• Home

  • Documents

  • Android permissions Defining & using application ... · Android protects resources & data...
28

Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

  • Upload
    others

  • View
    21

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive
Page 2: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive
Page 3: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

Android permissions

Defining & using application permissions

Component permissions & permissions-related APIs

Page 4: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

Android protects resources & data with permissions

Used to limit access to: User information – e.g, contacts Cost-sensitive API’s – e.g., SMS/MMS System resources – e.g., Camera

Page 5: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

Permissions are represented as strings

In AndroidManifest.xml, apps declare the permissions

They use themselves

They require of other components

Page 6: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

Applications specify permissions they use through a <uses-permission> tag

Users must accept these permissions before an application can be installed

Page 7: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

<manifest … > �…�<uses-permission android:name=�

"android.permission.CAMERA”/> <uses-permission android:name=�

"android.permission.INTERNET”/> <uses-permission adroid:name=�

“android.permission.ACCESS_FINE_LOCATION"”/> … </manifest > See: http://developer.android.com/reference/android/

Manifest.permission.html

Page 8: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

Select a contact from contacts database

Display a map centered on selected contact’s address

Page 9: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive
Page 10: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive
Page 11: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

Apps can also define and enforce their own permissions

Page 12: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

Suppose your application performs a privileged/dangerous operation

You might not want to allow just any application to invoke yours

So you can define & enforce your own permission

Page 13: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

Simple Application that performs a (just pretend) dangerous action

Page 14: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive
Page 15: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

IF you don’t want just anyone to run PermissionExampleBoom

Define & enforce an application-specific permission

Page 16: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive
Page 17: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

Apps that want to use PermissionExampleBoom must now acquire the correct permission

Page 18: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive
Page 19: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive
Page 20: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

An application can declare/accept the permissions of the Applications it uses

Page 21: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive
Page 22: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive
Page 23: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

Individual components can set their own permissions, restricting which other components can access them

Component permissions take precedence over application-level permissions

Page 24: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

Restricts which components can start the associated activity

Checked within execution of startActivity() startActivityForResult()

Throws SecurityException on permissions failure

Page 25: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

Restricts which components can start or bind to the associated service

Checked within execution of Context.startService() Context.stopService() Context.bindService()

Throws SecurityException on permissions failure

Page 26: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

Restricts which components can send & receive broadcasts

Permissions checked in multiple places

More on this when we discuss BroadcastReceivers

Page 27: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

Restrict which components can read & write the data in a ContentProvider

More on this when we discuss ContentProviders

Page 28: Android permissions Defining & using application ... · Android protects resources & data with permissions Used to limit access to: User information – e.g, contacts Cost-sensitive

The Fragment Class


Android Permissions Remystified: A Field Study on ... Permissions Remystified: A Field Study on Contextual Integrity Primal Wijesekera 1, Arjun Baokar 2, Ashkan Hosseini 2, Serge

Android Permissions Remystified: A Field Study on ... Permissions Remystified: A Field Study on Contextual Integrity Primal Wijesekera 1, Arjun Baokar 2, Ashkan Hosseini 2, Serge

Documents
Dr. Android and Mr. Hide: Fine-grained Permissions in Android

Dr. Android and Mr. Hide: Fine-grained Permissions in Android

Documents
Analyzing unnecessary permissions requested by Android apps … · 2017-08-14 · Analyzing unnecessary permissions requested by Android apps based on users’ opinions Jina Kang

Analyzing unnecessary permissions requested by Android apps … · 2017-08-14 · Analyzing unnecessary permissions requested by Android apps based on users’ opinions Jina Kang

Documents
An In-Depth Introduction to the Android Permission Model · PDF fileOWASP Introduction This talk introduces the application permissions system for the Android operating system/environment

An In-Depth Introduction to the Android Permission Model · PDF fileOWASP Introduction This talk introduces the application permissions system for the Android operating system/environment

Documents
A Framework to Investigate Android Permissions for Malware ... · for download, modification and review The Google Play Store uses a blacklist style of accepting Android applications

A Framework to Investigate Android Permissions for Malware ... · for download, modification and review The Google Play Store uses a blacklist style of accepting Android applications

Documents
Dr. Android and Mr. Hide - University Of Marylandresources and OS features ! Internet, GPS, telephony, … ! Permissions granted at install time ! once granted, apps can use such permissions

Dr. Android and Mr. Hide - University Of Marylandresources and OS features ! Internet, GPS, telephony, … ! Permissions granted at install time ! once granted, apps can use such permissions

Documents
Vetting Undesirable Behaviors in Android Apps with ...In Android, an app needs to explicitly request a set of permissions when it is installed. However, after permissions ... lose

Vetting Undesirable Behaviors in Android Apps with ...In Android, an app needs to explicitly request a set of permissions when it is installed. However, after permissions ... lose

Documents
University of California, Irvineisr.uci.edu/sites/isr.uci.edu/files/techreports/UCI-ISR-18-2.pdf · 5 concern. Permissions form the foundation of security in Android. Android relies

University of California, Irvineisr.uci.edu/sites/isr.uci.edu/files/techreports/UCI-ISR-18-2.pdf · 5 concern. Permissions form the foundation of security in Android. Android relies

Documents
Dr. Android and Mr. Hide: fine-grained permissions …lilicoding.github.io/SA3Repo/papers/2012_jeon2012dr.pdfDr. Android and Mr. Hide: Fine-grained Permissions in Android Applications

Dr. Android and Mr. Hide: fine-grained permissions …lilicoding.github.io/SA3Repo/papers/2012_jeon2012dr.pdfDr. Android and Mr. Hide: Fine-grained Permissions in Android Applications

Documents
Sleeping Android: The Danger of Dormant Permissions€¦ · An Android app typically needs to interact with the de-vice on which it is installed. The Android platform enables such

Sleeping Android: The Danger of Dormant Permissions€¦ · An Android app typically needs to interact with the de-vice on which it is installed. The Android platform enables such

Documents
Android OS - etsmtl.ca · 2018-04-10 · Les permissions dans Android Une application de base Android n'a pas de permissions qui lui sont associées. Pour faire usage de fonctionnalités

Android OS - etsmtl.ca · 2018-04-10 · Les permissions dans Android Une application de base Android n'a pas de permissions qui lui sont associées. Pour faire usage de fonctionnalités

Documents
Papilio: Visualizing Android Application Permissions...diagrams and matrix layouts. By grouping applications based on sets of requested permissions, a structure can be formed with

Papilio: Visualizing Android Application Permissions...diagrams and matrix layouts. By grouping applications based on sets of requested permissions, a structure can be formed with

Documents
DroidCap: OS Support for Capability-based Permissions in ......in Android Abdallah Dawoud and Sven Bugiel. 2 Android App Components Broadcast Receiver Content Provider Service Activity

DroidCap: OS Support for Capability-based Permissions in ......in Android Abdallah Dawoud and Sven Bugiel. 2 Android App Components Broadcast Receiver Content Provider Service Activity

Documents
Permissions Plugins as Android Apps · to user inputs; and mediating apps’ accesses to sensitive resources on the device, e.g., the camera or GPS location. 2.1 Android permissions

Permissions Plugins as Android Apps · to user inputs; and mediating apps’ accesses to sensitive resources on the device, e.g., the camera or GPS location. 2.1 Android permissions

Documents
Android Apps permissions model (in)security · 2020-01-17 · Android Intents Android supports some forms of Interprocess Communication (Intent, Binder, Messenger or traditional Linux

Android Apps permissions model (in)security · 2020-01-17 · Android Intents Android supports some forms of Interprocess Communication (Intent, Binder, Messenger or traditional Linux

Documents
Dr. Android and Mr. Hide: Fine-grained Permissions in ...jfoster/papers/spsm12.pdf · Android APIs, making it as easy for developers to use ne-grained permissions as the original

Dr. Android and Mr. Hide: Fine-grained Permissions in ...jfoster/papers/spsm12.pdf · Android APIs, making it as easy for developers to use ne-grained permissions as the original

Documents
A Conundrum of Permissions: Installing Applications on an ... · A Conundrum of Permissions: Installing Applications on an Android Smartphone PatrickGageKelley,SunnyConsolvo2,LorrieFaithCranor,

A Conundrum of Permissions: Installing Applications on an ... · A Conundrum of Permissions: Installing Applications on an Android Smartphone PatrickGageKelley,SunnyConsolvo2,LorrieFaithCranor,

Documents
D R A IOS D - Gocycle...1.4 Click on “INSTALL”. 1.5 Android Only. The “App permissions” window will appear. After agreeing to the permissions, click “ACCEPT”. ... the Gocycle

D R A IOS D - Gocycle...1.4 Click on “INSTALL”. 1.5 Android Only. The “App permissions” window will appear. After agreeing to the permissions, click “ACCEPT”. ... the Gocycle

Documents
Permissions script for SQL Permissions

Permissions script for SQL Permissions

Education
Android 8.1 Compatibility Definition · Managed API Compatibility 3.1.1. Android Extensions 3.2. Soft API Compatibility 3.2.1. Permissions 3.2.2. ... 3.12.1.1. Electronic Program

Android 8.1 Compatibility Definition · Managed API Compatibility 3.1.1. Android Extensions 3.2. Soft API Compatibility 3.2.1. Permissions 3.2.2. ... 3.12.1.1. Electronic Program

Documents
Android Permissions: User Attention, Comprehension, and ...serge/papers/soups12-android.pdf · User Attention, Comprehension, and Behavior ... Security Keywords Android, ... understanding

Android Permissions: User Attention, Comprehension, and ...serge/papers/soups12-android.pdf · User Attention, Comprehension, and Behavior ... Security Keywords Android, ... understanding

Documents
Android Training Lab Book - Lagout system /android/Android... · 2016. 4. 10. · handle during the practical labs, you will never need root permissions ... Install vim, a improved

Android Training Lab Book - Lagout system /android/Android... · 2016. 4. 10. · handle during the practical labs, you will never need root permissions ... Install vim, a improved

Documents
Android Permissions: User Attention, Comprehension, and ... · Android, smartphones, mobile phones, usable security 1. INTRODUCTION Android supports a booming third-party application

Android Permissions: User Attention, Comprehension, and ... · Android, smartphones, mobile phones, usable security 1. INTRODUCTION Android supports a booming third-party application

Documents
Intro to Securing Android Applications · NC State -- Department of Computer Science Page Permissions • Applications run as different Linux UIDs ‣ The low-level Android OS is

Intro to Securing Android Applications · NC State -- Department of Computer Science Page Permissions • Applications run as different Linux UIDs ‣ The low-level Android OS is

Documents
Android Permissions - Creating Web Pages in your …web.cecs.pdx.edu/~apt/cs491/capps_presentation.pdf · Charles Capps Android Permissions. Overview of Permission SystemUser Understanding

Android Permissions - Creating Web Pages in your …web.cecs.pdx.edu/~apt/cs491/capps_presentation.pdf · Charles Capps Android Permissions. Overview of Permission SystemUser Understanding

Documents
Rethinking permissions in Android apps Kenneth Olmstead

Rethinking permissions in Android apps Kenneth Olmstead

Documents
The Case for Security Enhanced (SE) Android · 2017. 11. 7. · February 2012 Android Security Model Application-level permissions model. Controls access to app components. Controls

The Case for Security Enhanced (SE) Android · 2017. 11. 7. · February 2012 Android Security Model Application-level permissions model. Controls access to app components. Controls

Documents
ANDROID PERMISSIONS Lecture 10b

ANDROID PERMISSIONS Lecture 10b

Documents
Android Permissions: User Attention, … Permissions: User Attention, Comprehension, and Behavior ... User Attention, Comprehension, and Behavior ... droid …

Android Permissions: User Attention, … Permissions: User Attention, Comprehension, and Behavior ... User Attention, Comprehension, and Behavior ... droid …

Documents
Secure!Android!Applicaons! The!OWASP!Way! · PDF fileAndroid Crash Course- Essentials!! Permissions! Some!developers!go!overboard!! Ques/onable!apps!oqen!requestridiculous!permissions!too!

Secure!Android!Applicaons! The!OWASP!Way! · PDF fileAndroid Crash Course- Essentials!! Permissions! Some!developers!go!overboard!! Ques/onable!apps!oqen!requestridiculous!permissions!too!

Documents