A S TUDY OF A NDROID A PPLICATION S ECURITY William Enck, Damien Octeau, Patrick McDaniel, Swarat Chaudhuri System and Internet Infrastructure Security.

Slides:

Advertisements

Similar presentations

Software Security & Privacy Risks in Mobile E-Commerce Kartikeya Kakarala CSCI 5939-Independent Study Wireless Application Protocols.

Advertisements

Introduction.  Professor  Adam Porter 

William Enck, Peter Gilbert, Byung-Gon Chun, Landon P

Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDaniel Department of Computer Science and Engineering The Pennsylvania State University ACSCA.

1 William Enck, Damien Octeau, Patrick McDaniel, Swarat Chaudhuri System and Internet Infrastructure Security Laboratory Department of Computer Science.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

DEPARTMENT OF COMPUTER ENGINEERING

Undergraduate Poster Presentation Match 31, 2015 Department of CSE, BUET, Dhaka, Bangladesh Wireless Sensor Network Integretion With Cloud Computing H.M.A.

Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department.

S MARTPHONE A PPLICATION D EVELOPMENT Sam Palmer.

William Enck, Machigar Ongtang, and Patrick McDaniel.

Presentation By Deepak Katta

Android Security Architecture

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Android Introduction Platform Overview.

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

By Mihir Joshi Nikhil Dixit Limaye Pallavi Bhide Payal Godse.

Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang Department of Computer Science North Carolina State University CCS 2013.

Introduction to Android Swapnil Pathak Advanced Malware Analysis Training Series.

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)

TAINTDROID: AN INFORMATION- FLOW TRACKING SYSTEM FOR REAL-TIME PRIVACY MONITORING ON SMARTPHONES Presented by: Mohsin Junaid Date: April-17, 2013.

D2Taint: Differentiated and Dynamic Information Flow Tracking on Smartphones for Numerous Data Sources Boxuan Gu, Xinfeng Li, Gang Li, Adam C. Champion,

Authors: William Enck The Pennsylvania State University Peter Gilbert Duke University Byung-Gon Chun Intel Labs Landon P. Cox Duke University Jaeyeon Jung.

All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영

Presented by: Kushal Mehta University of Central Florida Michael Spreitzenbarth, Felix Freiling Friedrich-Alexander- University Erlangen, Germany michael.spreitzenbart,

Arpit Jain Mtech1. Outline Introduction Dalvik VM Java VM Examples Comparisons Experimental Evaluation.

APKInspector -Static Analysis of Android Applications Student: Yuan Tian Mentor: Cong Zheng Backup Mentor: Anthony Kara Jianwei 08/22/2012.

Presented by: Tom Staley. Introduction Rising security concerns in the smartphone app community Use of private data: Passwords Financial records GPS locations.

ANDROID Presented By Mastan Vali.SK. © artesis 2008 | 2 1. Introduction 2. Platform 3. Software development 4. Advantages Main topics.

A NDROID P ERMISSIONS D EMYSTIFIED Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner University of California ACM CCS /09/20.

A Presentation Of TaintDroid & Related Topics

Android for Java Developers Denver Java Users Group Jan 11, Mike

University of Central Florida TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Written by Enck, Gilbert,

Roopa.T PESIT, Bangalore. Source and Credits Dalvik VM, Dan Bornstein Google IO 2008 The Dalvik virtual machine Architecture by David Ehringer.

Effective Real-time Android Application Auditing

An Offloaded Dynamic Taint Analysis Approach for Privacy Leakage Detection on Android Hui Xu 1.

1 Java applications reverse engineering Antoni Bertel AUGUST 4, 2015.

J ava P rogramming: From Problem Analysis to Program Design, From Problem Analysis to Program Design, Second Edition Second Edition D.S. Malik D.S. Malik.

SafeTracks Theme: Women’s Safety. Background In the last few decades, there has been an increase in women professionals in India. Globalised businesses.

Android. Basic Architecture Linux Kernel Libraries Applications Android Runtime Application Framework.

Slides and projects at samsclass.info. Adding Trojans to Apps Slides and projects at samsclass.info.

1 Android Introduction Platform Overview. 2 What is Android?  Android is a software stack for mobile devices that includes an operating system, middleware.

JAVA Ekapap Julnonyang When it was implemented? Developed by Sun Microsystems. The first public implementation was Java 1.0 in 1995 The language.

Traffic Analysis and Risk Assessment of a Medium-Sized ISP Alan W. Rateliff, II Florida Internet Service Provider Approximately 2000 ADSL users Connections.

Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.

By: Keith Reiter COSC 356. Today’s Agenda Introduction Types of firewalls Firewall Access Rules Firewall Logging Who needs a firewall Summary.

Java Programming Fifth Edition Chapter 1 Creating Your First Java Classes.

ANDROID OS Ravi Soni MTech (CS) III Sem. W HAT IS A NDROID ? Android is a software stack for mobile devices that includes an operating system, middleware.

Android. Android An Open Handset Alliance Project A software platform and operating system for mobile devices Based on the Linux kernel Developed by Google.

Google. Android What is Android ? -Android is Linux Based OS -Designed for use on cell phones, e-readers, tablet PCs. -Android provides easy access to.

Authors: William Enck & Patrick McDaniel In collaboration with: Duke University and Intel Labs Presentation: Ed Novak 1.

Android Mobile Application Development

Spying on Android Users Through Targeted Ads

TriggerScope: Towards Detecting Logic Bombs in Android Applications

Understanding Android Security

Introduction to Compiler Construction

Architecture of Android

TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime Sadiq Basha.

CompSci 725 Presentation by Siu Cho Jun, William.

CMPE419 Mobile Application Development

Presented by Hussein Almulla

TriggerScope Towards detecting logic bombs in android applications

Mobile Handset Virtual Machine

Mobile App Advertisements

Understanding Android Security

Android Platform, Android App Basic Components

CMPE419 Mobile Application Development

Presentation transcript:

A S TUDY OF A NDROID A PPLICATION S ECURITY William Enck, Damien Octeau, Patrick McDaniel, Swarat Chaudhuri System and Internet Infrastructure Security Laboratory Department of Computer Science and Engineering The Pennsylvania State University USENIX Security Symposium Dongkwan Kim

B OOM ! 2

W HAT ? Markets are not in a position to provide security in more than a superficial way To broadly characterize the security of applications in the Android Market Contributions ded: A Dalvik decompiler. DVM-to-JVM bytecode retargeting. Analyze 21 million LoC from the top 1100 free applications 3

B ACKGROUND Android 4

B ACKGROUND Dalvik Virtual Machine JVM =>.class DVM =>.dex Dalvik dx compiler 5 Constant Pool: -References to other classes -Method names -Numerical constants Class Definition: -Access flags -Class names Data: -Method code -Info related to methods -Variables

T HE DED DECOMPILER Decompiler from DEX to Java Leverage existing tools for code analysis Require access to source code to identify false-positives resulting from automated code analysis Three stages Retargeting Optimization Decompilation 6

T HE DED DECOMPILER 7

Optimization and Decompilation Soot as a post-retargeting optimizer Java bytecode generated by ded is legal Source code failure rate is almost entirely due to Soot’s inability 8

T HE DED DECOMPILER 9 Source Code Recovery Validations All 1,100 apps decompilation time: hours 99.97% of total time -> Soot

T HE DED DECOMPILER 10 Retargeting Failures 0.59% of classes Unresolved reference Type violations by Android dex compiler ded produces illegal bytecode (rare) Decompilation Failures 5% of classes Soot was able to decompile 94.59%

A NALYSIS S PECIFICATION Using Fortify SCA custom rules Control flow analysis Look at API options Data flow analysis Information leaks, injection attacks Structural analysis Grep on steroids Semantic analysis Look at possible variable values 11

A NALYSIS O VERVIEW 12

P HONE I DENTIFIER 246 apps uses phone identifier Only 210 has READ_PHONE_STATE permission % 19.6%

P HONE I DENTIFIER ( CONT.) Phone identifiers (ph.#, IMEI, IMSI, etc) sent to network servers, but how are they used? Program analysis pin-pointed 33 apps leaking Phone IDs Finding 2 - device fingerprints Finding 3 – tracking actions Finding 4 – along with registration and login 14

D EVICE F INGERPRINTS 15

T RACKING 16

R EGISTRATION AND L OGIN Pros and cons… 17

L OCATION I NFORMATION 505 applications attempt to access location 304 have the permission % 27.6%

L OCATION I NFORMATION ( CONT.) Found 13 apps with geographic location data flows to the network Many were legitimate: weather, classifieds, points of interest, and social networking services Several instances sent to advertisers (same as TaintDroid). Code recovery error in AdMob library 19

P HONE M ISUSE No evidence of abuse in sample set Hard-coded numbers for SMS/voice premium-rate Background audio/video recording Socket API use (not HTTP wrappers) Harvesting list of installed applications 20

A D /A NALYTICS L IBRARIES 51% of the apps included an ad or analytics library (many also included custom functionality) 21 29% 51% 18.7%

A D /A NALYTICS L IBRARIES ( CONT.) A few libraries were used most frequently Use of phone id, and location sometimes configura ble by developer 22

P ROBING FOR P ERMISSIONS (1) 23

P ROBING FOR P ERMISSIONS (2) 24

D EVELOPER T OOLKITS Some developer toolkits replicate dangerous functio nality Probing for permissions Ex) Android API, catch SecurityException Well-known brands sometimes commission developers that include dangerous functionality. “USA Today” and “FOX News” developed Mercury Intermedia (com/mercuryintermedia), which grabs IMEI on startup 25

C USTOM E XCEPTIONS 26

I NTENT V ULNERABILITIES Leaking information to Logs Leaking information via IPC Unprotected bcast receivers Intent injection attacks 16 apps had potential vulns Delegating control Pending intents are tricky to analyze – get permissions (notification, alarm, and widget APIs) – no vuln found Null checks on IPC input 3925 potential null dereferences in 591 apps (53.7%) Sdcard/JNI Use 27

S TUDY L IMITATIONS The sample set Code recovery failures Android IPC data flows Fortify SCA language Obfuscation 28

S UMMARY & C ONCLUSION ded decompiler Wide misuse of privacy sensitive information Ad and analytic network libraries (51% apps) Failed to securely use Android APIs Potential vulns Found no evidence of telephony misuse Future Directions Code recovery – Fernflower Automated certification App markets need transparency 29 Q?

- T HANK YOU - `