Sage Journals: Discover world-class research

Abstract

Root is the administrative privilege on Android, which is however inaccessible on stock Android devices. Due to the desire for privileged functionalities and the reluctance of rooting their devices, Android users seek for no-root approaches, which provide users with part of root privileges without rooting their devices. Existing no-root approaches require users to launch a separate service via Android Debug Bridge (ADB) on an Android device, which would perform user-desired tasks. However, it is unusual for a third-party Android application to work with a separate native service via sockets, and it requires the application developers to have extra knowledge such as Linux programming in application development. In this paper, we propose a feasible no-root approach based on new functionalities added on Android, which creates no separate service but an ADB loopback. To ensure such no-root approach is not misused in a proactive instead of reactive manner, we examine its dark side. We find out that while this approach makes it easy for no-root applications to work, it may lead to a “permission explosion,” which enables any third-party application to attain shell permissions beyond its granted permissions. The permission explosion can further lead to exploits including privacy leakage, account takeover, application UID abuse, and user input inference. A practical experiment is carried out to evaluate the situation in the real world, which shows that many real-world applications from Google Play and four third-party application markets are indeed vulnerable to these exploits. To mitigate the dark side of the new no-root approach and make it more suitable for users to adopt, we identify the causes of the exploits, and propose a permission-based solution. We also provide suggestions to application developers and application markets on how to prevent these exploits.

Keywords

Android root no-root approach permission explosion Android Debug Bridge (ADB)exploits analysis

Get full access to this article

View all access options for this article.

References

Clockworkmod tether (no root). https://play.google.com/store/apps/details?id=com.koushikdutta.tether.

No root screenshot it. https://play.google.com/store/apps/details?id=com.edwardkim.android.screenshotitfullnoroot.

Log. http://developer.android.com/reference/android/util/Log.html.

Android debug bridge. http://developer.android.com/tools/help/adb.html.

Android security. http://googlemobile.blogspot.sg/2012/02/android-and-security.html.

Barrera,

Güneş Kayacik,

P.C.

van Oorschot and

Somayaji, A methodology for empirical analysis of permission-based security models and its application to Android, in: Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010, pp. 73–84.

Cai and

Chen, Touchlogger: Inferring keystrokes on touch screen from smartphone motion, in: HotSec, 2011.

Davi,

Dmitrienko,

A.-R.

Sadeghi and

Winandy, Privilege escalation attacks on Android, in: Information Security, 2011, pp. 346–360. doi:10.1007/978-3-642-18178-8_30.

Enck,

Ongtang and

McDaniel, On lightweight mobile phone application certification, in: Proceedings of the 16th ACM Conference on Computer and Communications Security, 2009, pp. 235–245.

10.

Fahl,

Harbach,

Oltrogge,

Muders and

Smith, Hey, you, get off of my clipboard, in: Financial Cryptography and Data Security, 2013, pp. 144–161. doi:10.1007/978-3-642-39884-1_12.

11.

A.P.

Felt and

Wagner, Phishing on Mobile Devices, 2011.

12.

Flurry. http://www.flurry.com/.

13.

Helium - app sync and backup. https://play.google.com/store/apps/details?id=com.koushikdutta.backup.

14.

Hwang,

Lee,

Kim and

Ryu, Bittersweet adb: Attacks and defenses, in: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, 2015, pp. 579–584.

15.

Y.Z.X.

Jiang, Detecting passive content leaks and pollution in Android applications, in: NDSS, 2013.

16.

C.-C.

Lin,

Li,

Zhou and

Wang, Screenmilker: How to milk your Android screen for secrets, in: NDSS, 2014.

17.

Lineberry,

D.L.

Richardson and

Wyatt, These aren’t the permissions you’re looking for. https://www.defcon.org/images/defcon-18/dc-18-presentations/Lineberry/DEFCON-18-Lineberry-Not-The-Permissions-You-Are-Looking-For.pdf (2010).

18.

Marforio,

Francillon,

Capkun,

Capkun and

Capkun, Application Collusion Attack on the Permission-Based Security Model and Its Implications for Modern Smartphone Systems, Department of Computer Science, ETH, Zurich, 2011.

19.

Owusu,

Han,

Das,

Perrig and

Zhang, Accessory: Password inference using accelerometers on smartphones, in: Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications, HotMobile ’12, 2012, pp. 9:1–9:6.

20.

Platform versions distribution. http://developer.android.com/about/dashboards/index.html.

21.

Porter Felt,

Ha,

Egelman,

Haney,

Chin and

Wagner, Android permissions: User attention, comprehension, and behavior, in: Proceedings of the Eighth Symposium on Usable Privacy and Security, ACM, 2012, p. 3.

22.

Porter Felt,

H.J.

Wang,

Moshchuk,

Hanna and

Chin, Permission re-delegation: Attacks and defenses, in: USENIX Security Symposium, 2011.

23.

Raguram,

A.M.

White and

Goswami, Fabian Monrose, and Jan-Michael Frahm. ispy: Automatic reconstruction of typed input from compromising reflections, in: Proceedings of the 18th ACM Conference on Computer and Communications Security, 2011, pp. 527–536.

24.

Schlegel,

Zhang,

Zhou,

Intwala,

Kapadia and

Wang, Soundcomber: A stealthy and context-aware sound trojan for smartphones, in: NDSS, 2011, pp. 17–33.

25.

Screenshot free. https://play.google.com/store/apps/details?id=com.androidscreenshotapptool.free.

26.

Screenshot shakeshot trial. https://play.google.com/store/apps/details?id=com.designkontrol.screenshottrial.

27.

Screenshot ultimate. https://play.google.com/store/apps/details?id=com.icecoldapps.screenshotultimate.

28.

Smartphone OS market share, q1 2015. http://www.idc.com/prodserv/smartphone-os-market-share.jsp.

29.

Snapchat. https://play.google.com/store/apps/details?id=com.snapchat.android.

30.

Vidas,

Votipka and

Christin, All your droid are belong to us: A survey of current Android attacks, in: WOOT, 2011, pp. 81–90.

31.

Vine. https://play.google.com/store/apps/details?id=co.vine.android.

32.

Windows malware attempts to infect android devices. http://www.symantec.com/connect/blogs/windows-malware-attempts-infect-android-devices.

33.

Zhang and

Du, Attacks on Android clipboard, in: Detection of Intrusions and Malware, and Vulnerability Assessment, 2014, pp. 72–91.

34.

Zhou,

Jiang and

Ning, Detecting repackaged smartphone applications in third-party Android marketplaces, in: Proceedings of the Second ACM Conference on Data and Application Security and Privacy, 2012, pp. 317–326.

35.

Zhou and

Jiang, Dissecting Android malware: Characterization and evolution, in: 2012 IEEE Symposium on Security and Privacy (SP), 2012, pp. 95–109. doi:10.1109/SP.2012.16.

36.

Zhou,

Wang,

Zhou and

Jiang, Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets, in: NDSS, 2012.

A study on a feasible no-root approach on Android

Abstract

Keywords

Get full access to this article

References