Paper published in a book (Scientific congresses, symposiums and conference proceedings)
Small changes, big changes: an updated view on the Android permission system
Zhauniarovich, Yury; Gadyatskaya, Olga
2016In Research in Attacks, Intrusions, and Defenses - 19th International Symposium, RAID 2016, Paris, France, September 19-21, 2016, Proceedings
Peer reviewed
 

Files


Full Text
ape_paper.pdf
Author postprint (642.41 kB)
Request a copy

The original publication is available at http://link.springer.com/chapter/10.1007%2F978-3-319-45719-2_16


All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
Android; permission system; run-time permissions
Abstract :
[en] Since the appearance of Android, its permission system was central to many studies of Android security. For a long time, the description of the architecture provided by Enck et al. was immutably used in various research papers. The introduction of highly anticipated runtime permissions in Android 6.0 forced us to reconsider this model. To our surprise, the permission system evolved with almost every release. After analysis of 16 Android versions, we can con firm that the modi fications, especially introduced in Android 6.0, considerably impact the aptness of old conclusions and tools for newer releases. For instance, since Android 6.0 some signature permissions, previously granted only to apps signed with a platform certi cate, can be granted to third-party apps even if they are signed with a non-platform certi cate; many permissions considered before as threatening are now granted by default. In this paper, we review in detail the updated system, introduced changes, and their security implications. We highlight some bizarre behaviors, which may be of interest for developers and security researchers. We also found a number of bugs during our analysis, and provided patches to AOSP where possible.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT)
Disciplines :
Computer science
Author, co-author :
Zhauniarovich, Yury;  Qatar Computing Research Institute, HBKU
Gadyatskaya, Olga ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
External co-authors :
yes
Language :
English
Title :
Small changes, big changes: an updated view on the Android permission system
Publication date :
September 2016
Event name :
RAID
Event place :
Evry, France
Event date :
from 19-09-2016 to 21-09-2016
Audience :
International
Main work title :
Research in Attacks, Intrusions, and Defenses - 19th International Symposium, RAID 2016, Paris, France, September 19-21, 2016, Proceedings
Publisher :
Springer
ISBN/EAN :
978-3-319-45718-5
Pages :
346-367
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
Name of the research project :
COMMA
Available on ORBilu :
since 23 November 2016

Statistics


Number of views
123 (6 by Unilu)
Number of downloads
0 (0 by Unilu)

Scopus citations®
 
24
Scopus citations®
without self-citations
22
OpenCitations
 
24

Bibliography


Similar publications



Contact ORBilu