Professional Documents
Culture Documents
Contribution
A novel approach to automatically detect capability leak in Android applications.
5/20/2013
Capability Leak
An application with less permissions (a nonprivileged caller) gain access to the components of a more privileged application (a privileged callee). Then the lower privileged application can do things through the capability of the higher privileged application.
5/20/2013 3
Services
runs in the background to perform long-running operations, does not provide a user interface. For example, a service might play music in the background while the user is in a different application, or it might fetch data over the network without blocking user interaction with an activity.
5/20/2013 4
BroadCast Receivers
responds to system-wide broadcast announcements. For example, a broadcast announcing that the screen has turned off, the battery is low etc.
5/20/2013 5
Ref: http://www.mertkavi.com/tag/android-programlama
5/20/2013
System Design
APK File
Convert
JAR
Decompile
Get Manifest
Risky Components ?
Result
5/20/2013
5/20/2013
5/20/2013
11
5/20/2013
12
5/20/2013
13
Taint propagation
Two kinds of variables are tainted
Appearing in the parameter of a sensitive call
Variables holding return value of sensitive operation
5/20/2013
14
Example
Example
5/20/2013
16
Limitations
1. Static analysis technique, so lot of false positives (FP). 2. Only detect capability leaks through Activity and Services, does not work for Content Providers
Question 2
Do you have any idea to stop applications from leaking capability? Please justify and explain your you idea if there is any.
5/20/2013
18
5/20/2013
19
Example
App1 Components can access the components of App2, which can access component 1 of App3. So, App1 can now indirectly access component 1 of App3.
Note : Drawn using the idea from [1]
5/20/2013 20
Proposal
Let suppose, AppX uses permissions PX ={ Px1,..,Pxn} and it has unguarded components. AppY has permissios PY = {Py1,,Pyn} and it wants to access components of AppX.
References
[1] Chan, Patrick PF, Lucas CK Hui, and S. M. Yiu. "Droidchecker: analyzing android applications for capability leak." Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks. ACM, 2012.
5/20/2013
22
5/20/2013
23