Post on 24-Feb-2016
description
Android Declassification Infrastructure
Matan DavidYuval Evron
Project Advisor: Roei Schuster
1
Smart Phones
• Go with us everywhere we go.• Getting richer in capabilities and sensors.• We install different applications on our phone.• An over-privileged application could pose a
serious threat to us as end users.
Android OS
• Unveiled by Google at 2007.• Based on the Linux OS.• Used by 50% of smartphone
owners in the U.S.• Over 400 million Android devices in use by
February 2012.• Over 1,000,000 Android devices activated
every day.
3
Android Permissions
• Enables apps to “communicate” with different hardware components (Camera, SD Card..)• <uses-permission android:name="android.permission.CAMERA"/>• Not very fine grained.• Each permission grants access to not only one service, but to several.
4
Our Project
• Does not involve changing the OS infrastructure itself.
• Identify the most commonly used and most vulnerable
permissions .• Subdivide them into smaller,
finer grained permissions.• A “Declassifier”.
5
Project Goals
• Enable much safer Android programming.• Applications utilizing our infrastructure will be less privileged and more secure.• No compromise on application functionality.• Make porting of applications as simple as
possible.
Success Criteria
• Try to influence as many applications as possible.
• Success will be measured by revising consumer applications, limiting their privileges, while preserving their original capabilities.
7
Implemented Declassifier Services1. Android Permission – android.permission.READ_CONTACTS
Declassifier Permissions: my.declassifier.CONTACTS_PHOTO_BY_NAME_PERMISSION my.declassifier.CONTACTS_PHONE_BY_NAME_PERMISSION my.declassifier.CONTACTS_ADDRESS_BY_NAME_PERMISSION my.declassifier.CONTACTS_BIRTHDAY_BY_NAME_PERMISSION my.declassifier.CONTACTS_EMAIL_BY_NAME_PERMISSION my.declassifier.CONTACTS_IS_STARRED_BY_NUMBER_PERMISSION
2. Android Permission - android.permission.WRITE_EXTERNAL_STORAGE Declassifier Permissions:
my.declassifier.EXTERNALSTORAGE_WRITE_FILE_PERMISSION my.declassifier.EXTERNALSTORAGE_DELETE_FILE_PERMISSION my.declassifier.EXTERNALSTORAGE_ALL_FILENAMES_PERMISSION my.declassifier.EXTERNALSTORAGE_CLEAR_ALL_DATA_PERMISSION
3. Android Permission – android.permission.READ_PHONE_STATE Declassifier Permissions:
my.declassifier.PHONE_STATED_READ_PHONE_TYPE_PERMISSION my.declassifier.PHONE_STATE_READ_SUBSCRIBER_ID_PERMISSION my.declassifier.PHONE_STATE_READ_CALL_STATE_PERMISSION my.declassifier.PHONE_STATE_READ_SIM_SERIAL_NUMBER_PERMISSION
Implemented Declassifier Services
4. Android Permission - android.permission.READ_CALENDAR
Declassifier Permissions:4. my.declassifier.CALENDAR_EVENT_DATE_BY_TITLE_PERMISSION5. my.declassifier.CALENDAR_LOCATION_BY_TITLE_PERMISSION6. my.declassifier.CALENDAR_DESCRIPTION_BY_TITLE_PERMISSION
5. Android Permission - android.permission.RECORD_AUDIO
Declassifier Permissions: my.declassifier.START_VOICE_RECORD_PERMISSION
6. Android Permission - android.permission.CHANGE_WIFI_STATE
Declassifier Permissions: my.declassifier.TURN_OFF_WIFI_PERMISSION my.declassifier.TURN_ON_WIFI_PERMISSION my.declassifier.CONNECT_TO_WIFI_PERMISSION
ImplementationWe broke down our Declassifier into 3 types:I. BroadcastReceiver –• The app sends an ordered broadcast, with all the information
encapsulated inside an Intent.
Intent i = new Intent("com.example.Declassifier. CALENDAR_EVENT_BY_TITLE_ACTION");i.putExtra("Title",titleNameStr);
• The app also supplies a custom BroadcastReceiver which will handle the Declassifier’s result (callback mechanism).
• The Declassifier filters out requests which to not satisfy the relevant permissions, and the app filters out returned results from unauthorized sources.
Implementation
II. ContentProvider – • Encapsulates data and provides it to applications through the
single ContentResolver interface.• Content is queried:
Uri uri = Uri.parse("content://" + AUTHORITY + "/" + BASE_PATH + "/" + GET_EVENT_DESCRIPTION_BY_TITLE);Cursor cursor = cr.query(uri,null,selection,null,null);
• A cursor to the content is returned.• The Declassifier checks if the given URI is permitted access
(using the path-permission mechanism) and filters out queries that are not.
Implementation
III. Activity - • Pops up a confirmation screen on the service the
3rd party application is trying to access.• The User has the option of granting or denying the
application access.• If permission is granted, the calling application uses
service as needed.• If permission is denied, the calling application will
return appropriate message and end running method.
Ported Applications• SMS Popup – For use with the Phone State declassifier• http://code.google.com/p/android-smspopup/• Auto Answer – For use with the Contacts declassifier.• http://code.google.com/p/auto-answer/• My Simple Notepad – For use with the External Storage
declassifier.• http://code.google.com/p/my-simple-notepad/feeds• Wifi Compass – For use with the Wifi declassifier.• http://code.google.com/p/wificompass/• GVoiceMail – For use with the Voice Record declassifier.• http://code.google.com/p/gvoicemail/
Running Examples - Auto Answer
Running Examples - Auto Answer
Running Examples - Auto Answer
Running Examples - GVoiceMail
Running Examples - GVoiceMail
Running Examples - GVoiceMail
Running Examples - GVoiceMail
Running Examples - GVoiceMail
Running Examples - wificompass
Running Examples - wificompass
Running Examples - wificompass
Running Examples - wificompass
Running Examples - wificompass
Running Examples - wificompass
Running Examples - wificompass
Running Examples - my-simple-notepad
Running Examples - my-simple-notepad
Running Examples - my-simple-notepad
Running Examples - my-simple-notepad
Running Examples - my-simple-notepad
Running Examples - my-simple-notepad
Running Examples - SMSPopup
Running Examples - SMSPopup