Leave Me Alone: App- level Protection Against Runtime Information Gathering on Android NAN ZHANG, KAN YUAN, MUHAMMAD NAVEED†, XIAOYONG ZHOU AND XIAOFENG WANG INDIANA UNIVERSITY, BLOOMINGTON

INTRODUCTION What is the Problem ? Threat to the mobile users – RIG App with the RECORD_AUDIO permission/ App with no permission RIG threats existence in popular IOT home security devices Eg: Belkin Netcam, and Nest protect Current security model of Android New Approach – App Guardian Basic concept of App Guardian

CHALLENGES OS-level solution is often complicated and painful as the manufactures have to customize to various devices Pushing the problem to the app developers is by no means a good idea. Eg, It cannot stop the recording of other app or adding noise to channel increases performance overhead. Conventional solutions to the problem rely on modifying either the Android OS or the apps under the threat. But, this creates the compatibility issues

What’s unique ? This App level protection Guard not touching the OS or the App in protection at all. Strategy to identify the suspicious apps by inspecting app’s permissions and behaviours Basic Concept in a nutshell: Pauses all background apps capable causing damage No matter what: RIG attack will be failed

Architecture of Guardian

App Restart Vs Switch

Lifecycle of Guardian App

How to protect the App Guardian itself ? startForeground KILL_BACKGROUND_PROCESSES System on low memory largeHeap = "true“ restart intent

EVALUATION Guardian evaluated over 475 most popular Android apps in 27 categories in the Google store 1.68% of the apps which has impact on the user information needed to be closed All types of RIG attacks that includes audio recording, Bluetooth misbonding have been defeated by this approach Performance: performance cost is as low as 5% of CPU time and 40 MB memory

EVALUATION

My Analysis Lightweight response and no false alarms App with no system privileges could break Android’s application sandbox and circumvent an app-level protection. App guardian protected itself. Then why not malicious apps use the same trick ? This proposed solution is based on main assumption that most apps in market does not follow the trick of App guardian and this may lead to the FAILURE of this app. What if the malicious apps are released in the name of security apps but not actually securing the apps instead stealing data. These researchers have taken initiative to address the attacks in side channel

My Analysis What if the user wants to record an important call, this Guardian in mobile restricts this functionality due to the protection against RIG attack. This simple mechanism of stopping and resuming the background apps focuses only on the issue of audio recording while using phone app, not considering other privacy leakages through the messages or file transfer through the Bluetooth. The guardian app does not quit even if the mobile runs on low memory. This can be considered as an advantage as well as disadvantage of this app. In general, there is no module included in this proposed system to differentiate the danger background processes from the legitimate one except for the case of audio record. If the Android OS takes an initiative to build the protection wall in the side channels, these attacks will not exist anymore so this research do not have a scope in future at all.

FUTURE WORK

Thank You