A Novel Permission Control System For Sensitive Resources On Android Platform

At present,Android occupies the absolute dominant position in mobile operating system and occupies the largest market share.Meanwhile,as an open source system,the lack of supervision on the Android market increases the risk of installing malicious applications by users.These apps attempt to retrieve and leak users' sensitive informationquietly.Several proposals that aim to enhance the security of the Android systemhave been published and obtained some results,such as FireDroid,TaintDroid,and Aurasium.However,different kinds of limitations still exist in these systems.Many strategies that intend to protect users' privacies may degrade the user experience.Methods that based on malware detection cannot handle the applications that have been installed.Other solutions that based on modifying Android system require root privilege,which is not acceptable in most scenarios.In this paper,wepropose a fine-grained permission control system named DefDroid,which enforce security policies by modifying Android applications.The main advantages of DefDroid lie in:(I)it offers different policiesto enhance security for various applications through Bytecode instrumentation with a toolchain.DefDroid does not need root privilege,which avoids the security risks brought by rootingAndroid system.DefDroid provides more fine-grained security policies compared to other similar systems;(II)it provides a user-friendly interface for customers to configure policies without knowing much implementation details.DefDroid supplies policies for several important resources of Android system,i.e.,content provider,file system,and network;(III)it offers local and remote modes of policy deployment.Data are stored on remote server under remote mode to support frequent policy iteration.We downloaded applications from the Android market to evaluate the system performance.Experimental results showed that the success rate of implementing security policiesis above80%.In addition,remote deployment would increase the overhead of the applications,but considering the necessity of this mode,the overhead can be tolerated.