Information leakage detection and prevention on Android devices
|Supervisor:||Wolfgang Kastner , Gilbert Wondracek|
This master's thesis aims a exploring weaknesses and security features of the Android operating system with a special focus on data security. Besides the theoretical work, an application that aims at detecting information leaking apps was developed.
First, several attacks against Android and possibilities on how to access stored information are presented. On Android, installed applications can only access information if they hold the respective permissions. Such a permission system may introduce a variety of security relevant problems, especially when users have to decide manually if a permission is granted or not. If malicious applications are installed and granted the requested permissions, important data may be leaked. Researchers have created various tools on how to extend Android's security. Most of these security extensions have one common drawback - in order to actually work, the core Android system needs to be modified. Creating, deploying, and maintaining a modified Android version is very sophisticated and expensive - especially in a corporate environment.
Many malicious applications are either distributed via the official Google App Market (Play- Store) or via alternative markets. One of Google's approaches to keep malware out of their Play Store resulted in the Bouncer service. This service automatically tests all apps submitted to the Play Store and tries to identify malicious apps. Research has shown that Bouncer can be tricked easily.
In order to detect data stealing applications, two approaches are introduced in this thesis: One approach is to submit a potentially malicious application to a sandbox analysis service like Anubis and to inform the user about the results. The second approach is to analyze an application's network traffic and look for private data. Performing this analysis directly on the device allows a very detailed analysis without violating the user's privacy in any way. Both approaches were implemented in the iSecDroid app. This allows layman as well as professional users to easily get security relevant information about every installed app. Based on the currently available features, a wide variety of additional features and security services can be developed.