Results 1 - 10
of
87
Android permissions demystified
- In CCS’11
"... Android provides third-party applications with an extensive API that includes access to phone hardware, settings, and user data. Access to privacy- and security-relevant parts of the API is controlled with an install-time application permission system. We study Android applications to determine whet ..."
Abstract
-
Cited by 225 (12 self)
- Add to MetaCart
(Show Context)
Android provides third-party applications with an extensive API that includes access to phone hardware, settings, and user data. Access to privacy- and security-relevant parts of the API is controlled with an install-time application permission system. We study Android applications to determine whether Android developers follow least privilege with their permission requests. We built Stowaway, a tool that detects overprivilege in compiled Android applications. Stowaway determines the set of API calls that an application uses and then maps those API calls to permissions. We used automated testing tools on the Android API in order to build the permission map that is necessary for detecting overprivilege. We apply Stowaway to a set of 940 applications and find that about one-third are overprivileged. We investigate the causes of overprivilege and find evidence that developers are trying to follow least privilege but sometimes fail due to insufficient API documentation.
Android Permissions: User Attention, Comprehension, and Behavior
"... All rights reserved. ..."
(Show Context)
AdDroid: Privilege Separation for Applications and Advertisers in Android
"... Advertising is a critical part of the Android ecosystem— many applications use one or more advertising services as a source of revenue. To use these services, developers must bundle third-party, binary-only libraries into their applications. In this model, applications and their advertising librarie ..."
Abstract
-
Cited by 56 (3 self)
- Add to MetaCart
Advertising is a critical part of the Android ecosystem— many applications use one or more advertising services as a source of revenue. To use these services, developers must bundle third-party, binary-only libraries into their applications. In this model, applications and their advertising libraries share permissions. Advertising-supported applications must request multiple privacy-sensitive permissions on behalf of their advertising libraries, and advertising libraries receive access to all of their host applications ’ other permissions. We conducted a study of the Android Market and found that 49 % of Android applications contain at least one advertising library, and these libraries overprivilege 46% of advertising-supported applications. Further, we find that 56 % of the applications with advertisements that request location (34 % of all applications) do so only because of advertisements. Such pervasive overprivileging is a threat to user privacy. We introduce AdDroid, a privilege separated advertising framework for the Android platform. AdDroid introduces a new advertising API and corresponding advertising permissions for the Android platform. This enables AdDroid to separate privileged advertising functionality from host applications, allowing applications to show advertisements without requesting privacy-sensitive permissions. 1.
User-Driven Access Control: Rethinking permission granting in modern operating systems
- In 2012 IEEE Symposium on Security and Privacy
, 2012
"... Modern client platforms, such as iOS, Android, Windows Phone, Windows 8, and web browsers, run each application in an isolated environment with limited privileges. A pressing open problem in such systems is how to allow users to grant applications access to user-owned resources, e.g., to privacyand ..."
Abstract
-
Cited by 53 (12 self)
- Add to MetaCart
(Show Context)
Modern client platforms, such as iOS, Android, Windows Phone, Windows 8, and web browsers, run each application in an isolated environment with limited privileges. A pressing open problem in such systems is how to allow users to grant applications access to user-owned resources, e.g., to privacyand cost-sensitive devices like the camera or to user data residing in other applications. A key challenge is to enable such access in a way that is non-disruptive to users while still maintaining least-privilege restrictions on applications. In this paper, we take the approach of user-driven access control, whereby permission granting is built into existing user actions in the context of an application, rather than added as an afterthought via manifests or system prompts. To allow the system to precisely capture permission-granting intent in an application’s context, we introduce access control gadgets (ACGs). Each user-owned resource exposes ACGs for applications to embed. The user’s authentic UI interactions with an ACG grant the application permission to access the corresponding resource. Our prototyping and evaluation experience indicates that user-driven access control is a promising direction for enabling in-context, non-disruptive, and leastprivilege permission granting on modern client platforms. 1
Using probabilistic generative models for ranking risks of android apps
- In ACM CCS
, 2012
"... One of Android’s main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it pre ..."
Abstract
-
Cited by 37 (0 self)
- Add to MetaCart
(Show Context)
One of Android’s main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it presents the risk information of each app in a “stand-alone ” fashion and in a way that requires too much technical knowledge and time to distill useful information. We introduce the notion of risk scoring and risk ranking for Android apps, to improve risk communication for Android apps, and identify three desiderata for an effective risk scoring scheme. We propose to use probabilistic generative models for risk scor-ing schemes, and identify several such models, ranging from the simple Naive Bayes, to advanced hierarchical mixture models. Ex-perimental results conducted using real-world datasets show that probabilistic general models significantly outperform existing ap-proaches, and that Naive Bayes models give a promising risk scor-ing approach.
Effective inter-component communication mapping in Android with Epicc: An essential step towards holistic security analysis
- In USENIX Security Symposium
, 2013
"... Many threats present in smartphones are the result of in-teractions between application components, not just ar-tifacts of single components. However, current tech-niques for identifying inter-application communication are ad hoc and do not scale to large numbers of ap-plications. In this paper, we ..."
Abstract
-
Cited by 31 (3 self)
- Add to MetaCart
(Show Context)
Many threats present in smartphones are the result of in-teractions between application components, not just ar-tifacts of single components. However, current tech-niques for identifying inter-application communication are ad hoc and do not scale to large numbers of ap-plications. In this paper, we reduce the discovery of inter-component communication (ICC) in smartphones to an instance of the Interprocedural Distributive Envi-ronment (IDE) problem, and develop a sound static anal-ysis technique targeted to the Android platform. We ap-ply this analysis to 1,200 applications selected from the Play store and characterize the locations and substance of their ICC. Experiments show that full specifications for ICC can be identified for over 93 % of ICC locations for the applications studied. Further the analysis scales well; analysis of each application took on average 113 seconds to complete. Epicc, the resulting tool, finds ICC vulnerabilities with far fewer false positives than the next best tool. In this way, we develop a scalable vehicle to extend current security analysis to entire collections of applications as well as the interfaces they export. 1
WHYPER: Towards Automating Risk Assessment of Mobile Applications
"... Application markets such as Apple’s App Store and Google’s Play Store have played an important role in the popularity of smartphones and mobile devices. However, keeping malware out of application markets is an ongoing challenge. While recent work has developed various techniques to determine what a ..."
Abstract
-
Cited by 28 (3 self)
- Add to MetaCart
Application markets such as Apple’s App Store and Google’s Play Store have played an important role in the popularity of smartphones and mobile devices. However, keeping malware out of application markets is an ongoing challenge. While recent work has developed various techniques to determine what applications do, no work has provided a technical approach to answer, what do users expect? In this paper, we present the first step in addressing this challenge. Specifically, we focus on permissions for a given application and examine whether the application description provides any indication for why the application needs a permission. We present WHY-PER, a framework using Natural Language Processing (NLP) techniques to identify sentences that describe the need for a given permission in an application description. WHYPER achieves an average precision of 82.8%, and an average recall of 81.5 % for three permissions (address book, calendar, and record audio) that protect frequentlyused security and privacy sensitive resources. These results demonstrate great promise in using NLP techniques to bridge the semantic gap between user expectations and application functionality, further aiding the risk assessment of mobile applications. 1
Short paper: a look at smartphone permission models
- In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
, 2011
"... ABSTRACT Many smartphone operating systems implement strong sandboxing for 3rd party application software. As part of this sandboxing, they feature a permission system, which conveys to users what sensitive resources an application will access and allows users to grant or deny permission to access ..."
Abstract
-
Cited by 25 (1 self)
- Add to MetaCart
(Show Context)
ABSTRACT Many smartphone operating systems implement strong sandboxing for 3rd party application software. As part of this sandboxing, they feature a permission system, which conveys to users what sensitive resources an application will access and allows users to grant or deny permission to access those resources. In this paper we survey the permission systems of several popular smartphone operating systems and taxonomize them by the amount of control they give users, the amount of information they convey to users and the level of interactivity they require from users. We discuss the problem of permission overdeclaration and devise a set of goals that security researchers should aim for, as well as propose directions through which we hope the research community can attain those goals.
An Evaluation of the Google Chrome Extension Security Architecture
"... Vulnerabilities in browser extensions put users at risk by providing a way for website and network attackers to gain access to users ’ private data and credentials. Extensions can also introduce vulnerabilities into the websites that they modify. In 2009, Google Chrome introduced a new extension pla ..."
Abstract
-
Cited by 24 (0 self)
- Add to MetaCart
(Show Context)
Vulnerabilities in browser extensions put users at risk by providing a way for website and network attackers to gain access to users ’ private data and credentials. Extensions can also introduce vulnerabilities into the websites that they modify. In 2009, Google Chrome introduced a new extension platform with several features intended to prevent and mitigate extension vulnerabilities: strong isolation between websites and extensions, privilege separation within an extension, and an extension permission system. We performed a security review of 100 Chrome extensions and found 70 vulnerabilities across 40 extensions. Given these vulnerabilities, we evaluate how well each of the security mechanisms defends against extension vulnerabilities. We find that the mechanisms mostly succeed at preventing web attacks, but new security mechanisms are needed to protect users from network attacks on extensions, website metadata attacks on extensions, and vulnerabilities that extensions add to websites. We propose and evaluate additional defenses, and we conclude that banning HTTP scripts and inline scripts would prevent 47 of the 50 most severe vulnerabilities with only modest impact on developers. 1
Don’t kill my ads! Balancing Privacy in an Ad-Supported Mobile Application Market
"... Application markets have revolutionized the software download model of mobile phones: third-party application developers offer software on the market that users can effortlessly install on their phones. This great step forward, however, also imposes some threats to user privacy: applications often a ..."
Abstract
-
Cited by 24 (0 self)
- Add to MetaCart
(Show Context)
Application markets have revolutionized the software download model of mobile phones: third-party application developers offer software on the market that users can effortlessly install on their phones. This great step forward, however, also imposes some threats to user privacy: applications often ask for permissions that reveal private information such as the user’s location, contacts and messages. While some mechanisms to prevent leaks of user privacy to applications have been proposed by the research community, these solutions fail to consider that application markets are primarily driven by advertisements that rely on accurately profiling the user. In this paper we take into account that there are two parties with conflicting interests: the user, interested in maintaining their privacy and the developer who would like to maximize their advertisement revenue through user profiling. We have conducted an extensive analysis of more than 250,000 applications in the Android market. Our results indicate that the current privacy protection mechanisms are not effective as developers and advert companies are not deterred. Therefore, we designed and implemented a market-aware privacy protection framework that aims to achieve an equilibrium between the developer’s revenue and the user’s privacy. The proposed framework is based on the establishment of a feedback control loop that adjusts the level of privacy protection on mobile phones, in response to advertisement generated revenue. 1.
