Results 1 - 10
of
53
Investigating User Privacy in Android Ad Libraries
"... Abstract—Recent years have witnessed incredible growth in the popularity and prevalence of smart phones. A flourishing mobile application market has evolved to provide users with additional functionality such as interacting with social networks, games, and more. Mobile applications may have a direct ..."
Abstract
-
Cited by 29 (3 self)
- Add to MetaCart
(Show Context)
Abstract—Recent years have witnessed incredible growth in the popularity and prevalence of smart phones. A flourishing mobile application market has evolved to provide users with additional functionality such as interacting with social networks, games, and more. Mobile applications may have a direct purchasing cost or be free but ad-supported. Unlike in-browser ads, the privacy implications of ads in Android applications has not been thoroughly explored. We start by comparing the similarities and differences of in-browser ads and in-app ads. We examine the effect on user privacy of thirteen popular Android ad providers by reviewing their use of permissions. Worryingly, several ad libraries checked for permissions beyond the required and optional ones listed in their documentation, including dangerous permissions like CAMERA, WRITE CALENDAR and WRITE CONTACTS. Further, we discover the insecure use of Android’s JavaScript extension mechanism in several ad libraries. We identify fields in ad requests for private user information and confirm their presence in network data obtained from a tier-1 network provider. We also show that users can be tracked by a network sniffer across ad providers and by an ad provider across applications. Finally, we discuss several possible solutions to the privacy issues identified above. I.
Detecting Passive Content Leaks and Pollution in Android Applications
- In Proceedings of the 20th Annual Symposium on Network and Distributed System Security, NDSS ’13
, 2013
"... In this paper, we systematically study two vulnerabili-ties and their presence in existing Android applications (or “apps”). These two vulnerabilities are rooted in an unpro-tected Android component, i.e., content provider, inside vul-nerable apps. Because of the lack of necessary access con-trol en ..."
Abstract
-
Cited by 24 (3 self)
- Add to MetaCart
(Show Context)
In this paper, we systematically study two vulnerabili-ties and their presence in existing Android applications (or “apps”). These two vulnerabilities are rooted in an unpro-tected Android component, i.e., content provider, inside vul-nerable apps. Because of the lack of necessary access con-trol enforcement, affected apps can be exploited to either passively disclose various types of private in-app data or inadvertently manipulate certain security-sensitive in-app settings or configurations that may subsequently cause se-rious system-wide side effects (e.g., blocking all incoming phone calls or SMS messages). To assess the prevalence of these two vulnerabilities, we analyze 62, 519 apps collected in February 2012 from various Android markets. Our re-sults show that among these apps, 1, 279 (2.0%) and 871 (1.4%) of them are susceptible to these two vulnerabilities, respectively. In addition, we find that 435 (0.7%) and 398 (0.6%) of them are accessible from official Google Play and some of them are extremely popular with more than 10, 000, 000 installs. The presence of a large number of vulnerable apps in popular Android markets as well as the variety of private data for leaks and manipulation reflect the severity of these two vulnerabilities. To address them, we also explore and examine possible mitigation solutions. 1
Delegate the smartphone user? Security awareness in smartphone platforms
- COMPUTERS & SECURITY
, 2013
"... ..."
Unauthorized origin crossing on mobile platforms: Threats and mitigation.
- In CCS,
, 2013
"... ABSTRACT With the progress in mobile computing, web services are increasingly delivered to their users through mobile apps, instead of web browsers. However, unlike the browser, which enforces origin-based security policies to mediate the interactions between the web content from different sources, ..."
Abstract
-
Cited by 15 (2 self)
- Add to MetaCart
(Show Context)
ABSTRACT With the progress in mobile computing, web services are increasingly delivered to their users through mobile apps, instead of web browsers. However, unlike the browser, which enforces origin-based security policies to mediate the interactions between the web content from different sources, today's mobile OSes do not have a comparable security mechanism to control the crossorigin communications between apps, as well as those between an app and the web. As a result, a mobile user's sensitive web resources could be exposed to the harms from a malicious origin. In this paper, we report the first systematic study on this mobile cross-origin risk. Our study inspects the main cross-origin channels on Android and iOS, including intent, scheme and webaccessing utility classes, and further analyzes the ways popular web services (e.g., Facebook, Dropbox, etc.) and their apps utilize those channels to serve other apps. The research shows that lack of origin-based protection opens the door to a wide spectrum of cross-origin attacks. These attacks are unique to mobile platforms, and their consequences are serious: for example, using carefully designed techniques for mobile cross-site scripting and request forgery, an unauthorized party can obtain a mobile user's Facebook/Dropbox authentication credentials and record her text input. We report our findings to related software vendors, who all acknowledged their importance. To address this threat, we designed an origin-based protection mechanism, called Morbs, for mobile OSes. Morbs labels every message with its origin information, lets developers easily specify security policies, and enforce the policies on the mobile channels based on origins. Our evaluation demonstrates the effectiveness of our new technique in defeating unauthorized origin crossing, its efficiency and the convenience for the developers to use such protection.
Longitudinal Analysis of Android Ad Library Permissions
"... Abstract—This paper investigates changes over time in the behavior of Android ad libraries. Taking a sample of 114,000 apps, we extract and classify their ad libraries. By considering the release dates of the applications that use a specific ad library version, we estimate the release date for the l ..."
Abstract
-
Cited by 12 (1 self)
- Add to MetaCart
(Show Context)
Abstract—This paper investigates changes over time in the behavior of Android ad libraries. Taking a sample of 114,000 apps, we extract and classify their ad libraries. By considering the release dates of the applications that use a specific ad library version, we estimate the release date for the library, and thus build a chronological map of the permissions used by various ad libraries over time. By considering install counts, we are able to estimate the number of times that a given library has been installed on users ’ devices. We find that the use of most permissions has increased over the last several years, and that more libraries are able to use permissions that pose particular risks to user privacy and security. I.
The impact of vendor customizations on Android security
- In ACM conference on Computer and communications security (CCS ’13
, 2013
"... The smartphone market has grown explosively in recent years, as more and more consumers are attracted to the sensor-studded mul-tipurpose devices. Android is particularly ascendant; as an open platform, smartphone manufacturers are free to extend and modify it, allowing them to differentiate themsel ..."
Abstract
-
Cited by 11 (0 self)
- Add to MetaCart
(Show Context)
The smartphone market has grown explosively in recent years, as more and more consumers are attracted to the sensor-studded mul-tipurpose devices. Android is particularly ascendant; as an open platform, smartphone manufacturers are free to extend and modify it, allowing them to differentiate themselves from their competitors. However, vendor customizations will inherently impact overall An-droid security and such impact is still largely unknown. In this paper, we analyze ten representative stock Android im-ages from five popular smartphone vendors (with two models from each vendor). Our goal is to assess the extent of security issues that may be introduced from vendor customizations and further de-termine how the situation is evolving over time. In particular, we take a three-stage process: First, given a smartphone’s stock im-age, we perform provenance analysis to classify each app in the
Screenmilker: How to milk your android screen for secrets
- In NDSS
, 2014
"... Abstract—With the rapid increase in Android device pop-ularity, the capabilities that the diverse user base demands from Android have significantly exceeded its original design. As a result, people have to seek ways to obtain the permissions not directly offered to ordinary users. A typical way to d ..."
Abstract
-
Cited by 8 (1 self)
- Add to MetaCart
(Show Context)
Abstract—With the rapid increase in Android device pop-ularity, the capabilities that the diverse user base demands from Android have significantly exceeded its original design. As a result, people have to seek ways to obtain the permissions not directly offered to ordinary users. A typical way to do that is using the Android Debug Bridge (ADB), a developer tool that has been granted permissions to use critical system resources. Apps adopting this solution have combined tens of millions of downloads on Google Play. However, we found that such ADB-level capabilities are not well guarded by Android. A prominent example we investigated is the apps that perform programmatic screenshots, a much-needed capability Android fails to support. We found that all such apps in the market inadvertently expose this ADB capability to any party with the INTERNET permission on the same device. With this exposure, a malicious app can be built to stealthily and intelligently collect sensitive user data through screenshots. To understand the threat, we built Screenmilker, an app that can detect the right moment to monitor the screen and pick up a user’s password when she is typing in real time. We show that this can be done efficiently by leveraging the unique design of smartphone user interfaces and its public resources. Such an understanding also informs Android developers how to protect this screenshot capability, should they consider providing an interface to let third-party developers use it in the future, and more generally the security risks of the ADB workaround, a standard technique gaining popularity in app development. Based on the understanding, we present a mitigation mechanism that controls the exposure of the ADB capabilities only to authorized apps. I.
Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks
"... Abstract—Hybrid mobile applications (apps) combine the features of Web applications and “native ” mobile apps. Like Web applications, they are implemented in portable, platformindependent languages such as HTML and JavaScript. Like native apps, they have direct access to local device resources—file ..."
Abstract
-
Cited by 7 (3 self)
- Add to MetaCart
(Show Context)
Abstract—Hybrid mobile applications (apps) combine the features of Web applications and “native ” mobile apps. Like Web applications, they are implemented in portable, platformindependent languages such as HTML and JavaScript. Like native apps, they have direct access to local device resources—file system, location, camera, contacts, etc. Hybrid apps are typically developed using hybrid application frameworks such as PhoneGap. The purpose of the framework is twofold. First, it provides an embedded Web browser (for example, WebView on Android) that executes the app’s Web code. Second, it supplies “bridges ” that allow Web code to escape the browser and access local resources on the device. We analyze the software stack created by hybrid frameworks and demonstrate that it does not properly compose the accesscontrol policies governing Web code and local code, respectively.
Traon. Improving privacy on android smartphones through in-vivo bytecode instrumentation
, 2012
"... In this paper we claim that a widely applicable and efficient means to fight against malicious mobile Android applications is: 1) to per-form runtime monitoring 2) by instrumenting the application byte-code and 3) in-vivo, i.e. directly on the smartphone. We present a tool chain to do this and prese ..."
Abstract
-
Cited by 6 (1 self)
- Add to MetaCart
(Show Context)
In this paper we claim that a widely applicable and efficient means to fight against malicious mobile Android applications is: 1) to per-form runtime monitoring 2) by instrumenting the application byte-code and 3) in-vivo, i.e. directly on the smartphone. We present a tool chain to do this and present experimental results showing that this tool chain can run on smartphones in a reasonable amount of time and with a realistic effort. Our findings also identify chal-lenges to be addressed before running powerful runtime monitoring and instrumentations directly on smartphones. We implemented two use-cases leveraging the tool chain: FineGPolicy, a fine-grained user centric permission policy system and AdRemover an adver-tisement remover. Both prototypes improve the privacy of Android systems thanks to in-vivo bytecode instrumentation. 1.
Securing embedded user interfaces: Android and beyond.
- In USENIX Security Symposium
, 2013
"... Abstract Web and smartphone applications commonly embed third-party user interfaces like advertisements and social media widgets. However, this capability comes with security implications, both for the embedded interfaces and the host page or application. While browsers have evolved over time to ad ..."
Abstract
-
Cited by 4 (0 self)
- Add to MetaCart
(Show Context)
Abstract Web and smartphone applications commonly embed third-party user interfaces like advertisements and social media widgets. However, this capability comes with security implications, both for the embedded interfaces and the host page or application. While browsers have evolved over time to address many of these issues, mobile systems like Android -which do not yet support true cross-application interface embedding -present an opportunity to redesign support for secure embedded user interfaces from scratch. In this paper, we explore the requirements for a system to support secure embedded user interfaces by systematically analyzing existing systems like browsers, smartphones, and research systems. We describe our experience modifying Android to support secure interface embedding and evaluate our implementation using case studies that rely on embedded interfaces, such as advertisement libraries, Facebook social plugins (e.g., the "Like" button), and access control gadgets. We provide concrete techniques and reflect on lessons learned for secure embedded user interfaces.
