Enhanced Permission Mechanisms In The Android Platform

Android platform developed by Google is now the most popular mobile OS.It is widely installed in the smartphones and tablets,even in the smart TV,smartwatch,etc.People can easily do electronic shopping or entertainment on these devices.People can also store their private information(e.g.,SMS,photos,health information,etc.)on the devices.While the popularity of Android devices changes people's daily life,it also attracts the attention of malicious attackers.At present,Android platform relies largely on its permission mechanism to protect user's private information.However,there are two problems of the Android's permission mechanism.First,permission leaks affect the permission mechanism.Permission leaks can be considered as an attack in which an unprivileged app can access centain sensitive resource without declaring the corresponding permissions.Thus,the attack would bypass Android's permission mechanism.In addition,permission leaks also affect the permission management(e.g.,permission manager apps)on the Android platform.Last,Android platform does not provide any protection on external data.Recently,the emerging external devices(e.g.,wearable devices)enrich the Android platform.These devices will contain many personal external data,even private data.These data will be collected and stored in the Android devices.However,the security of these data has not been better studied and protected.Around the above problems,we carry out the following three aspects to enhance the permission mechanisms in the Android platform.First,an efficient,usable,and secure permission management mechanism is proposed to solve the impacts,introduced by permission leaks,on the effectiveness of permission managers.In consideration of the app's usability and performance overhead,the permission management mechanism can be implemented with two approaches:multiple app instances based approach(MAI)and component instance-based call-chain approach(CICC).To reduce the impact on the app's usability,in MAI,each app is divided into multiple app instances,each of which has different permission set and services different requests of inter-component communication.Thus,only the privilege on some instances of an app are limited while other instances are not limited.CICC builds call-chains at the component instance level.These call-chains will be used to provide security context when an app wants to access sensitive resources.Thus,only some component instances of an app are limited while others are not limited.Compared with MAI,the performance overhead of CICC is lower.MAI and CICC can both help existing permission managers to defend against permission leaks without requiring any modification of existing apps.Second,a permission leaks defense mechanism(named SeApp)based on bytecode rewriting on Android app is proposed to solve the large-scale and rapid adoption problem on existing solutions.SeApp consists of two parts:app rewriting and run-time detecting.SeApp can be deployed as a part of an app market so that it will not require any modification of Android framework.SeApp analyzes and rewrites the apps uploaded by app developers.These rewrited app will automatically build call-chain and detect permission leaks at runtime.We evaluate SeApp on 1326 apps from Google Play and 1260 malicious app.Experimental results show that SeApp could effectively rewrite apps and defend against the permission leaks;in addition,the overheads introduced by SeApp are reasonable.Last,since the permission mechanism of Android OS does not provide any protection on external data,a fine-grained framework(named DataDroid)for securely sharing external data in Android is proposed.DataDroid allows data owner apps to specify the context-aware and data-centric policies on their external data.DataDroid extends a dynamic taint tracking system to track these tainted external data and enforce the access control based on pre-defined policies before external data are accessed.In addition,DataDroid allows users and data owner apps to know the details of how external data are used in the device.Our evaluation shows that DataDroid incurs acceptable performance overhead and does not negatively affect the user experience.DataDroid can be complementary to Android permission mechanism.