Android’s permission system offers an all-or-nothing choice when installing an app. To make it more flexible and fine-grained, users may choose a popular app tool, called permission manager, to selectively grant or revoke an app’s permissions at runtime. A fundamental requirement for such permission manager is that the granted or revoked permissions should be enforced faithfully. However, we discover that none of existing permission managers meet this requirement due to permission leaks, in which an unprivileged app can exercise certain permissions which are revoked or not-granted through communicating with a privileged app. To address this problem, we propose a secure, usable, and transparent OS-level middleware for any permission manager to defend against the permission leaks. The middleware is provably secure in a sense that it can effectively block all possible permission leaks. The middleware is designed to have a minimal impact on the usability of running apps. In addition, the middleware is transparent to users and app developers and it requires minor modifications on permission managers and Android OS. Finally, our evaluation shows that the middleware incurs relatively low performance overhead and power consumption.
Androids, Humanoid robots, Middleware, Smart phones, Runtime, Read only memory, Power line communications
IEEE Transactions on Dependable and Secure Computing
Institute of Electrical and Electronics Engineers (IEEE)
WANG, Daibin; YAO, Haixia; Yingjiu LI; JIN, Hai; ZOU, Deqing; and DENG, Robert H..
A secure, usable, and transparent middleware for permission managers on Android. (2015). IEEE Transactions on Dependable and Secure Computing. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/3379
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.