poster

POSTER: Android System Broadcast Actions Broadcasts Your Privacy

Authors:

Fadi Mohsen,

Mohamed Shehab,

Emmanuel Bello-Ogunu,

Abeer Al JarrahAuthors Info & Claims

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Pages 1484 - 1486

https://doi.org/10.1145/2660267.2662388

Published: 03 November 2014 Publication History

Get Access

Abstract

Android provides finer-grained security features through a "permission" mechanism that puts limitations on the resources that each application can access. Upon installing a new Android application, a user is prompted to grant it a set of permissions. There are two typical assumptions made regarding permissions and mobile application security and privacy. The first one is that malicious applications need to retain many permissions. Secondly, mobile devices users assume that installed applications do not access data if they are not in the foreground. In this project, we show that malicious Android applications can still fulfill their objectives with minimum permissions and that they can access user data while in the background. This could happen with the help of another Android component, called broadcast receiver. We study the evaluation of Android broadcast actions. We demonstrate an attack scenario made possible by the broadcast receivers. Moreover, we propose solutions to protect from such attacks.

References

[1]

Android. "packages/apps/PackageInstaller/src/com/android/packageinstaller", 2010.

Google Scholar

[2]

E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in android. In Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, MobiSys '11, pages 239--252, New York, NY, USA, 2011. ACM.

Digital Library

Google Scholar

[3]

A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. Android permissions: User attention, comprehension, and behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS '12, pages 3:1--3:14, New York, NY, USA, 20 ACM.

Digital Library

Google Scholar

[4]

D. Kantola, E. Chin, W. He, and D. Wagner. Reducing attack surfaces for intra-application communication in android. Technical Report UCB/EECS-2012--182, EECS Department, University of California, Berkeley, Jul 2012.

Digital Library

Google Scholar

[5]

S. Rosen, Z. Qian, and Z. M. Mao. Appprofiler: A flexible method of exposing privacy-related behavior in android applications to end users. In Proceedings of the Third ACM Conference on Data and Application Security and Privacy}, CODASPY '13, pages 221--232, New York, NY, USA, 2013. ACM.

Digital Library

Google Scholar

Cited By

View all

Dongwoo Kim Chankyu Park Jaecheol Ryou (2015)StopBankun: Countermeasure of app replacement attack on Android2015 Seventh International Conference on Ubiquitous and Future Networks10.1109/ICUFN.2015.7182615(603-605)Online publication date: Jul-2015
https://doi.org/10.1109/ICUFN.2015.7182615

Index Terms

POSTER: Android System Broadcast Actions Broadcasts Your Privacy
1. Information systems
  1. Information systems applications

Recommendations

POSTER: The ART of App Compartmentalization
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

On Android, advertising libraries are commonly integrated with their host apps. Since the host and advertising components share the application's sandbox, advertisement code inherits all permissions and can access host resources with no further approval ...
POSTER: Security Enhanced Administrative Role Based Access Control Models
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Administrative rights are more powerful permissions and checking accountability of execution of admin rights is an important security measure. Most of the administrative RBAC models distribute rights to multiple administrators. Though such decentralized ...
Poster: trans-organizational role-based access control
CCS '11: Proceedings of the 18th ACM conference on Computer and communications security

Role-Based Access Control (RBAC) is a powerful and versatile access control system for large-scale access control management within an organization. Most studies so far consider RBAC models that have a single consistent access control policy, which ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

November 2014

1592 pages

ISBN:9781450329576

DOI:10.1145/2660267

General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Moti Yung
Google -- Columbia University, USA
,
Ninghui Li
Purdue University, USA

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2014

Check for updates

Author Tags

Qualifiers

Poster

Funding Sources

Conference

CCS'14

Sponsor:

SIGSAC

CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security

November 3 - 7, 2014

Arizona, Scottsdale, USA

Acceptance Rates

CCS '14 Paper Acceptance Rate 114 of 585 submissions, 19%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
296
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 02 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Dongwoo Kim Chankyu Park Jaecheol Ryou (2015)StopBankun: Countermeasure of app replacement attack on Android2015 Seventh International Conference on Ubiquitous and Future Networks10.1109/ICUFN.2015.7182615(603-605)Online publication date: Jul-2015
https://doi.org/10.1109/ICUFN.2015.7182615

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

POSTER: The ART of App Compartmentalization

POSTER: Security Enhanced Administrative Role Based Access Control Models

Poster: trans-organizational role-based access control