Chin,Steve Hanna,Dawn Song,and David
Wagner.2011.Android permissions demystified.In Proceedings of the
18th ACM conference on Computer and communications security (CCS
[3] Bartel,Alexandre and Klein,Jacques and Monperrus,Martin and Allix,
Kevin and Traon,Yves Le.Improving Privacy on Android Smartphones
Through In-Vivo Bytecode Instrumentation.In CoRR,Vol.abs/1208.4536
[4] Adrienne Porter Felt,Elizabeth Ha,Serge Egelman,Ariel Haney,Erika
Chin,and David Wagner.2012.Android permissions:user attention,
comprehension,and behavior.In Proceedings of the Eighth Symposium
on Usable Privacy and Security (SOUPS ’12).
[5] William Enck,Machigar Ongtang,and Patrick McDaniel.2009.On
lightweight mobile phone application certification.In Proceedings of the
16th ACM conference on Computer and communications security (CCS