Review, Analysis and Recommendations forSecure Applications in Android Platforms

Diego Betancur

Supervisors:

Prof. Vijay Varadharajan

Dr. Udaya Tupakula

June 13th, 2012

Outline

1. Introduction

2. Android Security Model (System and Applications)

3. Android Market and Malware

4. Current Security Problems

5. Possible Solutions

6. Secure Development

2/26Diego Betancur Android Security Review and Solutions

Why Care?

Almost 1'000.000 activations everyday.

Malware growing rapidly

Worldwide Smartphone Sales (%)

3/26Diego Betancur Android Security Review and Solutions

Android Architecture

4/26

Outline

1. Introduction

2. Android Security Model (System and Applications)

3. Android Market and Malware

4. Current Security Problems

5. Possible Solutions

6. Secure Development

5/26Diego Betancur Android Security Review and Solutions

Application Isolation - Sandbox

Different UID and GID for every appNo shared memory or resourcesInteraction between apps through componentsSome processes run in 'root' mode not accessible

to userIsolation at kernel level not the VM

6/26Diego Betancur Android Security Review and Solutions

Application Components

Activities: UIServices: Daemons running in the backgroundContent Providers: Relational DB for sharing

dataBroadcast Receivers: Receive messages from

other apps/system. E.g. Battery is chargedIntents: Triggers another component

7/26Diego Betancur Android Security Review and Solutions

Permissions

Restrict components interactionsGranted by users at installationDefined in the Manifest File (xml)Levels:

Normal: Set alarm, vibrateDangerous: Send SMS, callsSignature: Inject eventsSignatureOnSystem: Access USB

8/26Diego Betancur Android Security Review and Solutions

Outline

1. Introduction

2. Android Security Model (System and Applications)

3. Android Market and Malware

4. Current Security Problems

5. Possible Solutions

6. Secure Development

9/26Diego Betancur Android Security Review and Solutions

Android Market

Easy to publish apps, only $2546.9% growth in the last few yearsOver 10 billions app downloadsAround 70% of apps are free80% supported by advertisementControls:

Application SigningSecurity Scan

10/26

Diego Betancur Android Security Review and Solutions

Malware Types in Android

11/26Diego Betancur Android Security Review and Solutions

Tap-Jacking Attack

Malicious ActivityUser interacts with a

fake interface

12/26Diego Betancur Android Security Review and Solutions

Outline

1. Introduction

2. Android Security Model (System and Applications)

3. Android Market and Malware

4. Current Security Problems

5. Possible Solutions

6. Secure Development

13/26Diego Betancur Android Security Review and Solutions

Users: The Weakest Link

Do users read permissions before installing an app?

Do users understand the risks involved?

Its all about Trust

14/26Diego Betancur Android Security Review and Solutions

Rooting

Why?Access custom ROMsRemove vendors and operators appsMore speed and functionalities

Problems:Needs to exploit a vulnerabilityIf a malicious process gets root privileges all

security is compromised (Encryption, app isolation)

15/26Diego Betancur Android Security Review and Solutions

Inter-Application Communication (IPC)

16/26Diego Betancur Android Security Review and Solutions

The Permission Model

A secure app does not remain secure forever No Selective PermissionsAdvertisement Permissions:

FULL INTERNET ACCESSFINE LOCATION

Other Permissions:SD ACCESS

17/26Diego Betancur Android Security Review and Solutions

Outline

1. Introduction

2. Android Security Model (System and Applications)

3. Android Market and Malware

4. Current Security Problems

5. Possible Solutions

6. Secure Development

18/26Diego Betancur Android Security Review and Solutions

Permissions By Category Model Example

Social and CommunicationACCOUNTSPERSONAL INFO

Communication OnlyCOST MONEYMESSAGES

MESSAGES: Trusted Email clientFULL INTERNET ACCESSLOCATION

19/26Diego Betancur Android Security Review and Solutions

IPC Problem Solutions

IPC inspection based on "taints" (labels) to identify the source

History-Based Access Control (HBAC)Disadvantage:

Processing Overhead

20/26Diego Betancur Android Security Review and Solutions

Permissions Problem Solutions

New set of Permissions for Advertisement. E.g. LOCATION_ADVERTISEMENT

Selective Permissions. E.g.: By timeInclude security ratings for developers Remove permissions for paid versionsDisadvantages:

Tracking of more attributesAffects developers business model

21/26Diego Betancur Android Security Review and Solutions

Outline

1. Introduction

2. Android Security Model (System and Applications)

3. Android Market and Malware

4. Current Security Problems

5. Possible Solutions

6. Secure Development

22/26Diego Betancur Android Security Review and Solutions

Secure Development

Intents: Do not use them to pass confidential dataServices: Check permission of calling component

(PERMISSION_DENIED or PERMISSION_GRANTED)Broadcasts Receivers: Validate input from Intents and do

not leak informationContent Providers: Define permission to access. Use URI

schemes Intent Filters: Activities should only be launched by

authorized components. Add categories to restrict what intents can be called

23/26Diego Betancur Android Security Review and Solutions

Additional Best Practices

Encrypt sensitive data:3DES, AES, Certificate

Mark components as: android:exported="false" unless public

Use custom permissions to control accessUse anti-malware protection

24/26Diego Betancur Android Security Review and Solutions

Conclusions

Good Default System Security (Sandbox)High re-usability by componentsTrade-off: Usability vs SecurityRisk: Consequences (Privacy and Confidentiality) x

Likelihood (Large amount of apps installed by Users)

Developers can create a secure environment

25/26Diego Betancur Android Security Review and Solutions

Questions?

Thank you.

26/26Diego Betancur Android Security Review and Solutions

References

Android Security Model made at Android Dev Camp, March 4-6

http://developer.android.comDeep Drive into Android Security – Aleskandar

Gargenta

27/26Diego Betancur Android Security Review and Solutions