research-article

DroidChecker: analyzing android applications for capability leak

Authors:

Patrick P.F. Chan,

Lucas C.K. Hui,

S. M. YiuAuthors Info & Claims

WISEC '12: Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks

Pages 125 - 136

https://doi.org/10.1145/2185448.2185466

Published: 16 April 2012 Publication History

Abstract

While Apple has checked every app available on the App Store, Google takes another approach that allows anyone to publish apps on the Android Market. The openness of the Android Market attracts both benign and malicious developers. The security of the Android platform relies mainly on sandboxing applications and restricting their capabilities such that no application, by default, can perform any operations that would adversely impact other applications, the operating system, or the user. However, a recent research reported that a genuine but vulnerable application may leak its capabilities to other applications. When being leveraged, other applications can gain extra capabilities which they are not granted originally. We present DroidChecker, an Android application analyzing tool which searches for the aforementioned vulnerability in Android applications. DroidChecker uses interprocedural control flow graph searching and static taint checking to detect exploitable data paths in an Android application. We analyzed more than 1100 Android applications using DroidChecker and found 6 previously unknown vulnerable applications including the re-nowned Adobe Photoshop Express application. We have also developed a malicious application that exploits the previously unknown vulnerability found in the Adobe Photoshop Express application. We show that the malicious application, which is not granted any permissions, can access contacts on the phone with just a few lines of code.

References

[1]

J. S. F. Adam P. Fuchs, Avik Chaudhuri. Scandroid: Automated security certification of android applications. Technical report, University of Maryland, College Park, 2009.

[2]

Android Open Source project. Security and permissions. http://developer.android.com/guide/topics/security/security.html, April 2011.

[3]

S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A.-R. Sadeghi. Xmandroid: A new android evolution to mitigate privilege escalation attacks. Technical Report TR-2011-04, Technische Universität Darmstadt, Apr 2011.

[4]

P. P. Chan, L. C. Hui, and S. Yiu. A privilege escalation vulnerability checking system for android applications. In 13th IEEE International Conference on Communication Techonologies (ICCT), 2011.

[5]

S. T.-H. Chang and T. Yeh. Sikuli. http://sikuli.org/.

[6]

E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in android. In Proceedings of the 9th international conference on Mobile systems, applications, and services, MobiSys '11, pages 239--252, New York, NY, USA, 2011. ACM.

Digital Library

[7]

L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy. Privilege escalation attacks on android. In Proceedings of the 13th international conference on Information security, ISC'10, pages 346--360, Berlin, Heidelberg, 2011. Springer-Verlag.

Digital Library

[8]

S. K. Debray and T. A. Proebsting. Interprocedural control flow analysis of first-order programs with tail-call optimization. ACM Trans. Program. Lang. Syst., 19:568--585, July 1997.

Digital Library

[9]

M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach. Quire: lightweight provenance for smart phone operating systems. In Proceedings of the 20th USENIX conference on Security, SEC'11, pages 23--23, Berkeley, CA, USA, 2011. USENIX Association.

Digital Library

[10]

E. Dupuy. Java decompiler. http://java.decompiler.free.fr/, Aug 2010.

[11]

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, OSDI'10, pages 1--6, Berkeley, CA, USA, 2010. USENIX Association.

Digital Library

[12]

W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of android application security. In Proceedings of the 20th USENIX conference on Security, SEC'11, pages 21--21, Berkeley, CA, USA, 2011. USENIX Association.

Digital Library

[13]

W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In Proceedings of the 16th ACM conference on Computer and communications security, CCS '09, pages 235--245, New York, NY, USA, 2009. ACM.

Digital Library

[14]

W. Enck, M. Ongtang, and P. McDaniel. Understanding android security. Security Privacy, IEEE, 7(1):50--57, jan.-feb. 2009.

Digital Library

[15]

D. Evans and D. Larochelle. Improving security using extensible lightweight static analysis. IEEE Software, 19:2002, 2002.

Digital Library

[16]

A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin. Permission re-delegation: attacks and defenses. In Proceedings of the 20th USENIX conference on Security, SEC'11, pages 22--22, Berkeley, CA, USA, 2011. USENIX Association.

Digital Library

[17]

Gartner. Gartner says worldwide mobile device sales to end users reached 1.6 billion units in 2010; smartphone sales grew 72 percent in 2010. http://www.gartner.com/it/page.jsp?id=1543014, February 2011.

[18]

Google. Axmlprinter2. http://code.google.com/p/android4me/, October 2008.

[19]

Google. Android adk. http://developer.android.com/guide/topics/usb/adk.html, December 2011.

[20]

Google. dex2jar. http://code.google.com/p/dex2jar/, June 2011.

[21]

Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai, D.-T. Lee, and S.-Y. Kuo. Securing web application code by static analysis and runtime protection. In Proceedings of the 13th international conference on World Wide Web, WWW '04, pages 40--52, New York, NY, USA, 2004. ACM.

Digital Library

[22]

M. Jakobsson and K.-A. Johansson. Retroactive detection of malware with applications to mobile platforms. In Proceedings of the 5th USENIX conference on Hot topics in security, HotSec'10, pages 1--13, Berkeley, CA, USA, 2010. USENIX Association.

Digital Library

[23]

T. Jensen, D. Le Metayer, and T. Thorn. Verification of control flow based security properties. In Security and Privacy, 1999. Proceedings of the 1999 IEEE Symposium on, pages 89--103, 1999.

[24]

V. B. Livshits and M. S. Lam. Finding security vulnerabilities in java applications with static analysis. In Proceedings of the 14th conference on USENIX Security Symposium - Volume 14, pages 18--18, Berkeley, CA, USA, 2005. USENIX Association.

Digital Library

[25]

Lookout. App genome report. https://www.mylookout.com/appgenome, February 2011.

[26]

Lookout. Security alert: Android trojan ggtracker charges premium rate sms messages. http://blog.mylookout.com/2011/06/security-alert-android-trojan-ggtracker-charges-victims-premium-rate-sms-messages/, June 2011.

[27]

J. Midtgaard and T. P. Jensen. Control-flow analysis of function calls and returns by abstract interpretation. In Proceedings of the 14th ACM SIGPLAN international conference on Functional programming, ICFP '09, pages 287--298, New York, NY, USA, 2009. ACM.

Digital Library

[28]

M. Nauman, S. Khan, and X. Zhang. Apex: extending android permission model and enforcement with user-defined runtime constraints. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS '10, pages 328--332, New York, NY, USA, 2010. ACM.

Digital Library

[29]

A. Nguyen-tuong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans. Automatically hardening web applications using precise tainting. In In 20th IFIP International Information Security Conference, pages 372--382, 2005.

[30]

Nielsen. Who is winning the u.s. smartphone battle? http://blog.nielsen.com/nielsenwire/online_mobile/who-is-winning-the-u-s-smartphone-battle/, March 2011.

[31]

M. Ongtang, S. Mclaughlin, W. Enck, and P. Mcdaniel. Semantically rich application-centric security in android. In In ACSAC '09: Annual Computer Security Applications Conference, 2009.

Digital Library

[32]

G. Paller. Dedexer. http://dedexer.sourceforge.net/, August 2009.

[33]

T. Parr. Antlr. http://www.antlr.org/.

[34]

M. Pistoia, R. Flynn, L. Koved, and V. C. Sreedhar. Interprocedural analysis for privileged code placement and tainted variable detection. In In Proceedings of the 19th European Conference on Object-Oriented Programming, pages 362--386. SpringerVerlag, 2005.

Digital Library

[35]

A.-D. Schmidt, H.-G. Schmidt, L. Batyuk, J. Clausen, S. Camtepe, S. Albayrak, and C. Yildizli. Smartphone malware evolution revisited: Android next target? In Malicious and Unwanted Software (MALWARE), 2009 4th International Conference on, pages 1--7, oct. 2009.

[36]

A. Shabtai, Y. Fledel, and Y. Elovici. Securing android-powered mobile devices using selinux. Security Privacy, IEEE, 8(3):36--44, may-june 2010.

Digital Library

[37]

U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Detecting format string vulnerabilities with type qualifiers. In Proceedings of the 10th conference on USENIX Security Symposium - Volume 10, pages 16--16, Berkeley, CA, USA, 2001. USENIX Association.

Digital Library

[38]

Symantec. Android.ggtracker. http://www.symantec.com/security_response/writeup.jsp?docid=2011-062208--5013--99, June 2011.

[39]

G. Tan and J. Croft. An empirical security study of the native code in the jdk. In Proceedings of the 17th conference on Security symposium, pages 365--377, Berkeley, CA, USA, 2008. USENIX Association.

Digital Library

[40]

thinkmobile with Google. The mobile movement study. http://www.gstatic.com/ads/research/en/2011_TheMobileMovement.pdf, April 2011.

[41]

D. Venkatesan. A trojan spying on your conversations. http://totaldefense.com/securityblog/2011/08/26/A-Trojan-spying-on-your-conversations.aspx, August 2011.

[42]

B. Zeng, G. Tan, and G. Morrisett. Combining control-flow integrity and static analysis for efficient and validated data sandboxing. In Proceedings of the 18th ACM conference on Computer and communications security, CCS '11, pages 29--40, New York, NY, USA, 2011. ACM.

Digital Library

Cited By

Wang XZhang YWang XJia YXing LCalandrino JTroncoso C(2023)Union under duressProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620428(3403-3420)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620428
Zhang JXu YShi YWu A(2023)Research on Source Code Static Detection Method Based on Android Application Particularity2023 IEEE 6th Information Technology,Networking,Electronic and Automation Control Conference (ITNEC)10.1109/ITNEC56291.2023.10081998(249-253)Online publication date: 24-Feb-2023
https://doi.org/10.1109/ITNEC56291.2023.10081998
Ullah IBoreli RKanhere S(2022)Privacy in targeted advertising on mobile devices: a surveyInternational Journal of Information Security10.1007/s10207-022-00655-x22:3(647-678)Online publication date: 24-Dec-2022
https://doi.org/10.1007/s10207-022-00655-x
Show More Cited By

Index Terms

DroidChecker: analyzing android applications for capability leak
1. General and reference
  1. Cross-computing tools and techniques
    1. Verification
2. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

DroidAlarm: an all-sided static analysis tool for Android privilege-escalation malware
ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

Since smartphones have stored diverse sensitive privacy information, including credit card and so on, a great deal of malware are desired to tamper them. As one of the most prevalent platforms, Android contains sensitive resources that can only be ...
Taming transitive permission attack via bytecode rewriting on Android application

Google Android is popular for mobile devices in recent years. The openness and popularity of Android make it a primary target for malware. Even though Android's security mechanisms could defend most malware, its permission model is vulnerable to ...
An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide Web

With the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WISEC '12: Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks

April 2012

216 pages

ISBN:9781450312653

DOI:10.1145/2185448

General Chairs:
Marwan Krunz
University of Arizona, USA
,
Loukas Lazos
University of Arizona, USA
,
Program Chairs:
Roberto Di Pietro
Università di Roma Tre, Italy
,
Wade Trappe
Rutgers University, USA

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

In-Cooperation

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 April 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WISEC'12

Sponsor:

SIGSAC

WISEC'12: Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks

April 16 - 18, 2012

Arizona, Tucson, USA

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

87
Total Citations
View Citations
2,007
Total Downloads

Downloads (Last 12 months)19
Downloads (Last 6 weeks)1

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wang XZhang YWang XJia YXing LCalandrino JTroncoso C(2023)Union under duressProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620428(3403-3420)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620428
Zhang JXu YShi YWu A(2023)Research on Source Code Static Detection Method Based on Android Application Particularity2023 IEEE 6th Information Technology,Networking,Electronic and Automation Control Conference (ITNEC)10.1109/ITNEC56291.2023.10081998(249-253)Online publication date: 24-Feb-2023
https://doi.org/10.1109/ITNEC56291.2023.10081998
Ullah IBoreli RKanhere S(2022)Privacy in targeted advertising on mobile devices: a surveyInternational Journal of Information Security10.1007/s10207-022-00655-x22:3(647-678)Online publication date: 24-Dec-2022
https://doi.org/10.1007/s10207-022-00655-x
Lyvas CLambrinoudakis CGeneiatakis D(2022)IntentAuth: Securing Android’s Intent-based inter-process communicationInternational Journal of Information Security10.1007/s10207-022-00592-921:5(973-982)Online publication date: 22-Apr-2022
https://doi.org/10.1007/s10207-022-00592-9
Autili MMalavolta IPerucci AScoccia GVerdecchia R(2021)Software engineering techniques for statically analyzing mobile apps: research trends, characteristics, and potential for industrial adoptionJournal of Internet Services and Applications10.1186/s13174-021-00134-x12:1Online publication date: 23-Jul-2021
https://doi.org/10.1186/s13174-021-00134-x
Feng RChen SXie XMeng GLin SLiu Y(2021)A Performance-Sensitive Malware Detection System Using Deep Learning on Mobile DevicesIEEE Transactions on Information Forensics and Security10.1109/TIFS.2020.302543616(1563-1578)Online publication date: 2021
https://doi.org/10.1109/TIFS.2020.3025436
Pinhero AM L AP VVisaggio CN AS AS A(2021)Malware Detection employed by Visualization and Deep Neural NetworkComputers & Security10.1016/j.cose.2021.102247(102247)Online publication date: Feb-2021
https://doi.org/10.1016/j.cose.2021.102247
Lee YKim D(2020)A Taxonomy for Security Flaws in Event-Based SystemsApplied Sciences10.3390/app1020733810:20(7338)Online publication date: 20-Oct-2020
https://doi.org/10.3390/app10207338
Chen CLiu YCai ZLai G(2020)A Power-Efficient Approach to Detect Mobile Threats on the Emergent Network EnvironmentIEEE Access10.1109/ACCESS.2020.30351928(199840-199851)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3035192
Verderame LCaputo DRomdhana AMerlo A(2020)APPregator: A Large-Scale Platform for Mobile Security AnalysisTesting Software and Systems10.1007/978-3-030-64881-7_5(73-88)Online publication date: 2-Dec-2020
https://doi.org/10.1007/978-3-030-64881-7_5
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents