[en] Since the appearance of Android, its permission system was central to many studies of Android security. For a long time, the description of the architecture provided by Enck et al. was immutably
used in various research papers. The introduction of highly anticipated runtime permissions in Android 6.0 forced us to reconsider this model. To our surprise, the permission system evolved with almost every release. After analysis of 16 Android versions, we can con firm that the modi fications, especially introduced in Android 6.0, considerably impact the aptness of old conclusions and tools for newer releases. For instance, since Android 6.0 some signature permissions, previously granted only to apps signed with a platform certi cate, can be granted to third-party apps even if they are signed with a non-platform certi cate; many permissions considered before as threatening are now granted by default.
In this paper, we review in detail the updated system, introduced changes, and their security implications. We highlight some bizarre behaviors, which may be of interest for developers and security researchers. We also found a number of bugs during our analysis, and provided patches to
AOSP where possible.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT)
Disciplines :
Computer science
Author, co-author :
Zhauniarovich, Yury; Qatar Computing Research Institute, HBKU
GADYATSKAYA, Olga ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
External co-authors :
yes
Language :
English
Title :
Small changes, big changes: an updated view on the Android permission system
Publication date :
September 2016
Event name :
RAID
Event place :
Evry, France
Event date :
from 19-09-2016 to 21-09-2016
Audience :
International
Main work title :
Research in Attacks, Intrusions, and Defenses - 19th International Symposium, RAID 2016, Paris, France, September 19-21, 2016, Proceedings
Android Open Source Project. http://source.android.com/. Accessed 31 Mar 2016
Commit 2af5708: Add per UID control to app ops. https://android.googlesource.com/platform/frameworks/base/+/2af5708
Commit 2ca2c87: More adjustments to permissions. https://android.googlesource.com/platform/frameworks/base/+/2ca2c87
Commit 33f5ddd: Add permissions associated with app ops. https://android.googlesource.com/platform/frameworks/base/+/33f5ddd
Commit 3e7d977: Grant installer and verifier install permissions robustly. https://android.googlesource.com/platform/frameworks/base/+/3e7d977
Commit 4516798: Moving launcher permission to framework. https://android.googlesource.com/platform/frameworks/base/+/4516798
Commit 6d2c0e5: Remove not needed contacts related permissions. https://android.googlesource.com/platform/frameworks/base/+/6d2c0e5
Commit a90c8de: Add new “preinstalled” permission flag. https://android.googlesource.com/platform/frameworks/base/+/a90c8de
Commit ccbf84f: Some system apps are more system than others. https://android.googlesource.com/platform/frameworks/base/+/ccbf84f
Commit cfbfafe: Additional permissions aren’t properly disabled after toggling them off. https://android.googlesource.com/platform/frameworks/base/+/cfbfafe
Commit de15eda: Scope WRITE SETTINGS and SYSTEM ALERT WINDOW to an explicit toggle to enable in Settings. https://android.googlesource.com/platform/frameworks/base/+/de15eda
Commit e639da7: New development permissions. https://android.googlesource.com/platform/frameworks/base/+/e639da7
Dashboards. http://goo.gl/mFciT7. Accessed 31 Mar 2016
Google says Android has 1.4 billion active users. http://goo.gl/aUuUNw. Accessed 31 Mar 2016
Microsoft Excel. https://play.google.com/store/apps/details?id=com.microsoft.office.excel. Accessed 31 Mar 2016
Microsoft PowerPoint. https://play.google.com/store/apps/details?id=com.microsoft.office.powerpoint. Accessed 31 Mar 2016
Not just for phones and tablets: what other devices run Android? http://goo.gl/kQ4Pi8. Accessed 31 Mar 2016
Play store permissions change opens door to rogue apps. http://goo.gl/nJCwoY. Accessed 31 Mar 2016
Requesting permissions at run time. http://developer.android.com/training/permissions/requesting.html
Smartphone OS market share, 2015 Q2. http://goo.gl/WQwfZO. Accessed 31 Mar 2016
Arp, D., Speizenbarth, M., Hubner, M., Gascon, H., Rieck, K.: DREBIN: effective and explainable detection of Android malware in your pocket. In: Proceedings of NDSS (2014)
Au, K., Zhou, Y.F., Huang, Z., Gill, P., Lie, D.: Short paper: a look at smartphone permission models. In: Proceedings of SPSM (2011)
Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: PScout: analyzing the Android permission specification. In: Proceedings of CCS (2012)
Backes, M., Bugiel, S., Derr, E., Weisgerber, S., McDaniel, P., Octeau, D.: On demystifying the Android application framework: re-visiting Android permission specification analysis. In: Poster Session of IEEE EuroS&P (2016)
Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to Android. In: Proceedings of CCS (2010)
Bartel, A., Klein, J., Le Traon, Y., Monperrus, M.: Automatically securing permission-based software by reducing the attack surface: an application to Android. In: Proceedings of ASE (2012)
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Reza-Sadeghi, A., Shastry, B.: Towards taming privilege-escalation attacks on Android. In: Proceedings of NDSS (2012)
Chen, K.Z., Johnson, N., D’Silva, V., Dai, S., MacNamara, K., Magrino, T., Wu, E., Rinard, M., Song, D.: Contextual policy enforcement in Android applications with permission event graphs. In: Proceedings of NDSS (2013)
Conti, M., Crispo, B., Fernandes, E., Zhauniarovich, Y.: CRêPE: a system for enforcing fine-grained context-related policies on Android. IEEE Trans. Inf. Forensics Secur. 7(5), 1426–1438 (2012)
Elenkov, N.: Android Security Internals: An In-Depth Guide to Android’s Security Architecture, 1st edn. No Starch Press, San Francisco (2014)
Enck, W., Ongtang, M., McDaniel, P.: Understanding Android security. IEEE Secur. Priv. Mag. 7(1), 50–57 (2009)
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of CCS (2009)
Fang, Z., Han, W., Li, D., Guo, Z., Guo, D., Wang, X.S., Qian, Z., Chen, H.: revDroid: code analysis of the side effects after dynamic permission revocation of Android apps. In: Proceedings of ASIACCS (2016)
Fang, Z., Han, W., Li, Y.: Permission based Android security: issues and countermeasures. Comput. Secur. 43, 205–218 (2014)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of CCS (2011)
Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of SOUPS (2012)
Fragkaki, E., Bauer, L., Jia, L., Swasey, D.: Modeling and enhancing Android’s permission system. In: Proceedings of ESORICS (2013)
Fratantonio, Y., Bianchi, A., Robertson, W., Egele, M., Kruegel, C., Kirda, E., Vigna, G.: On the security and engineering implications of finer-grained access controls for Android developers and users. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 282–303. Springer, Heidelberg (2015)
Gadyatskaya, O., Massacci, F., Zhauniarovich, Y.: Security in the firefox OS and Tizen mobile platforms. IEEE Comput. 47(6), 57–63 (2014)
Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential privacy leaks in Android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 291–307. Springer, Heidelberg (2012)
Jeon, J., Micinski, K.K., Vaughan, J.A., Fogel, A., Reddy, N., Foster, J.S., Millstein, T.: Dr. Android and Mr. Hide: fine-grained permissions in Android applications. In: Proceedings of SPSM (2012)
Murphy, M.: Libraries and dangerous permissions. https://goo.gl/NJAjMx. Accessed 25 June 2016
Murphy, M.: Runtime permissions, files, and ACTION SEND. https://goo.gl/slhHoI. Accessed 25 June 2016
Murphy, M.: You cannot hold non-existent permissions. https://goo.gl/nyDjUj. Accessed 25 June 2016
Nauman, M., Khan, S., Zhang, X.: Apex: extending Android permission model and enforcement with user-defined runtime constraints. In: Proceedings of ASIACCS (2010)
Pandita, R., Xiao, X., Wang, W., Enck, W., Xie, T.: WHYPER: towards automating risk assessment of mobile applications. In: Proceedings of USENIX Security (2013)
Singh, K.: Practical context-aware permission control for hybrid mobile applications. In: Stolfo, S.J., Stavrou, A., Wright, C.V. (eds.) RAID 2013. LNCS, vol. 8145, pp. 307–327. Springer, Heidelberg (2013)
Wei, X., Gomez, L., Neamtiu, I., Faloutsos,M.: Permission evolution in the Android ecosystem. In: Proceedings of ACSAC (2012)
Wijesekera, P., Baokar, A., Hosseini, A., Egelman, S., Wagner, D., Beznosov, K.: Android permissions remystified: a field study on contextual integrity. In: Proceedings of USENIX Security (2015)
Xing, L., Pan, X., Wang, R., Yuan, K., Wang, X.: Upgrading your Android, elevating my malware: privilege escalation through mobile OS updating. In: Proceedings of S&P (2014)
Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang, X.S., Zang, B.: Vetting undesirable behaviors in Android apps with permission use analysis. In: Proceedings of CCS (2013)
Zhauniarovich, Y., Ahmad, M., Gadyatskaya, O., Crispo, B., Massacci, F.: Sta-DynA: addressing the problem of dynamic code updates in the security analysis of Android applications. In: Proceedings of CODASPY (2015)
Zhauniarovich, Y., Russello, G., Conti, M., Crispo, B., Fernandes, E.: MOSES: supporting and enforcing security profiles on smartphones. IEEE Trans. Dependable Secure Comput. 11(3), 211–223 (2014)
Zhou, Y., Jiang, X.: Dissecting Android malware: characterization and evolution. In: Proceedings of S&P (2012)
