25th USENIX Security Symposium has ended
Back To Schedule
Friday, August 12 • 4:00pm - 4:30pm
On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

In contrast to the Android application layer, Android’s application framework’s internals and their influence on the platform security and user privacy are still largely a black box for us. In this paper, we establish a static runtime model of the application framework in order to study its internals and provide the first high-level classification of the framework’s protected resources. We thereby uncover design patterns that differ highly from the runtime model at the application layer. We demonstrate the benefits of our insights for security-focused analysis of the framework by re-visiting the important use-case of mapping Android permissions to framework/SDK API methods. We, in particular, present a novel mapping based on our findings that significantly improves on prior results in this area that were established based on insufficient knowledge about the framework’s internals. Moreover, we introduce the concept of permission locality to show that although framework services follow the principle of separation of duty, the accompanying permission checks to guard sensitive operations violate it.

avatar for Erik Derr

Erik Derr

PhD Student, CISPA, Saarland University
Erik Derr is a PhD student in Computer Science working with Dr. Michael Backes at the Center for IT-Security, Privacy and Accountability (CISPA) in Germany. He received a BSc and MSc in Computer Science from Saarland University. His research focuses on mobile security and code an... Read More →

Patrick McDaniel

Patrick McDaniel is a Professor in the Computer Science and Engineering Department at the Pennsylvania State University, co-director of the Systems and Internet Infrastructure Security Laboratory, IEEE Fellow, and Chair of the IEEE Technical Committee for Security and Privacy. Dr... Read More →

Friday August 12, 2016 4:00pm - 4:30pm PDT
Zilker Ballroom 2

Attendees (4)