Reference : Small changes, big changes: an updated view on the Android permission system
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/28908
Small changes, big changes: an updated view on the Android permission system
English
Zhauniarovich, Yury mailto [Qatar Computing Research Institute, HBKU]
Gadyatskaya, Olga mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Sep-2016
Research in Attacks, Intrusions, and Defenses - 19th International Symposium, RAID 2016, Paris, France, September 19-21, 2016, Proceedings
Springer
346-367
Yes
International
978-3-319-45718-5
RAID
from 19-09-2016 to 21-09-2016
Evry
France
[en] Android ; permission system ; run-time permissions
[en] Since the appearance of Android, its permission system was central to many studies of Android security. For a long time, the description of the architecture provided by Enck et al. was immutably
used in various research papers. The introduction of highly anticipated runtime permissions in Android 6.0 forced us to reconsider this model. To our surprise, the permission system evolved with almost every release. After analysis of 16 Android versions, we can con firm that the modi fications, especially introduced in Android 6.0, considerably impact the aptness of old conclusions and tools for newer releases. For instance, since Android 6.0 some signature permissions, previously granted only to apps signed with a platform certi cate, can be granted to third-party apps even if they are signed with a non-platform certi cate; many permissions considered before as threatening are now granted by default.
In this paper, we review in detail the updated system, introduced changes, and their security implications. We highlight some bizarre behaviors, which may be of interest for developers and security researchers. We also found a number of bugs during our analysis, and provided patches to
AOSP where possible.
Interdisciplinary Centre for Security, Reliability and Trust (SnT)
Researchers ; Professionals ; Students ; General public
http://hdl.handle.net/10993/28908
10.1007/978-3-319-45719-2_16
The original publication is available at http://link.springer.com/chapter/10.1007%2F978-3-319-45719-2_16

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Limited access
ape_paper.pdfAuthor postprint627.36 kBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.