Professional Documents
Culture Documents
SIE Aln
SIE Aln
allocation of these permission-based protection levels of that only 17 % of Android users pay attention to the list of
various resources/files is left to the programmer’s will and permissions during the installation of the app.
his/her own understanding. This feature of giving more
liberty to the programmers may facilitate attacks by King [22] explicitly compared 13 Android and 11 iOS users
malicious software and increase the number of to find out their privacy concerns and expectations. This
vulnerabilities in the security framework of the Android OS. study hypothesized that the review process by Apple causes
During the installation process of an application which can iOS users to be more inclined to trust the apps. However,
be downloaded from the Google or any other market place King and Kelley et al [21] discovered that Android users
on the web the user is prompted by the Android framework often believe that Google reviews apps with regard to
to accept a list of mandatory permissions required for the permissions and malicious behavior. As a result no
successful installation of the app; the user may allow the substantial difference between platforms could be found
permissions or can deny all of the permissions in order to from this standpoint. Both Android and iOS users who
install the application successfully or to abort the believed that the apps are pre-reviewed by their
installation. corresponding OS provider, they felt safe when using apps.
Since Apple and Google chose vastly different ways of
The installation process prompts the user with a screen notifying users of apps' usage of resources, some differences
listing all the mandatory permissions required to access the in privacy concerns and privacy awareness have become
various resources needed by the app to complete the evident during the study among the users. iOS users were
installation successfully. These permission requests are mostly unaware of resource usage by the apps. In contrast,
defined in an important XML File called Android users were aware of the list of resources and
AndroidManifest.xml. However, this security framework permissions which is always shown during the installation;
has a few drawbacks [3]: although the majority of the end users felt that they do not
A user cannot use a policy of pick and choose i.e. understand what the permissions mean. This feeling is
the user cannot selectively grant few permissions, while confirmed by other researchers [21, 19, 23]. Furthermore,
rejecting others in order to install the app. Among the Android users are more concerned about privacy and more
list of permissions an app might call for a fishy privacy-aware than iOS users. iOS users thought that their
permission to access some resource among the other licit apps needed access to more resources , and were more
permissions. The app will still be able to confirm the comfortable with resource sharing.
successful, though insecure, installation.
Based on the above comparison of the two Smartphone
Often, the novice users of the app cannot judge the operating systems, we can summarize the resilience and
appropriateness and legitimacy of permissions for the vulnerability of Android and iOS with respect to various
app they are installing. In some cases it may be well attacks in the table below.
understood, for example when a game app requests the
privilege to access the contacts in a Smartphone or to TABLE I. RESISTANCE OF ANDROID AND IOS AGAINST VARIOUS ATTACKS.
access internet.
Resistance against Google Android Apple iO S
The Functionality of the app, which is imagined to
be possible with more number of appropriate Malware Attacks 25% 100%
permissions, can still be attained with smaller number of Web Based attacks 100% 100%
permissions or even with none at all. Social Engineering 0% 0%
Attacks
In iOS, there is no mechanism of explicit permissions. Resource/Service 50% 75%
Thus, the user is not able to restrict the actions that an app Attacks
can perform. The application does not list what permissions Data Loss 25% 50%
the application requests and the user has no control over the Data Integrity Attacks 25% 50%
permissions. All the apps have full access to all the iOS
device resources and can use these resources without the III. EXIST ING RESEARCH W ORK
permission of the user. Hence, after the installation of an
application on the Smartphone, it can execute any operation The number of permissions asked by the Android apps is
under the pretext of executing an actual action. Chin et al. increasing. Pridgen & Wallach [6] researched with a sample
[18] chose to test 30 Android users as well as 30 iOS users, of 114,000 apps and it was found that the number of
they noticed that Android users had more free apps than iOS permissions required by apps is increasing, and therefore,
users downloaded from the market. Furthermore, around 20 posing a secrecy risk to Android users. The widespread use
% of Android users revealed that they always consider the of advertising in the apps is one of the main reasons for the
list of permissions when installing apps, and additional 40 increase of permissions, suggested by Shekhar, Dietz &
% stated that they sometimes considered permissions while Wallach [7], which requires the use of additional resources
installing the app. On the other hand Felt et al. [19] found and permissions in order to fulfill the need of data collection
and analysis. Studies by Felt et al. [8] and Kelley et al. [9]
suggested that most of the users have a limited which lists the permissions of the app. The permissions are
understanding of the permissions system – that is the thoroughly checked and unwanted permissions are
permissions system may not be effective in providing removed. For example, let us examine the DialKashmir app
adequate user privacy to a novice user. Felt et al. then put available on Google Play which gives all the details of
forth several recommendations and upgrades for improving Tourist places in Kashmir and contact details of important
the base Android OS, including depicting to the users the places like universities, government offices etc. The main
risks of allowing all the permissions to the resources . Kern permission this app may require is the INTERNET. If it
& Sametinger [10] took a different approach and includes MANAGE_ACCOUNTS which is the permission
recommended the implementation of individual permissions that allows the app to retrieve the user account information
control on a per app basis. This means that each app would from the phone, our system will remove those unwanted
have each of their permissions explicitly listed and the user permissions. After the removal of unwanted permissions
would be offered a choice of either denying or allowing the from the AndroidManifest.xml file, the second important
permission requests. In their research, Kern & Sametinger step that our system takes is to check the code in detail and
also suggested the use of extensions to the OS and third force the app to get the permission of the user at run time.
party apps in order to minutely control an app’s Researchers found that many end users have a poor
permissions, and developed their own app which allows a understanding of the Android permissions system [8] i.e. the
user to grant or deny a request as it occurs. Quang Do, permissions system may be insufficient in providing
Martini, B., Choo, K.-K.R [1] suggested the app adequate user privacy in the hands of a novice user [9]. In
permissions or resource removal in order to increase the order to give more authority to these novice users, our NBS
user privacy. They modified the app so that the permissions system provides a second level of security system by
are first selected and then removed. Generally this means an providing full details of the resources the app is accessing
app’s source code was required or the app is decompiled, and getting the permission of the user at run time to allow
modified to remove these unwanted permission requests and the access to that resource.
then recompiled with less permission. Some researchers
[15] found that while it is possible to modify and remove
permissions manually from an app via the manifest file, it
generally resulted in an app crashing at some point during
the process of de-compilation and recompilation. Berthome
et al. [16] proposed a combination of two apps, comprising
(1) the Security Monitor, a third party app installed onto the
device, and (2) the Security Reporter, which would be
injected into a decompiled target app. The injected app is
able to monitor the targeted app and can then report to the
Security Monitor with log details of the resources requested
by the app. Juanru, Dawu & Yuhao [17] used a similar
approach of decompiling Android apps to help them in their
Android malware research. Xu, Saïdi & Anderson [18]
developed a solution called Aurasium that has the ability to
automatically repackage the Android apps to have
sandboxing and security policy enforcement abilities in
order to enhance user privacy. They also identified that the
limitations of the existing research on user privacy is that
most research being done on Android requires major
modifications to the OS, resulting in usability issues. Our
research which is the implementation of Need based
security (NBS), which provides the run time permissions to
the user based on his needs is a relatively new but effective
approach as it does not require modifications to the OS
which may result in usability issues .
but promising approach as it does not require modifications As we have to deal with the higher level code not the lower
to the Android OS. level code, type the commands “jar xvf NBS_Muneer.apk
xxx.dex “ and “d2j-dex2jar xxx.dex” and we have xxx-
V. IMPLEMENT AT ION OF NBS SYST EM. dex2jar file. Using dex2jar type in the following command:
A. Reverse Engineering. “jar xvf xxx-dex2jar.jar”. We found two folders generated;
Each Android app, after compilation is packaged in a single one with top level package name and other one is Android.
file that includes the application code (.dex files) and Now using Java Decompiler we can open the .class file just
resources and is well known as the Android Application extracted and it’s the original java code.
Package (APK) file. The application package files with the
B. Removal of Unwanted Permissions.
name given by the programmer must have .apk extension.
AndroidManifest.xml is one of the most important files in Before a permission request is to be removed, it must be
the Android project structure. It contains all necessary determined that the permission is not required by the app
information about the App. Once an application is launched, and can be removed. When selecting a permission to
the first file the Android system seeks is the Manifest file. It remove or block, it must not affect the major functions of an
actually works as a roadmap to ensure that each application app. For example, social networking apps require Internet
can function properly in the Android system. In order to access in order to function; as such the “INTERNET”
implement the need based security, we have to extract the permission is required. Testing an app without Internet
various components of the APK file. access can be done simply by disabling all Internet
connections. The aim, therefore, is to remove dangerous
permissions from an app that should not be required. As
such, the permissions that are most commonly requested by
apps but not necessarily required are considered for
removal. In order to determine what permissions are
requested by each app, the app is first decompiled based on
the domain of the app and accordingly the permissions can
be removed if needed. The first step is for the user to
determine whether the app requires this permission. The
second step determines whether the app actually requires
this permission in order to function. For example, a
mapping app will require location resources such as the
GPS system in order to function. A note keeping app, on the
other hand, has no obvious need for such information. The
Fig 2. Contents of the APK file. next two steps will determine whether the permission is
harmless and feasible to be removed from the app . For
The files listed below are needed for the extraction of example, many app permissions allow an app to access
various files in the .apk file and are downloaded from the sensitive information such as contact information, phone
web. logs, IMEI numbers, and SMS. A user may choose to
apktool1.4.1.tar expressly disallow a particular permission even when the
apktool-install-windows-r04-brut1.tar app has well defined justifications. The feasibility of
classes_dex2jar.src removing an app’s permission is considered. Some app may
jd-gui-0.3.5.windows be so heavily integrated with a certain resource that the app
SignApk. may not run without it.
.
De-compilation and Recompilation: In order to get the
higher level code file and AndroidManifest.xml of our
sample app named NBS_Muneer.apk we have to type in the
command prompt “apktool if NBS_Muneer.apk” and then
type “apktool d NBS_Muneer.apk path_output”.
After the implementation of NBS system and removal of
unwanted permissions, we need to recompile the modified
files to repackage them to a modified APK file with NBS Fig 3. Example of AndroidManifest.xml with Permissions.
system in place. We use the command “apktool b
path_recompile.apk” and a folder “build” is created in the
C. Getting Permission approvals at Runtime.
decompiled path. The .apk file will reside on the same
path. Still the app won’t work and when we try to push it In the previous sections we discussed the techniques for
into system, the ROM will be stuck in BOOTLOOP XD, As improving user privacy by repackaging the .APK file and
such we need to use signapk.jar and type “java –jar we tried to identify the permissions which are of no actual
signapk.jar certificate.pem key.pk8 your_repackaged_apk”. use to the app and may increase the security-related
vulnerability of the app. In this section, we move further by Android Users. We removed the dangerous permissions
giving more control to the user by allowing the user to from the app based on their functionality and then our
decide at run time whether the permission may be granted research provided the second level of security to the users,
or not. Whenever the app is trying to access any of the without modifying the underlying structure of Android
resources for which the permissions are already granted a operating system.
second level of permission is incorporated wherein the
dialog box will appear and inform the user that the app is All the research undertaken in this paper on permissions
about to access the resource. For example if the app is trying removal and run time permission approval was
to read the contacts, or, trying to read the implemented manually. Therefore future research
EXTERNAL_STORAGE, trying to send the SMS or trying recommendations include automating the process. By using
to access the IMEI number, the user will come to know and heuristic methods, it may be possible to locate the block of
if the user grants permission, only then the resource can be source code where permissions resources are used
accessed. automatically. The de-compilation of APK file,
modification of source code and recompilation of the
In order to implement the permission approvals at run time, modified APK file could then be completely autonomous.
a thorough understanding of the code is required. For This leads onto further research work that could be
example if our app is trying to modify the file for which the undertaken where this automated system with NBS
approval is already granted by the user at the time of capabilities would be implemented in an Android device.
installation we have to identify the block of code which is This would result in a self-contained, autonomous NBS
trying to access the file and enclose that block of code with system that could enhance the privacy of apps on the device.
the condition that if the user approves, only then the file As a proof of concept, we have implemented our NBS
should be accessed. system on Android apps; but the same concept may be
implemented on iOS based apps as well.
REFERENCES
[1]. Quang Do; Martini, B.; Choo, K.-K.R., "Enhancing User Privacy on
Android Mobile Devices via Permissions Removal," System
Sciences (HICSS), 2014 47th Hawaii International Conference on ,
vol., no., pp.5070,5079, 6-9 Jan. 2014.
[2]. A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev
& C. Glezer, “Google Android: A Comprehensive Security
Assessment”, IEEE Security & Privacy Magazine, vol. 8,no. 2,
2012, pp. 35-44.
[3]. National Security Agency, “SELinux,” January 2009.
http://www.nsa.gov/research/selinux/.
[4]. E. Konstantinou and S. Wolthusen. Metamorphic virus: Analysis and
detection. Technical report, Information Security Group at Royal
Holloway, University of London, 2009.
[5]. Rafael Fedler, Marcel Kulicke and Julian Sch¨utte 2013 IEEE 8th
International Conference on Malicious and Unwanted Software:
“T he Americas” (MALWARE)
[6]. T . Book, A. Pridgen & DS. Wallach, “Longitudinal Analysis of
Android Ad Library Permissions”, arXiv preprint arXiv:1303.0857,
2013.
[7]. S. Shekhar, M. Dietz & D.S. Wallach, “Adsplit:Separating
smartphone advertising from application”,CoRR, abs/1202.4030,
2013.
[8]. A.P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin & D.Wagner,
“Android permissions: User attention, comprehension, and
behavior”, SOUPS 2012, p. 3.
[9]. P.G. Kelley, S. Consolvo, L.F. Cranor, J. Jung, N. Sadeh & D.
Wetherall, “A Conundrum of Permissions: Installing Applications
Fig 4. Screen shot of run time permission approval on an Android Smartphone”, Financial Cryptography and Data
Security 2012, pp. 68-79.
VI. CONCLUSIONS & FUT URE W ORK
[10]. M. Kern, & J. Sametinger, “Permission T racking in Android”,
We attempted to perform a detailed security comparison of UBICOMM 2012, pp. 148-155.
world’s leading Smartphone operating systems with the [11]. S. Bugiel, S. Heuser & AR. Sadeghi, “myT unes: Semantically
intention to find out if one of them has an edge over the Linked and User-Centric Fine-Grained Privacy Control on Android”,
T echnical Report T UD-CS- 2012-0226, Center for Advanced
other. After comparing, our research came to the conclusion Security Research Darmstadt (CASED), 2012.
that the novice users are not aware of the permissions they
have granted at the time of installation particularly of the
[19]. Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E.,and Wagner, D.
Android permissions: User attention, comprehension, and behavior.
In SOUPS (2012).
[20]. Karrer, K., Glaser, C., Clemens, C., and Bruder, C.Technikanit •at
erfassen { der Fragebogen T A-EG. In 8. Berliner Werkstatt Mensch-
Maschine-Systeme. (2009).
[21]. Kelley, P. G., Consolvo, S., Cranor, L. F., Jung, J.,Sadeh, N., and
Wetherall, D. A conundrum of permissions: Installing applications
on an android smartphone. In USEC Workshop (2012).
[22]. ] King, J. How Come I'm Allowing Strangers to Go T hrough My
Phone?: Smart Phones and Privacy Expectations. under review,
2012.
[23]. Lin, J., Sadeh, N., Amini, S., Lindqvist , J., Hong, J. I., and Zhang, J.
Expectation and purpose: understanding users' mental models of
mobile app privacy through crowdsourcing. In ACM UbiComp
(2012).
[24]. Y. Zhou, X. Zhang, X. Jiang & V. Freeh, “T aming information-
stealing smartphone applications (on Android)”, T RUST 2011, pp.
93-107.
[25]. R. Xu, H. Saïdi & R. Anderso, 'Aurasium: Practical policy
enforcement for android applications', 21st USENIX conference on
Security symposium, 2012, pp. 27-27.