Measuring and Characterizing (Mis)compliance of the Android Permission System
Pages 742 - 764
Abstract
Within the Android mobile operating system, Android permissions act as a system of safeguards designed to restrict access to potentially sensitive data and privileged components. Multiple research studies indicate flaws and limitations of the Android permission system, prompting Google to implement a more regulated and fine-grained permission model. This newly-introduced complexity creates confusion for developers leading to incorrect permissions and a significant risk to users security and privacy. We present a systematic study of theoretical and practical misuse of permissions. For this analysis we derive the unified permissions and call mappings that represent theoretical requirements of permissions and calls. We develop PChecker, an approach that identifies the discrepancies between the official Android permissions documentation and permission implementation in the Android platform source code based on these mappings. We evaluate four versions of the Android Open Source Project code (major versions 10–13) and shed light on the prevalence of discrepancies between the official Android guidelines for permissions and their implementation in the Android platform source code. We further show that these discrepancies result in miscompliance in third-party Android apps.
References
[1]
K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, “PScout: Analyzing the Android permission specification,” in Proc. ACM Conf. Comput. Commun. Secur., 2012, pp. 217–228.
[2]
M. Backes, S. Bugiel, E. Derr, P. McDaniel, D. Octeau, and S. Weisgerber, “On demystifying the Android application framework: Re-visiting Android permission specification analysis,” in Proc. 25th USENIX Conf. Secur. Symp., 2016, pp. 1101–1118.
[3]
L. Li, T. F. Bissyandé, Y. Le Traon, and J. Klein, “Accessing inaccessible Android APIs: An empirical study,” in Proc. IEEE Int. Conf. Softw. Maintenance Evolution (ICSME), 2016, pp. 411–422.
[4]
Y. Shao, Q. A. Chen, Z. M. Mao, J. Ott, and Z. Qian, “Kratos: Discovering inconsistent security policy enforcement in the Android framework,” in Proc. Netw. Distrib. Syst. Secur. Symp., 2016.
[5]
Y. Aafer, G. Tao, J. Huang, X. Zhang, and N. Li, “Precise Android API protection mapping derivation and reasoning,” in Proc. ACM SIGSAC Conf. Comput. Commun. Secur., 2018, pp. 1151–1164.
[6]
P. Calciati, K. Kuznetsov, A. Gorla, and A. Zeller, “Automatically granted permissions in Android apps: An empirical study on their prevalence and on the potential threats for privacy,” in Proc. 17th Int. Conf. Mining Softw. Repositories, 2020, pp. 114–124.
[7]
M. Nauman, S. Khan, and X. Zhang, “Apex: Extending Android permission model and enforcement with user-defined runtime constraints,” in Proc. 5th ACM Symp. Inf., Comput. Commun. Secur., 2010, pp. 328–332.
[8]
W. Enck, M. Ongtang, and P. McDaniel, “On lightweight mobile phone application certification,” in Proc. 16th ACM Conf. Comput. Commun. Secur., 2009, pp. 235–245.
[9]
D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji, “A methodology for empirical analysis of permission-based security models and its application to Android,” in Proc. 17th ACM Conf. Comput. Commun. Secur., 2010, pp. 73–84.
[10]
A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, “Android permissions demystified,” in Proc. 18th ACM Conf. Comput. Commun. Secur., 2011, pp. 627–638.
[11]
J. Sellwood and J. Crampton, “Sleeping Android: The danger of dormant permissions,” in Proc. 3rd ACM Workshop Secur. Privacy Smartphones Mobile Devices, 2013, pp. 55–66.
[12]
G. S. Tuncay, J. Qian, and C. A. Gunter, See No Evil: Phishing for Permissions With False Transparency. USENIX Association, 2020, pp. 415–432.
[13]
M. Diamantaris, E. P. Papadopoulos, E. P. Markatos, S. Ioannidis, and J. Polakis, “REAPER: Real-time app analysis for augmenting the Android permission system,” in Proc. 9th ACM Conf. Data Appl. Secur. Privacy, 2019, pp. 37–48.
[14]
“Privileged permission allowlisting.” Android Open Source Project. Accessed: Dec. 2022. [Online]. Available: https://source.android.com/docs/core/config/perms-allowlist
[15]
“Restrictions on non-SDK interfaces.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/guide/app-compatibility/restrictions-non-sdk-interfaces
[16]
“Permissions on Android.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/guide/topics/permissions/overview#system-components
[17]
“Define a custom app permission.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/guide/topics/permissions/defining
[18]
“Define a custom app permission.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/guide/topics/permissions/defining
[19]
“Requires permission.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/reference/androidx/annotation/RequiresPermission
[20]
“Updates to non-SDK interface restrictions in Android 11.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/about/versions/11/non-sdk-11
[21]
“Updates to non-SDK interface restrictions in Android 12.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/about/versions/12/non-sdk-12
[22]
“Updates to non-SDK interface restrictions in Android 13.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/about/versions/11/non-sdk-13
[23]
“Package index.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/reference/packages
[24]
“Improving stability by reducing usage of non-SDK interfaces.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://android-developers.googleblog.com/2018/02/improving-stability-by-reducing-usage.html
[25]
“AAPT2 (Android Asset Packaging Tool).” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/studio/command-line/aapt2
[26]
“Android debug bridge (ADB).” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/studio/command-line/adb
[27]
“UI/Application Exerciser Monkey.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/studio/test/other-testing-tools/monkey
[28]
“Manifest.permission.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/reference/android/Manifest.permission
[29]
“Manifest.permission.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/reference/android/Manifest.permission#READ_NEARBY_STREAMING_POLICY
[30]
“Android developers reference.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/reference/android/R.attr#protectionLevel
[31]
“Updates to non-SDK interface restrictions in Android 10.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/about/versions/10/non-sdk-q
[32]
“Updates to non-SDK interface restrictions in Android 11.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/about/versions/11/non-sdk-11
[33]
“Requires permission: Public fields—Conditional.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/reference/androidx/annotation/RequiresPermission#conditional()
[34]
“Restrictions on non-SDK interfaces.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/guide/app-compatibility/restrictions-non-sdk-interfaces#list-names
[35]
A. Pham, I. Dacosta, E. Losiouk, J. Stephan, K. Huguenin, and J.-P. Hubaux, “HideMyApp: Hiding the presence of sensitive apps on Android,” in Proc. 28th USENIX Conf. Secur. Symp., 2019, pp. 711–728.
[36]
A. Foroughipour, N. Stakhanova, F. Abazari, and B. Sistany, “AndroClonium: Bytecode-level code clone detection for obfuscated Android apps,” in Proc. ICT Syst. Secur. Privacy Protection, W. Meng, S. Fischer-Hübner, and C. D. Jensen, Eds., Cham, Switzerland: Springer-Verlag, 2022, pp. 379–397.
[37]
“apksigner.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/studio/command-line/apksigner
[38]
“Manifest.permission.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/reference/android/Manifest.permission#MANAGE_EXTERNAL_STORAGE
[39]
“Manifest.permission.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/reference/android/Manifest.permission#QUERY_ALL_PACKAGES
[40]
“Manifest.permission.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/reference/android/Manifest.permission#SCHEDULE_EXACT_ALARM
[41]
“Notification runtime permission.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/develop/ui/views/notifications/notification-permission#new-apps
[42]
“Behavior changes: Apps targeting Android 13 or higher.” Android Developers. Accessed: Dec. 2022. [Online]. Available: https://developer.android.com/about/versions/13/behavior-changes-13
[43]
L. Li, J. Gao, T. F. Bissyandé, L. Ma, X. Xia, and J. Klein, “CDA: Characterising deprecated Android APIs,” Empirical Softw. Eng., vol. 25, pp. 2058–2098, 2020.
[44]
P. Liu, L. Li, Y. Yan, M. Fazzini, and J. Grundy, “Identifying and characterizing silently-evolved methods in the Android API,” in Proc. 43rd Int. Conf. Softw. Eng. Softw. Eng. Pract., 2021, pp. 308–317.
[45]
X. Wei, L. Gomez, I. Neamtiu, and M. Faloutsos, “Permission evolution in the Android ecosystem,” in Proc. 28th Annu. Comput. Secur. Appl. Conf., 2012, pp. 31–40.
[46]
L. Wu, M. Grace, Y. Zhou, C. Wu, and X. Jiang, “The impact of vendor customizations on Android security,” in Proc. ACM SIGSAC Conf. Comput. Commun. Secur., 2013, pp. 623–634.
[47]
M. Elsabagh, R. Johnson, A. Stavrou, C. Zuo, Q. Zhao, and Z. Lin, “FIRMSCOPE: Automatic uncovering of privilege-escalation vulnerabilities in pre-installed apps in Android firmware,” in Proc. 29th USENIX Conf. Secur. Symp., 2020, pp. 2379–2396.
[48]
T. McDonnell, B. Ray, and M. Kim, “An empirical study of api stability and adoption in the Android ecosystem,” in Proc. IEEE Int. Conf. Softw. Maintenance, 2013, pp. 70–79.
[49]
L. Li, T. F. Bissyandé, H. Wang, and J. Klein, “CiD: Automating the detection of API-related compatibility issues in Android apps,” in Proc. 27th ACM SIGSOFT Int. Symp. Softw. Testing Anal., 2018, pp. 153–163.
[50]
D. He, L. Li, L. Wang, H. Zheng, G. Li, and J. Xue, “Understanding and detecting evolution-induced compatibility issues in Android apps,” in Proc. 33rd ACM/IEEE Int. Conf. Automated Softw. Eng., 2018, pp. 167–177.
[51]
H. Cai, Z. Zhang, L. Li, and X. Fu, “A large-scale study of application incompatibilities in Android,” in Proc. 28th ACM SIGSOFT Int. Symp. Softw. Testing Anal., 2019, pp. 216–227.
[52]
H. Xia et al., “How Android developers handle evolution-induced API compatibility issues: A large-scale study,” in Proc. ACM/IEEE 42nd Int. Conf. Softw. Eng., 2020, pp. 886–898.
[53]
M. D. Syer, M. Nagappan, B. Adams, and A. E. Hassan, “Studying the relationship between source code quality and mobile platform dependence,” Softw. Qual. J., vol. 23, no. 3, pp. 485–508, 2015.
[54]
M. Linares-Vásquez, G. Bavota, C. Bernal-Cárdenas, M. Di Penta, R. Oliveto, and D. Poshyvanyk, “API change and fault proneness: A threat to the success of Android apps,” in Proc. 9th Joint Meeting Found. Softw. Eng., 2013, pp. 477–487.
[55]
S. Yang, R. Li, J. Chen, W. Diao, and S. Guo, “Demystifying Android non-SDK APIs: Measurement and understanding,” in Proc. 44th Int. Conf. Softw. Eng., 2022, pp. 647–658.
[56]
H. Jiao, X. Li, L. Zhang, G. Xu, and Z. Feng, “Hybrid detection using permission analysis for Android malware,” in Proc. Int. Conf. Secur. Privacy Commun. Netw., 2015, pp. 541–545.
[57]
J. Jeon et al., “Dr. Android and Mr. Hide: Fine-grained permissions in Android applications,” in Proc. 2nd ACM Workshop Secur. Privacy Smartphones Mobile Devices, 2012, pp. 3–14.
[58]
A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin, “Permission re-delegation: Attacks and defenses,” in Proc. 20th USENIX Conf. Secur., 2011, p. 22.
[59]
R. Stevens, J. Ganz, V. Filkov, P. Devanbu, and H. Chen, “Asking for (and about) permissions used by Android apps,” in Proc. 10th Work. Conf. Mining Softw. Repositories (MSR), 2013, pp. 31–40.
[60]
D. E. Krutz, N. Munaiah, A. Peruma, and M. W. Mkaouer, “Who added that permission to my app? An analysis of developer permission changes in open source Android apps,” in Proc. 4th Int. Conf. Mobile Softw. Eng. Syst., 2017, pp. 165–169.
[61]
G. L. Scoccia, A. Peruma, V. Pujols, B. Christians, and D. E. Krutz, “An empirical history of permission requests and mistakes in open source Android apps,” in Proc. 16th Int. Conf. Mining Softw. Repositories, 2019, pp. 597–601.
[62]
Y. Aafer, J. Huang, Y. Sun, X. Zhang, N. Li, and C. Tian, “AceDroid: Normalizing diverse Android access control checks for inconsistency detection,” in Proc. Netw. Distrib. Syst. Secur. Symp., 2018.
[63]
A. E. M. Dawoud and S. Bugiel, “Bringing balance to the force: Dynamic analysis of the Android application framework,” in Proc. Netw. Distrib. Syst. Secur. Symp., 2021.
[64]
L. Wei, Y. Liu, and S.-C. Cheung, “Taming Android fragmentation: Characterizing and detecting compatibility issues for Android apps,” in Proc. 31st IEEE/ACM Int. Conf. Automated Softw. Eng., 2016, pp. 226–237.
[65]
G. Yang, J. Jones, A. Moninger, and M. Che, “How do Android operating system updates impact apps?” in Proc. 5th Int. Conf. Mobile Softw. Eng. Syst., 2018, pp. 156–160.
[66]
S. A. Gorski et al., “ACMiner: Extraction and analysis of authorization checks in Android's middleware,” in Proc. 9th ACM Conf. Data Appl. Secur. Privacy, 2019, pp. 25–36.
[67]
Y. He et al., “A systematic study of Android non-SDK (hidden) service API security,” IEEE Trans. Dependable Secure Comput., vol. 20, no. 2, pp. 1609–1623, Mar./Apr. 2023.
Recommendations
Permission evolution in the Android ecosystem
ACSAC '12: Proceedings of the 28th Annual Computer Security Applications ConferenceAndroid uses a system of permissions to control how apps access sensitive devices and data stores. Unfortunately, we have little understanding of the evolution of Android permissions since their inception (2008). Is the permission model allowing the ...
Messing with Android's Permission Model
TRUSTCOM '12: Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and CommunicationsPermission models have become very common on smartphone operating systems to control the rights granted to installed third party applications (apps). Prior to installing an app, the user is typically presented with a dialog box showing the permissions ...
Vetting undesirable behaviors in android apps with permission use analysis
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications securityAndroid platform adopts permissions to protect sensitive resources from untrusted apps. However, after permissions are granted by users at install time, apps could use these permissions (sensitive resources) with no further restrictions. Thus, recent ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
0098-5589 © 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.
Publisher
IEEE Press
Publication History
Published: 12 February 2024
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 14 Dec 2024