Systematic Detection of Capability Leaks in Stock Android Smartphones
Authors: Michael Grace, Yajin Zhou, Zhi Wang, Xuxian Jiang
This paper outlines the Woodpecker system. This system attempts to statically analysis apk packages from Android smartphone to search for permission violations. It achieves this by creating a control flow graph for several permissions and analyzing the function execution path for those permissions. By using the Android API along with analyzing the app’s Davlik bytecode Woodpecker is able to monitor Android API calls and their corresponding systems calls. In order to generate this type of monitoring and reporting at such a low level, the Android devices must be running a custom built version of the Operating System.
The results discovered several serious capability leaks in various smartphones, many released by major manufacturers such as HTC, Motorola, Samsung, and Google. These leaks enable the app to perform the following actions without explicitly requesting permission: the ability to wipe user data, send SMS messages, record conversations, and obtain GPS position.
These leaks are a result of the “Confused Deputy Problem.” This is a classic computer security problem where one program, without permission to perform a certain task, invokes another program, that does have permission, in order to complete the task. This shows that the current Android based permission based security model has several flaws. A vital source for these vulnerabilities is that the Android framework only checks the communication between the applications and the operating system. A validator tool is suggested that helps mediate inter-app communication to avoid this problem.