research-article

Public Access

The Misuse of Android Unix Domain Sockets and Security Implications

Authors:

Yunhan Jack Jia,

Z. Morley MaoAuthors Info & Claims

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Pages 80 - 91

https://doi.org/10.1145/2976749.2978297

Published: 24 October 2016 Publication History

Abstract

In this work, we conduct the first systematic study in understanding the security properties of the usage of Unix domain sockets by both Android apps and system daemons as an IPC (Inter-process Communication) mechanism, especially for cross-layer communications between the Java and native layers. We propose a tool called SInspector to expose potential security vulnerabilities in using Unix domain sockets through the process of identifying socket addresses, detecting authentication checks, and performing data flow analysis. Our in-depth analysis revealed some serious vulnerabilities in popular apps and system daemons, such as root privilege escalation and arbitrary file access. Based on our findings, we propose countermeasures and improved practices for utilizing Unix domain sockets on Android.

References

[1]

Advanced audio distribution profile (a2dp). https://developer.bluetooth.org/TechnologyOverview/Pages/A2DP.aspx.

[2]

An Analysis of Android App Permissions. http://www.pewinternet.org/2015/11/10/an-analysis-of-android-app-permissions/.

[3]

Android Security Overview. https://source.android.com/security/.

[4]

Android Security Tips: Using Interprocess Communication. http://developer.android.com/training/articles/security-tips.html#IPC.

[5]

ApkPure website. https://apkpure.com/.

[6]

Es app group. http://www.estrongs.com/.

[7]

How to create a android native service and use binder to communicate with it? http://stackoverflow.com/questions/14215462/how-to-create-a-android-native-service-and-use-binder-to-communicate-with-it http://stackoverflow.com/ http://stackoverflow.com/questions/14215462/how-to-create-a-android-native-service-and-use-binder-to-communicate-with-itquestions/14215462/how-to-create-a-android http://stackoverflow.com/questions/14215462/how-to-create-a-android-native-service-and-use-binder-to-communicate-with-it-native-service-and-use-binder-to-communicate-with-it.

[8]

Jeb decompiler by pnf software. https://www.pnfsoftware.com/.

[9]

ProGuard. http://proguard.sourceforge.net/.

[10]

Qualcomm's cne brings "smarts" to 3g/4g wi-fi seamless interworking. https://www.qualcomm.com/news/onq/2013/07/02/qualcomms-cne-bringing-smarts-3g4g-wi-fi-seamless-interworking https://www.qualcomm.com/ https://www.qualcomm.com/news/onq/2013/07/02/qualcomms-cne-bringing-smarts-3g4g-wi-fi-seamless-interworkingnews/onq/2013/07/02/qualcomms-cne-bringing-smarts-3g4g-wi-fi https://www.qualcomm.com/news/onq/2013/07/02/qualcomms-cne-bringing-smarts-3g4g-wi-fi-seamless-interworking-seamless-interworking.

[11]

Security -- Platform Security Architecture. https://source.android.com/security/index.html#android-platform-security-architecture.

[12]

Xposed development tutorial. https://github.com/rovo89/XposedBridge/wiki/Development-tutorial.

[13]

Y. Aafer, N. Zhang, Z. Zhang, X. Zhang, K. Chen, X. Wang, X. Zhou, W. Du, and M. Grace. Hare hunting in the wild android: A study on the threat of hanging attribute references. In Proc. of ACM CCS, 2015.

Digital Library

[14]

S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In Proc. of ACM PLDI, 2014.

Digital Library

[15]

S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry. Towards taming privilege-escalation attacks on android. In Proc. of ISOC NDSS, 2012.

[16]

J. Caballero, H. Yin, Z. Liang, and D. Song. Polyglot: Automatic extraction of protocol message format using dynamic binary analysis. In Proc. of ACM CCS, 2007.

Digital Library

[17]

E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in Android. In Proc. of ACM MobiSys, 2011.

Digital Library

[18]

W. Cui, J. Kannan, and H. J. Wang. Discoverer: Automatic protocol reverse engineering from network traces. In Proc. of USENIX Security, 2007.

Digital Library

[19]

L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy. Privilege escalation attacks on android. In Information Security, pages 346--360. Springer, 2010.

Digital Library

[20]

W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), 32(2):5, 2014.

Digital Library

[21]

Y. Fratantonio, A. Bianchi, W. Robertson, E. Kirda, C. Kruegel, and G. Vigna. Triggerscope: Towards detecting logic bombs in android applications. In Proc. of IEEE S&P, 2016.

[22]

C. Gibler, J. Crussell, J. Erickson, and H. Chen. AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. Springer, 2012.

[23]

M. Grace, Y. Zhou, Z. Wang, and X. Jiang. Systematic detection of capability leaks in stock android smartphones. In Proc. of ISOC NDSS, 2012.

[24]

N. Hardy. The Confused Deputy:(or why capabilities might have been invented). ACM SIGOPS, 1988.

Digital Library

[25]

C.-C. Lin, H. Li, X.-y. Zhou, and X. Wang. Screenmilker: How to milk your android screen for secrets. In Proc. of ISOC NDSS, 2014.

[26]

Z. Lin, X. Jiang, D. Xu, and X. Zhang. Automatic protocol format reverse engineering through context-aware monitored execution. In Proc. of ISOC NDSS, 2008.

[27]

L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang. Chex: statically vetting android apps for component hijacking vulnerabilities. In Proc. of ACM CCS, 2012.

Digital Library

[28]

F. Nielson, H. R. Nielson, and C. Hankin. Principles of program analysis. Springer, 2015.

Digital Library

[29]

Y. Shao, J. Ott, Q. A. Chen, Z. Qian, and Z. M. Mao. Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework. In Proc. of ISOC NDSS, 2016.

[30]

T. Vennon. Android malware. A study of known and potential malware threats. SMobile Global Threat Centre, 2010.

[31]

F. Wei, S. Roy, X. Ou, et al. Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps. In Proc. of ACM CCS, 2014.

Digital Library

[32]

L. Wu, M. Grace, Y. Zhou, C. Wu, and X. Jiang. The impact of vendor customizations on android security. In Proc. of ACM CCS, 2013.

Digital Library

[33]

H. Zhang, D. She, and Z. Qian. Android root and its providers: A double-edged sword. In Proc. of ACM CCS, 2015.

Digital Library

[34]

X. Zhou, Y. Lee, N. Zhang, M. Naveed, and X. Wang. The peril of fragmentation: Security hazards in android device driver customizations. In Proc. of IEEE S&P, 2014.

Digital Library

Cited By

Yang SHou QLi SXu FDiao W(2024)From guidelines to practice: assessing Android app developer compliance with google’s security recommendationsEmpirical Software Engineering10.1007/s10664-024-10559-030:1Online publication date: 28-Oct-2024
https://doi.org/10.1007/s10664-024-10559-0
Abbadini MFacchinetti DOldani GRossi MParaboschi S(2023)NatiSand: Native Code Sandboxing for JavaScript RuntimesProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607233(639-653)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607233
Yang SHou QLi SDiao W(2023)Do App Developers Follow the Android Official Data Security Guidelines? An Empirical Measurement on App Data Security2023 30th Asia-Pacific Software Engineering Conference (APSEC)10.1109/APSEC60848.2023.00017(71-80)Online publication date: 4-Dec-2023
https://doi.org/10.1109/APSEC60848.2023.00017
Show More Cited By

Index Terms

The Misuse of Android Unix Domain Sockets and Security Implications
1. Security and privacy
  1. Software and application security
    1. Software security engineering
  2. Systems security
    1. Operating systems security
      1. Mobile platform security
    2. Vulnerability management
      1. Vulnerability scanners

Recommendations

Security implications of Android: a closed system, open software mobile platform
SPSM '11: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices

Smartphones blur the boundaries between the traditional feature phone and a general purpose computer such as a laptop. The Android OS, from Google, was created to be an open alternative to fully closed platforms such as Apple's iOS or Microsoft's ...
Unix Emulators: Cygwin, Uwin, Mks Toolkit
Android Security Cookbook

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

October 2016

1924 pages

ISBN:9781450341394

DOI:10.1145/2976749

General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chairs:
Christopher Kruegel
University of California, Santa Barbara, USA
,
Andrew Myers
Cornell University, USA
,
Shai Halevi
IBM Research, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 24 - 28, 2016

Vienna, Austria

Acceptance Rates

CCS '16 Paper Acceptance Rate 137 of 831 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
2,656
Total Downloads

Downloads (Last 12 months)258
Downloads (Last 6 weeks)32

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yang SHou QLi SXu FDiao W(2024)From guidelines to practice: assessing Android app developer compliance with google’s security recommendationsEmpirical Software Engineering10.1007/s10664-024-10559-030:1Online publication date: 28-Oct-2024
https://doi.org/10.1007/s10664-024-10559-0
Abbadini MFacchinetti DOldani GRossi MParaboschi S(2023)NatiSand: Native Code Sandboxing for JavaScript RuntimesProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607233(639-653)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607233
Yang SHou QLi SDiao W(2023)Do App Developers Follow the Android Official Data Security Guidelines? An Empirical Measurement on App Data Security2023 30th Asia-Pacific Software Engineering Conference (APSEC)10.1109/APSEC60848.2023.00017(71-80)Online publication date: 4-Dec-2023
https://doi.org/10.1109/APSEC60848.2023.00017
Elgharabawy MKojusner BMannan MButler KWilliams BYoussef A(2022)SAUSAGE: Security Analysis of Unix domain Socket usAGE in Android2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP53844.2022.00042(572-586)Online publication date: Jun-2022
https://doi.org/10.1109/EuroSP53844.2022.00042
Kabakus A(2022)DroidMalwareDetector: A novel Android malware detection framework based on convolutional neural networkExpert Systems with Applications10.1016/j.eswa.2022.117833206(117833)Online publication date: Nov-2022
https://doi.org/10.1016/j.eswa.2022.117833
Xu FShen SDiao WLi ZChen YLi RZhang KKim YKim JVigna GShi E(2021)Android on PC: On the Security of End-user Android EmulatorsProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484774(1566-1580)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484774
Yu DYang GMeng GGong XZhang XXiang XWang XJiang YChen KZou WLee WShi W(2021)SEPAL: Towards a Large-scale Analysis of SEAndroid Policy CustomizationProceedings of the Web Conference 202110.1145/3442381.3450007(2733-2744)Online publication date: 19-Apr-2021
https://doi.org/10.1145/3442381.3450007
Wu DGao DDeng RRocky K. C. C(2021)When Program Analysis Meets Bytecode Search: Targeted and Efficient Inter-procedural Analysis of Modern Android Apps in BackDroid2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN48987.2021.00063(543-554)Online publication date: Jun-2021
https://doi.org/10.1109/DSN48987.2021.00063
Suzuki MWatanabe DMatsumoto TYoshida NSakamoto J(2021)Key Agreement Over Inter-Process CommunicationIEEE Access10.1109/ACCESS.2021.31173379(137367-137383)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3117337
Wu DGao DLo D(2021)Scalable online vetting of Android apps for measuring declared SDK versions and their consistency with API callsEmpirical Software Engineering10.1007/s10664-020-09897-626:1Online publication date: 12-Jan-2021
https://doi.org/10.1007/s10664-020-09897-6
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents