CICC: A Fine-grained, Semantic-aware, and Transparent Approach to Preventing Permission Leaks for Android Permission Managers

Publication Type

Conference Proceeding Article

Publication Date

6-2015

Abstract

Android's permission system offers an all-or-nothing installation choice for users. To make it more flexible, users may choose a popular app tool, called permission manager, to selectively grant or revoke an app's permissions at runtime. A fundamental requirement for such permission manager is that the granted or revoked permissions should be enforced faithfully. However, we discover that none of existing permission managers meet this requirement due to permission leaks. To address this problem, we propose CICC, a fine-grained, semantic-aware, and transparent approach for any permission managers to defend against the permission leaks. Compared to existing solutions, CICC is fine-grained because it detects the permission leaks using call-chain information at the component instance level, instead of at the app level or component level. The fine-grained feature enables it to generate a minimal impact on the usability of running apps. CICC is semantic-aware in a sense that it manages call-chains in the whole lifecycle of each component instance. CICC is transparent to users and app developers, and it requires minor modification to permission managers. Our evaluation shows that CICC incurs relatively low performance overhead and power consumption.

Keywords

permission manager, permission leaks, Android, call-chain

Discipline

Computer Sciences | Information Security

Publication

WiSec '15: Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, June 22-26, 2015, New York

First Page

1

Last Page

6

ISBN

9781450336239

Identifier

10.1145/2766498.2766518

Publisher

ACM

City or Country

New York

Additional URL

http://dx.doi.org/10.1145/2766498.2766518

This document is currently not available here.

Share

COinS