Abstract
Android’s success makes it a prominent target for malicious software. However, the user has very limited control over security-relevant operations. This work presents AppGuard, a powerful and flexible security system that overcomes these deficiencies. It enforces user-defined security policies on untrusted Android applications without requiring any changes to a smartphone’s firmware, root access, or the like. Fine-grained and stateful security policies are expressed in a formal specification language, which also supports secrecy requirements. Our system offers complete mediation of security-relevant methods based on callee-site inline reference monitoring and supports widespread deployment. In the experimental analysis we demonstrate the removal of permissions for overly curious apps as well as how to defend against several recent real-world attacks on Android phones. Our technique exhibits very little space and runtime overhead. The utility of AppGuard has already been demonstrated by more than 1,000,000 downloads.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
In case no application class exists, we register our class as the application class.
- 2.
By providing policy recommendations based on a crowdsourcing approach, even laymen users can enforce complex policies (e.g. to fix OS vulnerabilities).
References
Android.com: Security and permissions. http://developer.android.com/guide/topics/security/security.html (2012)
Backes, M., Gerling, S., Hammer, C., Maffei, M., von Styp-Rekowsky, P.: AppGuard - Fine-Grained Policy Enforcement for Untrusted Android Applications. Technical Report A/02/2013, Saarland University (April 2013)
Backes, M., Gerling, S., Hammer, C., Maffei, M., von Styp-Rekowsky, P.: AppGuard - enforcing user requirements on Android apps. In: Piterman, N., Smolka, S. (eds.) TACAS 2013. LNCS, vol. 7795, pp. 543–548. Springer, Heidelberg (2013)
Backes, M., Gerling, S., von Styp-Rekowsky, P.: A Local Cross-Site Scripting Attack Against Android Phones. http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf (2011)
Backes SRT: SRT AppGuard : mobile Android security solution. http://www.srt-appguard.com/en/
Barrera, D., Kayacık, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the 17th ACM Conference on Computer and Communication Security (CCS 2010), pp. 73–84 (2010)
Bauer, L., Ligatti, J., Walker, D.: A Language and System for Composing Security Policies. Technical Report TR-699-04, Princeton University (January 2004)
Bauer, L., Ligatti, J., Walker, D.: Composing security policies with polymer. In: Proceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation (PLDI 2005), pp. 305–314 (2005)
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R., Shastry, B.: Towards taming privilege-escalation attacks on android. In: Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS 2012) (2012)
Chaudhuri, A., Fuchs, A., Foster, J.: SCanDroid: Automated Security Certification of Android Applications. Technical Report CS-TR-4991, University of Maryland. http://www.cs.umd.edu/avik/papers/scandroidascaa.pdf (2009)
Chen, F., Roşu, G.: Java-MOP: a monitoring oriented programming environment for Java. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 546–550. Springer, Heidelberg (2005)
Chip: SRT AppGuard. http://www.chip.de/downloads/SRT-AppGuard-Android-App_56552141.html
Conti, M., Nguyen, V.T.N., Crispo, B.: CRePE: context-related policy enforcement for Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 331–345. Springer, Heidelberg (2011)
Dam, M., Jacobs, B., Lundblad, A.: Security monitor inlining and certification for multithreaded Java. In: Mathematical Structures in Computer Science. Cambridge University Press, New York (2011)
Davis, B., Sanders, B., Khodaverdian, A., Chen, H.: I-ARM-Droid: A rewriting framework for in-app reference monitors for Android applications. In: Mobile Security Technologies 2012 (MoST 12) (2012)
Desmet, L., Joosen, W., Massacci, F., Naliuka, K., Philippaerts, P., Piessens, F., Vanoverberghe, D.: The S3MS.NET run time monitor. Electron. Notes Theor. Comput. Sci. 253(5), 153–159 (2009)
von Eitzen, C.: Apple: future iOS release will require user permission for apps to access address book. http://h-online.com/-1435404 (February 2012)
Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th Usenix Symposium on Operating Systems Design and Implementation (OSDI 2010), pp. 393–407 (2010)
Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of Android application security. In: Proceedings of the 20th Usenix Security Symposium (2011)
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communication Security (CCS 2009), pp. 235–245 (2009)
Erlingsson, Ú., Schneider, F.B.: IRM enforcement of Java stack inspection. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy (Oakland 2002), pp. 246–255 (2000)
Erlingsson, U., Schneider, F.B.: SASI enforcement of security policies: a retrospective. In: Proceedings of the 1999 Workshop on New Security Paradigms (NSPW 1999), pp. 87–95 (2000)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communication Security (CCS 2011) (2011)
Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. In: Proceedings of the 2nd Usenix Conference on Web Application Development (WebApps 2011) (2011)
Fragkaki, E., Bauer, L., Jia, L., Swasey, D.: Modeling and enhancing Android’s permission system. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 1–18. Springer, Heidelberg (2012)
Gibler, C., Crussel, J., Erickson, J., Chen, H.: AndroidLeaks: Detecting Privacy Leaks in Android Applications. Technical Report CSE-2011-10, University of California, Davis (2011)
Gilbert, P., Chun, B.G., Cox, L.P., Jung, J.: Vision: automated security validation of mobile apps at app markets. In: Proceedings of the 2nd International Workshop on Mobile Cloud Computing and Services (MCS 2011) (2011)
Google Play. https://play.google.com/store (2012)
Grace, M., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock Android smartphones. In: Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS 2012) (2012)
Gruver, B.: Smali: a assembler/disassembler for Android’s dex format. http://code.google.com/p/smali/
Hamlen, K.W., Jones, M.: Aspect-oriented in-lined reference monitors. In: Proceedings of the 3rd ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS 2008), pp. 11–20 (2008)
Hamlen, K.W., Jones, M.M., Sridhar, M.: Chekov: Aspect-Oriented Runtime Monitor Certification via Model-Checking. Technical Report UTDCS-16-11, University of Texas at Dallas (May 2011)
Hamlen, K.W., Morrisett, G., Schneider, F.B.: Certified in-lined reference monitoring on.NET. In: Proceedings of the 1st ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS 2006), pp. 7–16 (2006)
Heise: SRT AppGuard. http://www.heise.de/download/srt-appguard-pro-1187469.html
Jeon, J., Micinski, K.K., Vaughan, J.A., Reddy, N., Zhu, Y., Foster, J.S., Millstein, T.: Dr. Android and Mr. Hide: Fine-Grained Security Policies on Unmodified Android. Technical Report CS-TR-5006, University of Maryland (December 2011)
Könings, B., Nickels, J., Schaub, F.: Catching AuthTokens in the Wild - The Insecurity of Google’s ClientLogin Protocol. Technical Report, Ulm University. http://www.uni-ulm.de/in/mi/mi-mitarbeiter/koenings/catching-authtokens.html (2011)
Ligatti, J., Bauer, L., Walker, D.: Edit automata: enforcement mechanisms for run-time security policies. Int. J. Inf. Secur. 4(1–2), 2–16 (2005)
Nauman, M., Khan, S., Zhang, X.: Apex: extending Android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communication Security (ASIACCS 2010), pp. 328–332 (2010)
Ongtang, M., Butler, K.R.B., McDaniel, P.D.: Porscha: policy oriented secure content handling in Android. In: Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC 2010), pp. 221–230 (2010)
Ongtang, M., McLaughlin, S.E., Enck, W., McDaniel, P.: Semantically rich application-centric security in Android. In: Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC 2009), pp. 340–349 (2009)
Portokalidis, G., Homburg, P., Anagnostakis, K., Bos, H.: Paranoid Andoird: versatile protection for smartphones. In: Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC 2010), pp. 347–356 (2010)
Sarno, D.: Twitter stores full iPhone contact list for 18 months, after scan. http://articles.latimes.com/2012/feb/14/business/la-fi-tn-twitter-contacts-20120214 (February 2012)
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)
von Styp-Rekowsky, P., Gerling, S., Backes, M., Hammer, C.: Idea: callee-site rewriting of sealed system libraries. In: Jürjens, J., Livshits, B., Scandariato, R. (eds.) ESSoS 2013. LNCS, vol. 7781, pp. 33–41. Springer, Heidelberg (2013)
Xu, R., Saïdi, H., Anderson, R.: Aurasium - practical policy enforcement for Android applications. In: Proceedings of the 21st Usenix Security Symposium (2012)
Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative Android markets. In: Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS 2012) (February 2012)
Acknowledgement
We thank the anonymous reviewers for their comments. This work was supported by the German Ministry for Education and Research (BMBF) through funding for the Center for IT-Security, Privacy and Accountability (CISPA) and both the initiative for excellence and the Emmy Noether program of the German federal government. Further, we would like to thank Bastian Könings for pointing us to interesting Android apps.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Backes, M., Gerling, S., Hammer, C., Maffei, M., von Styp-Rekowsky, P. (2014). AppGuard – Fine-Grained Policy Enforcement for Untrusted Android Applications. In: Garcia-Alfaro, J., Lioudakis, G., Cuppens-Boulahia, N., Foley, S., Fitzgerald, W. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2013 2013. Lecture Notes in Computer Science(), vol 8247. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54568-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-54568-9_14
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54567-2
Online ISBN: 978-3-642-54568-9
eBook Packages: Computer ScienceComputer Science (R0)