The impact of vendor customizations on android security
作者: Lei Wu , Michael Grace , Yajin Zhou , Chiachih Wu , Xuxian Jiang
关键词:
摘要: The smartphone market has grown explosively in recent years, as more and consumers are attracted to the sensor-studded multipurpose devices. Android is particularly ascendant; an open platform, manufacturers free extend modify it, allowing them differentiate themselves from their competitors. However, vendor customizations will inherently impact overall security such still largely unknown.In this paper, we analyze ten representative stock images five popular vendors (with two models each vendor). Our goal assess extent of issues that may be introduced further determine how situation evolving over time. In particular, take a three-stage process: First, given smartphone's image, perform provenance analysis classify app image into three categories: apps originating AOSP, customized or written by vendor, third-party simply bundled image. Such allows for proper attribution detected examined images. Second, permission usages pre-loaded identify overprivileged ones unnecessarily request permissions than they actually use. Finally, vulnerability analysis, detect buggy can exploited mount re-delegation attacks leak private information.Our evaluation results worrisome: significant on devices whole responsible bulk problems device. Specifically, our show average 85.78% all with majority directly customizations. addition, 64.71% 85.00% vulnerabilities every (except Sony) arose general, pattern held time -- newer smartphones, found, not necessarily secure older ones.
acm.org
core.ac.uk
sci-hub.se 参考文章(44)
Yajin Zhou, Xinwen Zhang, Xuxian Jiang, Vincent W. Freeh, Taming information-stealing smartphone applications (on Android) trust and trustworthy computing. pp. 93- 107 ,(2011) , 10.1007/978-3-642-21599-5_7
Damien Octeau, William Enck, Patrick McDaniel, Swarat Chaudhuri, A study of android application security usenix security symposium. pp. 21- 21 ,(2011)
Sravan Bhamidipati, Nikhil Sarda, Ashish Bijlani, Yang Tang, Roxana Geambasu, Phillip Ames, CleanOS: limiting mobile data exposure with idle eviction operating systems design and implementation. pp. 77- 91 ,(2012) , 10.5555/2387880.2387888
Jonathan Crussell, Clint Gibler, Hao Chen, Attack of the Clones: Detecting Cloned Applications on Android Markets Computer Security – ESORICS 2012. pp. 37- 54 ,(2012) , 10.1007/978-3-642-33167-1_3
Shashi Shekhar, Michael Dietz, Dan S. Wallach, AdSplit: separating smartphone advertising from applications usenix security symposium. pp. 28- 28 ,(2012)
Adam Pridgen, Dan S. Wallach, Theodore Book, Longitudinal Analysis of Android Ad Library Permissions arXiv: Cryptography and Security. ,(2013)
Ross Anderson, Hassen Saïdi, Rubin Xu, Aurasium: practical policy enforcement for Android applications usenix security symposium. pp. 27- 27 ,(2012)
Manuel Egele, Christopher Kruegel, Engin Kirda, Giovanni Vigna, PiOS : Detecting privacy leaks in iOS applications network and distributed system security symposium. ,(2011)
Christopher Kruegel, Engin Kirda, Darren Mutz, William Robertson, Giovanni Vigna, Polymorphic Worm Detection Using Structural Information of Executables Lecture Notes in Computer Science. pp. 207- 226 ,(2006) , 10.1007/11663812_11
Shashi Shekhar, Michael Dietz, Anhei Shu, Dan S. Wallach, Yuliy Pisetsky, Quire: lightweight provenance for smart phone operating systems usenix security symposium. pp. 23- 23 ,(2011)