Skip to main content
SpringerLink
Log in

A formal approach for detection of security flaws in the android permission system

  • Original Article
  • Published:
Formal Aspects of Computing

Abstract

The ever increasing expansion of mobile applications into nearly every aspect of modern life, from banking to healthcare systems, is making their security more important than ever. Modern smartphone operating systems (OS) rely substantially on the permission-based security model to enforce restrictions on the operations that each application can perform. In this paper, we perform an analysis of the permission protocol implemented in Android, a popular OS for smartphones. We propose a formal model of the Android permission protocol in Alloy, and describe a fully automatic analysis that identifies potential flaws in the protocol. A study of real-world Android applications corroborates our finding that the flaws in the Android permission protocol can have severe security implications, in some cases allowing the attacker to bypass the permission checks entirely.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Armando A, Costa G, Merlo A (2012) Formal modeling and reasoning about the android security framework. In: Palamidessi C, Ryan MD (eds) Trustworthy global computing, number 8191 in Lecture Notes in Computer Science. Springer, Berlin, pp 64–81. https://doi.org/10.1007/978-3-642-41157-1_5

  2. Andoni A, Daniliuc D, Khurshid S, Marinov D. Evaluating the small scope hypothesis. http://sdg.csail.mit.edu/pubs/2002/SSH.pdf

  3. Arzt S, Rasthofer S, Bodden E, Bartel A, Klein J, Le Traon Y, Octeau D, McDaniel P (2014) Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of the 35th annual ACM SIGPLAN conference on programming language design and implementation (PLDI 2014)

  4. Bugliesi M, Calzavara S, Spanò A (2013) Lintent: towards security type-checking of android applications. In: Beyer D, Boreale M (ed) Formal techniques for distributed systems, number 7892 in Lecture Notes in Computer Science. Springer, Berlin, pp 289–304. https://doi.org/10.1007/978-3-642-38592-6_20

  5. Bagheri H, Garcia J, Sadeghi A, Malek S, Medvidovic N (2016) Software architectural principles in contemporary mobile software: from conception to practice. J Syst Softw 119: 31–44

    Article  Google Scholar 

  6. Bagheri H, Kang E, Malek S, Jackson D (2015) Detection of design flaws in the android permission protocol through bounded verification. In: Proceedings of the 2015 international symposium on formal methods (FM), volume 9109 of Lecture Notes in Computer Science. Springer, Berlin, pp 73–89

  7. Bagheri H, Sadeghi A, Garcia J, Malek S (2015) Covert: compositional analysis of android inter-app permission leakage. IEEE Trans Softw Eng 41(9): 866–886

    Article  Google Scholar 

  8. Bagheri H, Sadeghi A, Jabbarvand R, Malek S (2016) Practical, formal synthesis and automatic enforcement of security policies for android. In: Proceedings of the 46th IEEE/IFIP international conference on dependable systems and networks (DSN), pp 514–525

  9. Chin E, Felt AP, Greenwood K, Wagner D (2011) Analyzing inter-application communication in android. In: Proceedings of the 9th international conference on mobile systems, applications, and services, MobiSys ’11, New York, NY, USA. ACM, pp 239–252

  10. Chaudhuri A (2009) Language-based security on android. In: Proceedings of programming languages and analysis for security (PLAS’09), pp 1–7

  11. Chen KZ, Johnson NM, D’Silva V, Dai S, MacNamara K, Magrino TR, Wu EX, Rinard M, Song DX (2013) Contextual policy enforcement in android applications with permission event graphs. In: NDSS, San Diego, CA

  12. Davi L, Dmitrienko A, Sadeghi A-R, Winandy M (2010) Privilege escalation attacks on android. In: Proceedings of the 13th international conference on Information security (ISC).

  13. Enck W, Gilbert P, gon Chun B, Cox LP, Jung J, McDaniel P, Sheth AN (2011) Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of USENIX OSDI

  14. Enck W, Ongtang W, McDaniel P (2009) On lightweight mobile phone application certification. In: Proceedings of the 16th ACM conference on Computer and communications security, Chicago, IL. ACM, pp 235–245

  15. Enck W, Octeau D, McDaniel P, Chaudhuri S (2011) A study of android application security. In: Proceedings of USENIX.

  16. Enck W, Octeau D, McDaniel P, Chaudhuri S (2011) A study of android application security. In: Proceedings of the 20th USENIX conference on security, SEC’11, San Francisco, CA. USENIX Association, pp 21–21

  17. Fragkaki E, Bauer L, Jia L, Swasey D (2012) Modeling and enhancing android’s permission system. In: 17th European symposium on research in computer security (ESORICS), pp 1–18

  18. Fuchs AP, Chaudhuri A, Foster JS (2009) Scandroid: Automated security certification of android applications

  19. Felt AP, Chin E, Hanna S, Song D, Wagner D (2011) Android permissions demystified. In: 18th ACM conference on computer and communications security (CCS), pp 627–638

  20. Felt AP, Wang HJ, Moshchuk A, Hanna S, Chin E (2011) Permission re-delegation: attacks and defenses. In: 20th USENIX security symposium

  21. Google. Android system permissions. http://developer.android.com/guide/topics/security/permissions.html

  22. Grace MC, Zhou W, Jiang X, Sadeghi AR (2012) Unsafe exposure analysis of mobile in-app advertisements. In: Proceedings of the fifth ACM conference on security and privacy in wireless and mobile networks, WISEC ’12, Tucson, AZ. ACM, pp 101–112

  23. Grace M, Zhou Y, Wang Z, Jiang X (2012) Systematic detection of capability leaks in stock android smartphones. In: Proceedings of the 19th annual symposium on network and distributed system security

  24. Grace MC, Zhou Y, Wang Z, Jiang X (2012) Systematic detection of capability leaks in stock android smartphones. In: NDSS, San Diego, CA

  25. Hammad M, Bagheri H, Malek S (2017) Determination and enforcement of least-privilege architecture in android. In: 2017 IEEE international conference on software architecture (ICSA), pp 59–68

  26. Jackson D (2012) Software abstractions: logic, language, and analysis, 2nd edn. MIT Press, Cambridge

  27. Li L, Bartel A, Klein J, Traon YL (2014) Automatically exploiting potential component leaks in android applications. In: Proceedings of the 13th international conference on trust, security and privacy in computing and communications, Beijing, China, pp 388–397

  28. Lu L, Li Z, Wu Z, Lee W, Jiang G (2012) Chex: statically vetting android apps for component hijacking vulnerabilities. In: Proceedings of the ACM conference on computer and communications security (CCS)

  29. Murphy M (2014) Vulnerabilities with custom permissions. http://commonsware.com/blog/2014/02/12/vulnerabilities-custom-permissions.html

  30. Octeau D, McDaniel P, Jha S, Bartel A, Bodden E, Klein J, Traon YL (2013) Effective inter-component communication mapping in android with epicc: an essential step towards holistic security analysis. In: Proceedings of the 22nd USENIX security symposium, Washington, DC

  31. Pearce P, Felt AP, Nunez G, Wagner D (2012) AdDroid: privilege separation for applications and advertisers in android. In: Proceedings of the 7th ACM symposium on information, computer and communications security, ASIACCS ’12, Seoul, Republic of Korea. ACM, pp 71–72

  32. Pandita R, Xiao X, Yang W, Enck W, Xie T (2013) Whyper: towards automating risk assessment of mobile applications. In: Proceedings of the 22nd USENIX conference on security, SEC’13, Berkeley, CA, USA. USENIX Association, pp 527–542

  33. Rastogi V, Chen Y, Enck W (2013) AppsPlayground: automatic security analysis of smartphone applications. In: Proceedings of the 3rd ACM conference on data and application security and privacy, CODASPY ’13, San Antonio, TX. ACM, pp 209–220

  34. Ravitch T, Creswick ER, Tomb A, Foltzer A, Elliott T, Casburn L (2014) Multi-app security analysis with FUSE: statically detecting android app collusion. In: Proceedings of the 4th program protection and reverse engineering workshop, PPREW-4, New Orleans, LA. ACM, pp 4:1–4:10

  35. Sadeghi A, Bagheri H, Garcia J, Malek S (2017) A taxonomy and qualitative comparison of program analysis techniques for security assessment of android software.. IEEE Trans Softw Eng 43(6): 492–530

    Article  Google Scholar 

  36. Smith E, Coglio A (2015) Android platform modeling and android app verification in the acl2 theorem prover. In: Proceedings of the 7th international conference on verified software: theories, tools, and experiments, VSTTE’15, pp 183–201

  37. Schmerl B, Gennari J, Sadeghi A, Bagheri H, Malek S, Camara J, Garlan D (2016) Architecture modeling and analysis of security in android systems. In: Software architecture. Springer, Cham, pp 274–290

  38. Shin W, Kiyomoto S, Fukushima K, Tanaka T (2010) A formal model to analyze the permission authorization and enforcement in the android framework. In: IEEE International conference on privacy, security, risk and trust, pp 944–951

  39. Schlegel R, Zhang K, Zhou X, Intwala M, Kapadia A, Wang X (2011) Soundcomber: a stealthy and context-aware sound trojan for smartphones. In: Proceedings of 18th annual network and distributed system security symposium (NDSS)

  40. Torlak E, Chang FS-H, Jackson D (2008) Finding minimal unsatisfiable cores of declarative specifications. In: FM 2008: formal methods, 15th international symposium on formal methods, Turku, Finland, May 26–30, 2008, proceedings, pp 326–341

  41. Torlak E, Jackson D (2007) Kodkod: a relational model finder. In: Tools and algorithms for the construction and analysis of systems, 13th international conference, TACAS 2007, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2007 Braga, Portugal, March 24–April 1, 2007, Proceedings, pp 632–647

  42. Woodcock J, Davies J (1996) Using Z. Specification, refinement, and proof. Prentice Hall, Upper Saddle River

  43. Wu L, Grace M, Zhou Y, Wu C, Jiang X (2013) The impact of vendor customizations on android security. In: Proceedings of the 2013 ACM SIGSAC conference on computer and communications security , CCS ’13, Berlin, Germany. ACM, pp 623–634

  44. Woodcock J, Larsen PG, Bicarregui J, Fitzgerald J (2009) Formal methods: practice and experience. ACM Comput Surv 41(4):19:1–19:36

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, University of Nebraska, Lincoln, NE, USA

    Hamid Bagheri

  2. Computer Science and Artificial Intelligence Laboratory, Massachusetts Institute of Technology, Cambridge, MA, USA

    Eunsuk Kang & Daniel Jackson

  3. School of Information and Computer Sciences, University of California, Irvine, Irvine, CA, USA

    Sam Malek

Authors
  1. Hamid Bagheri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eunsuk Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sam Malek
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Daniel Jackson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hamid Bagheri.

Additional information

Frank de Boer, Nikolaj Bjorner, and Andrew Butterfield

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bagheri, H., Kang, E., Malek, S. et al. A formal approach for detection of security flaws in the android permission system. Form Asp Comp 30, 525–544 (2018). https://doi.org/10.1007/s00165-017-0445-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00165-017-0445-z

Keywords

Search

Navigation