Abstract
Since the appearance of Android, its permission system was central to many studies of Android security. For a long time, the description of the architecture provided by Enck et al. in [31] was immutably used in various research papers. The introduction of highly anticipated runtime permissions in Android 6.0 forced us to reconsider this model. To our surprise, the permission system evolved with almost every release. After analysis of 16 Android versions, we can confirm that the modifications, especially introduced in Android 6.0, considerably impact the aptness of old conclusions and tools for newer releases. For instance, since Android 6.0 some signature permissions, previously granted only to apps signed with a platform certificate, can be granted to third-party apps even if they are signed with a non-platform certificate; many permissions considered before as threatening are now granted by default. In this paper, we review in detail the updated system, introduced changes, and their security implications. We highlight some bizarre behaviors, which may be of interest for developers and security researchers. We also found a number of bugs during our analysis, and provided patches to AOSP where possible.
Keywords
We thank the anonymous reviewers for their comments that allowed to improve the paper. We are also very grateful to William Enck for shepherding the paper and suggesting many improvements to it. The work of Olga Gadyatskaya was supported by the Luxembourg National Research Fund (C15/IS/10404933/COMMA).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
- 2.
For this table we interpret the protection levels normal, dangerous, signature and signature|system as an ordered set, where normal corresponds to the least critical permissions and signature|system – to the most critical.
- 3.
This permission was added in API 20, which we did not analyze (API 20 was developed for wearable systems).
- 4.
- 5.
References
Android Open Source Project. http://source.android.com/. Accessed 31 Mar 2016
Commit 2af5708: Add per UID control to app ops. https://android.googlesource.com/platform/frameworks/base/+/2af5708
Commit 2ca2c87: More adjustments to permissions. https://android.googlesource.com/platform/frameworks/base/+/2ca2c87
Commit 33f5ddd: Add permissions associated with app ops. https://android.googlesource.com/platform/frameworks/base/+/33f5ddd
Commit 3e7d977: Grant installer and verifier install permissions robustly. https://android.googlesource.com/platform/frameworks/base/+/3e7d977
Commit 4516798: Moving launcher permission to framework. https://android.googlesource.com/platform/frameworks/base/+/4516798
Commit 6d2c0e5: Remove not needed contacts related permissions. https://android.googlesource.com/platform/frameworks/base/+/6d2c0e5
Commit a90c8de: Add new “preinstalled” permission flag. https://android.googlesource.com/platform/frameworks/base/+/a90c8de
Commit ccbf84f: Some system apps are more system than others. https://android.googlesource.com/platform/frameworks/base/+/ccbf84f
Commit cfbfafe: Additional permissions aren’t properly disabled after toggling them off. https://android.googlesource.com/platform/frameworks/base/+/cfbfafe
Commit de15eda: Scope WRITE_SETTINGS and SYSTEM_ALERT_WINDOW to an explicit toggle to enable in Settings. https://android.googlesource.com/platform/frameworks/base/+/de15eda
Commit e639da7: New development permissions. https://android.googlesource.com/platform/frameworks/base/+/e639da7
Dashboards. http://goo.gl/mFciT7. Accessed 31 Mar 2016
Google says Android has 1.4 billion active users. http://goo.gl/aUuUNw. Accessed 31 Mar 2016
Microsoft Excel. https://play.google.com/store/apps/details?id=com.microsoft.office.excel. Accessed 31 Mar 2016
Microsoft PowerPoint. https://play.google.com/store/apps/details?id=com.microsoft.office.powerpoint. Accessed 31 Mar 2016
Not just for phones and tablets: what other devices run Android? http://goo.gl/kQ4Pi8. Accessed 31 Mar 2016
Play store permissions change opens door to rogue apps. http://goo.gl/nJCwoY. Accessed 31 Mar 2016
Requesting permissions at run time. http://developer.android.com/training/permissions/requesting.html
Smartphone OS market share, 2015 Q2. http://goo.gl/WQwfZO. Accessed 31 Mar 2016
Arp, D., Speizenbarth, M., Hubner, M., Gascon, H., Rieck, K.: DREBIN: effective and explainable detection of Android malware in your pocket. In: Proceedings of NDSS (2014)
Au, K., Zhou, Y.F., Huang, Z., Gill, P., Lie, D.: Short paper: a look at smartphone permission models. In: Proceedings of SPSM (2011)
Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: PScout: analyzing the Android permission specification. In: Proceedings of CCS (2012)
Backes, M., Bugiel, S., Derr, E., Weisgerber, S., McDaniel, P., Octeau, D.: On demystifying the Android application framework: re-visiting Android permission specification analysis. In: Poster Session of IEEE EuroS&P (2016)
Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to Android. In: Proceedings of CCS (2010)
Bartel, A., Klein, J., Le Traon, Y., Monperrus, M.: Automatically securing permission-based software by reducing the attack surface: an application to Android. In: Proceedings of ASE (2012)
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Reza-Sadeghi, A., Shastry, B.: Towards taming privilege-escalation attacks on Android. In: Proceedings of NDSS (2012)
Chen, K.Z., Johnson, N., D’Silva, V., Dai, S., MacNamara, K., Magrino, T., Wu, E., Rinard, M., Song, D.: Contextual policy enforcement in Android applications with permission event graphs. In: Proceedings of NDSS (2013)
Conti, M., Crispo, B., Fernandes, E., Zhauniarovich, Y.: CRêPE: a system for enforcing fine-grained context-related policies on Android. IEEE Trans. Inf. Forensics Secur. 7(5), 1426–1438 (2012)
Elenkov, N.: Android Security Internals: An In-Depth Guide to Android’s Security Architecture, 1st edn. No Starch Press, San Francisco (2014)
Enck, W., Ongtang, M., McDaniel, P.: Understanding Android security. IEEE Secur. Priv. Mag. 7(1), 50–57 (2009)
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of CCS (2009)
Fang, Z., Han, W., Li, D., Guo, Z., Guo, D., Wang, X.S., Qian, Z., Chen, H.: revDroid: code analysis of the side effects after dynamic permission revocation of Android apps. In: Proceedings of ASIACCS (2016)
Fang, Z., Han, W., Li, Y.: Permission based Android security: issues and countermeasures. Comput. Secur. 43, 205–218 (2014)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of CCS (2011)
Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of SOUPS (2012)
Fragkaki, E., Bauer, L., Jia, L., Swasey, D.: Modeling and enhancing Android’s permission system. In: Proceedings of ESORICS (2013)
Fratantonio, Y., Bianchi, A., Robertson, W., Egele, M., Kruegel, C., Kirda, E., Vigna, G.: On the security and engineering implications of finer-grained access controls for Android developers and users. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 282–303. Springer, Heidelberg (2015)
Gadyatskaya, O., Massacci, F., Zhauniarovich, Y.: Security in the firefox OS and Tizen mobile platforms. IEEE Comput. 47(6), 57–63 (2014)
Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential privacy leaks in Android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 291–307. Springer, Heidelberg (2012)
Jeon, J., Micinski, K.K., Vaughan, J.A., Fogel, A., Reddy, N., Foster, J.S., Millstein, T.: Dr. Android and Mr. Hide: fine-grained permissions in Android applications. In: Proceedings of SPSM (2012)
Murphy, M.: Libraries and dangerous permissions. https://goo.gl/NJAjMx. Accessed 25 June 2016
Murphy, M.: Runtime permissions, files, and ACTION_SEND. https://goo.gl/slhHoI. Accessed 25 June 2016
Murphy, M.: You cannot hold non-existent permissions. https://goo.gl/nyDjUj. Accessed 25 June 2016
Nauman, M., Khan, S., Zhang, X.: Apex: extending Android permission model and enforcement with user-defined runtime constraints. In: Proceedings of ASIACCS (2010)
Pandita, R., Xiao, X., Wang, W., Enck, W., Xie, T.: WHYPER: towards automating risk assessment of mobile applications. In: Proceedings of USENIX Security (2013)
Singh, K.: Practical context-aware permission control for hybrid mobile applications. In: Stolfo, S.J., Stavrou, A., Wright, C.V. (eds.) RAID 2013. LNCS, vol. 8145, pp. 307–327. Springer, Heidelberg (2013)
Vidas, T., Christin, N., Cranor, L.F.: Curbing Android permission creep. In: Proceedings of W2SP (2011)
Wei, X., Gomez, L., Neamtiu, I., Faloutsos, M.: Permission evolution in the Android ecosystem. In: Proceedings of ACSAC (2012)
Wijesekera, P., Baokar, A., Hosseini, A., Egelman, S., Wagner, D., Beznosov, K.: Android permissions remystified: a field study on contextual integrity. In: Proceedings of USENIX Security (2015)
Xing, L., Pan, X., Wang, R., Yuan, K., Wang, X.: Upgrading your Android, elevating my malware: privilege escalation through mobile OS updating. In: Proceedings of S&P (2014)
Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang, X.S., Zang, B.: Vetting undesirable behaviors in Android apps with permission use analysis. In: Proceedings of CCS (2013)
Zhauniarovich, Y., Ahmad, M., Gadyatskaya, O., Crispo, B., Massacci, F.: StaDynA: addressing the problem of dynamic code updates in the security analysis of Android applications. In: Proceedings of CODASPY (2015)
Zhauniarovich, Y., Russello, G., Conti, M., Crispo, B., Fernandes, E.: MOSES: supporting and enforcing security profiles on smartphones. IEEE Trans. Dependable Secure Comput. 11(3), 211–223 (2014)
Zhou, Y., Jiang, X.: Dissecting Android malware: characterization and evolution. In: Proceedings of S&P (2012)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Zhauniarovich, Y., Gadyatskaya, O. (2016). Small Changes, Big Changes: An Updated View on the Android Permission System. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2016. Lecture Notes in Computer Science(), vol 9854. Springer, Cham. https://doi.org/10.1007/978-3-319-45719-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-45719-2_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45718-5
Online ISBN: 978-3-319-45719-2
eBook Packages: Computer ScienceComputer Science (R0)