Presentation is loading. Please wait.

Presentation is loading. Please wait.

What the App is That? Deception and Countermeasures in the Android User Interface Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio,

Published byTyrone Barker Modified over 6 years ago

Similar presentations

Presentation on theme: "What the App is That? Deception and Countermeasures in the Android User Interface Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio,"— Presentation transcript:

1 What the App is That? Deception and Countermeasures in the Android User Interface
Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna Department of Computer Science University of California, Santa Barbara 36th IEEE Symposium on Security and Privacy (May, 2015)

2 Outline Introduction Background GUI confusion attacks
2015/7/21 Outline Introduction Background GUI confusion attacks Detection via static analysis UI defense mechanism Evaluation Conclusion

3 Introduction GUI confusion attacks
2015/7/21 Introduction GUI confusion attacks Attacks that exploit the user’s inability to verify which app is drawing on the screen and receiving user inputs. The combination of powerful app APIs and a limited user interface make these attacks much harder to detect.

4 Introduction static code analysis on-device defense
2015/7/21 Introduction static code analysis apps that interfere with the UI in response to some action taken by the user. preconditions: monitor the user and other apps & interfere with the UI. app-locker on-device defense modifications to the Android UI to display a trusted indicator that allows users to determine which app and developer they are interacting with.

5 2015/7/21 Background It is not possible to install apps with the same package name at the same time on a single device. 4 types of components: Activity: a GUI and its interactions with user’s actions. Service: a component running in background, performing long-running operations. Broadcast Receiver: a component that responds to specific system-wide messages. Content Provider: manage data shared with other components

6 2015/7/21 Background Apps draw graphical elements by instantiating system-provided components: Views: A View is the basic UI building block in Android. Activities: An Activity can be described as a controller in a MVC pattern. Windows: A Window is a lower-level concept: a virtual surface where graphical content is drawn as defined by the contained Views.

7 2015/7/21 GUI confusion attacks Attack vectors

8 GUI confusion attacks-Draw on top
2015/7/21 GUI confusion attacks-Draw on top Apps can explicitly open new Windows and draw content in them using the addView API. Flags influence three different aspects of a Window: Whether it is intercepting user input or is letting it “pass through” to underlying Windows. Its type, which determines the Window’s Z-order with respect to others. The region of the screen where it is drawn. UI-intercepting draw-over: PRIORITY_PHONE flag Non UI-intercepting draw-over: e.g. click-jacking SYSTEM_ALERT_WINDOW

9 GUI confusion attacks-App switch
2015/7/21 GUI confusion attacks-App switch Attacks that belong to this category aim to steal focus from the top app. startActivity API New Activities are opened using the startActivity API. Three different aspects: type, launchMode, and flags e.g. NEW_TASK flag, singleInstance launch mode moveTaskTo APIs Any app with the REORDER_TASKS permission can use the moveTaskToFront API to place Activities on top of the stack.

10 GUI confusion attacks-App switch(cont.)
2015/7/21 GUI confusion attacks-App switch(cont.) Screen pinning Android 5.0 introduces a new feature called “screen pinning” that locks the user interaction to a specific app. killBackgroundProcesses API This API (requiring the KILL_BACKGROUND_PROCESSES permission) allows killing the processes spawned by another app. Back/Power Button A malicious app can also make the user believe that an app switch has happened when, in fact, it has not. Sit and Wait tabnabbing

11 GUI confusion attacks-Fullscreen
2015/7/21 GUI confusion attacks-Fullscreen Non-immersive fullscreen Immersive fullscreen an Activity remains in fullscreen mode during all interactions. Inescapable fullscreen Create a Window that covers the entire device’s screen area (including the navigation bar) without giving any possibility to the user to close it or to switch to another application.

12 GUI confusion attacks-Enhancing techniques
2015/7/21 GUI confusion attacks-Enhancing techniques App Repackaging Techniques to create graphical elements mimicking already existing ones. Reading the system log This log is readable by any app having the relatively-common READ_LOGS permission. getRunningTasks API An app can get information about currently running apps by invoking the getRunningTasks API.

13 GUI confusion attacks-Enhancing techniques
2015/7/21 GUI confusion attacks-Enhancing techniques Accessing the proc file system It is possible to get similar information by reading data from the proc file system. /proc for the list of running applications /proc/<process pid>/cmdline for reading the content of the file. /proc/<process pid>/cgroups changes /proc/<process pid>/statm can infer the graphical state of another app

14 Detection via static analysis
2015/7/21 Detection via static analysis 1) Program slicer The slicer first decompiles the Dalvik bytecode of a given app. It then constructs an over-approximation of the application’s call graph representing all possible method invocations among different methods in the analyzed app. Then, a backward slicing algorithm is used to compute slices of the analyzed app.

15 Detection via static analysis
2015/7/21 Detection via static analysis 2) Detecting potential attack techniques: Draw on top addView API with values of the TYPE parameter(higher Z-order) App Switch moveTaskToFront, killBackgroundProcesses Fullscreen setUiVisibility Getting information about the device state getRunningTasks, reads from system log, access files in the /proc App classification get information about the device state certain path in the call graph of the app

16 Detection via static analysis
2015/7/21 Detection via static analysis A set of 500 apps downloaded randomly from theGoogle Play Store (benign1). A set of 500 apps downloaded from the “top free” category on the Google Play Store (benign2). A set of 20 apps described as app-lockers in the Google Play Store (app-locker). A set of 1,260 apps from the Android Malware Genome project (malicious).

17 Detection via static analysis
2015/7/21 Detection via static analysis

18 2015/7/21 UI defense mechanism Understanding with which app the user is actually interacting. Understanding who the real author of that app is. Showing this information to the user in an unobtrusive but reliable and non-manipulable way.

19 UI defense mechanism A. Which app is the user interacting with?
2015/7/21 UI defense mechanism A. Which app is the user interacting with? The official Android system also provides a limited defense mechanism: It is impossible for the top app to prevent extraneous content from being drawn over its own Activities. The top app can use the filterTouchesWhenObscured API on its Views to prevent user input when content from other apps is present at the click location.

20 UI defense mechanism B. Who is the real author of a given app?
2015/7/21 UI defense mechanism B. Who is the real author of a given app? show to the user the app’s developer name and to rely on the Extended-Validation HTTPS infrastructure to validate it. Domain names are not specifically designed to resist spoofing and the lack of an official vetting process can be troublesome. Extended-Validation certificate are the current mechanism in use by web browsers to safely identify the owner of a domain.

21 UI defense mechanism C. Conveying trust information to the user
2015/7/21 UI defense mechanism C. Conveying trust information to the user Choose the navigation bar as the “trusted” position that will behave like the URL bar. The navigation bar is in many ways a natural choice as a “trusted” GUI in the Android interface, as apps cannot directly modify its appearance. Fullscreen apps Render a fake navigation bar complemented the system by using a “secret image”.

22 UI defense mechanism D. Implementation
2015/7/21 UI defense mechanism D. Implementation Our prototype is based on the Android Open Source Project (AOSP) version of Android (tag android-4.4 r1.2). Their footprint is around 600 LOCs. we can be sure that user interaction can only happen with the top app or with trusted system components: 1) The Window has been generated by a system app. 2) The Window has been generated by the top app. 3) The Window has not been created with flags (higher Z-order).

23 Evaluation Group1 Group2 Group3 unmodified Android system
2015/7/21 Evaluation Group1 Group2 Group3 unmodified Android system on-device defense active + explanation on-device defense active + explanation

24 Evaluation B1 and B2, subjects are directed to open the Facebook app.
2015/7/21 Evaluation B1 and B2, subjects are directed to open the Facebook app. Astd, we deliver the attack. Afull, we simulate a fullscreen attack.

25 2015/7/21 Evaluation

26 2015/7/21 Conclusion We analyzed in detail the many ways in which Android users can be confused into misidentifying an app. We have developed a tool to study how the main Android GUI APIs can be used to mount such an attack. We developed a two-layered defense. We have presented an on-device defense system designed to improve the ability of users to judge the impact of their actions. We have performed a user study demonstrating that our on-device defense improves the ability of users to notice attacks.

Download ppt "What the App is That? Deception and Countermeasures in the Android User Interface Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio,"

Similar presentations

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Syracuse University, New York, USA

Syracuse University, New York, USA
Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.

Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
A problem in IMS Learning Design To promote interoperability, few services Local tool frameworks like LAMS have much richer tool environment –Easy provisioning.

A problem in IMS Learning Design To promote interoperability, few services Local tool frameworks like LAMS have much richer tool environment –Easy provisioning.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.
The Internet & The World Wide Web Notes

The Internet & The World Wide Web Notes
Programming with App Inventor Computing Institute for K-12 Teachers Summer 2012 Workshop.

Programming with App Inventor Computing Institute for K-12 Teachers Summer 2012 Workshop.
Android Middleware Bo Pang Bpang@cc.hut.fi.

Android Middleware Bo Pang
Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.

Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.
All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영 2015. 04. 21.

All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영
Presented by: Kushal Mehta University of Central Florida Michael Spreitzenbarth, Felix Freiling Friedrich-Alexander- University Erlangen, Germany michael.spreitzenbart,

Presented by: Kushal Mehta University of Central Florida Michael Spreitzenbarth, Felix Freiling Friedrich-Alexander- University Erlangen, Germany michael.spreitzenbart,
Behavior-based Spyware Detection By Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna Greg Banks, Giovanni Vigna, and.

Behavior-based Spyware Detection By Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna Greg Banks, Giovanni Vigna, and.
Mobile Application Development using Android Lecture 2.

Mobile Application Development using Android Lecture 2.
Erika Chin Adrienne Porter Felt Kate Greenwood David Wagner University of California Berkeley MobiSys 2011.

Erika Chin Adrienne Porter Felt Kate Greenwood David Wagner University of California Berkeley MobiSys 2011.
Www.greenITcenter.org DUE 0903239 Hello World on the Android Platform.

DUE Hello World on the Android Platform.
Android Security Auditing Slides and projects at samsclass.info.

Android Security Auditing Slides and projects at samsclass.info.
ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.

ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.
ANDROID L. Grewe Components  Java Standard Development Kit (JDK) (download) (latest version)  AndroidStudio.

ANDROID L. Grewe Components  Java Standard Development Kit (JDK) (download) (latest version)  AndroidStudio.

Similar presentations

Ads by Google