NaClDroid: Native Code Isolation for Android Applications

  • Elias AthanasopoulosEmail author
  • Vasileios P. Kemerlis
  • Georgios Portokalidis
  • Angelos D. Keromytis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9878)


Android apps frequently incorporate third-party libraries that contain native code; this not only facilitates rapid application development and distribution, but also provides new ways to generate revenue. As a matter of fact, one in two apps in Google Play are linked with a library providing ad network services. However, linking applications with third-party code can have severe security implications: malicious libraries written in native code can exfiltrate sensitive information from a running app, or completely modify the execution runtime, since all native code is mapped inside the same address space with the execution environment, namely the Dalvik/ART VM. We propose NaClDroid, a framework that addresses these problems, while still allowing apps to include third-party code. NaClDroidprevents malicious native-code libraries from hijacking Android applications using Software Fault Isolation. More specifically, we place all native code in a Native Client sandbox that prevents unconstrained reads, or writes, inside the process address space. NaClDroidhas little overhead; for native code running inside the NaCl sandbox the slowdown is less than 10 % on average.


SFI NaCl Android 



This work was supported by the European Commission through project H2020 ICT-32-2014 “SHARCS” under Grant Agreement No. 644571 and the U.S. Office of Naval Research under award number N00014-16-1-2261. Any opinions, findings, conclusions and recommendations expressed herein are those of the authors and do not necessarily reflect the views of the US Government, or the ONR.


  1. 1.
  2. 2.
    Dynamic linking in native client. Accessed Jan 2013
  3. 3.
    Google bans self-updating Android apps, possibly including Facebook’s, May 2013.
  4. 4.
  5. 5.
  6. 6.
    SymDroid: symbolic execution for Dalvik bytecode (Not yet published).
  7. 7.
  8. 8.
    Thoughts about porting glibc to NaCl for ARM native-client-discussion list. Private communication, December 2012Google Scholar
  9. 9.
  10. 10.
    Bläsing, T., Schmidt, A.D., Batyuk, L., Camtepe, S.A., Albayrak, S.: An android application sandbox system for suspicious software detection. In: 5th International Conference on Malicious and Unwanted Software (Malware: MALWARE 2010), Nancy, France (2010)Google Scholar
  11. 11.
    Bornstein, D.: Dalvik VM internals. In: Google I/O Developer Conference, vol. 23, pp. 17–30 (2008)Google Scholar
  12. 12.
    Canalys: over 1 billion android-based smart phones to ship in 2017. Accessed Oct 2013
  13. 13.
    Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services (MobiSys 2011), NY, USA, pp. 239–252 (2011).
  14. 14.
    Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (OSDI 2010), pp. 1–6. USENIX Association, Berkeley (2010). Google Scholar
  15. 15.
    Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX Conference on Security (SEC 2011), p. 21. USENIX Association, Berkeley(2011).
  16. 16.
    Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009), NY, USA, pp. 235–245 (2009).
  17. 17.
    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011), NY, USA, pp. 627–638 (2011).
  18. 18.
    Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011), NY, USA, pp. 3–14 (2011).
  19. 19.
    Gatliff, B.: Embedding with GNU: Newlib. Embed. Syst. Program. 15(1), 12–17 (2002)Google Scholar
  20. 20.
    Gordon, R.: Essential JNI: Java Native Interface. Prentice-Hall, Inc., Upper Saddle River (1998)Google Scholar
  21. 21.
    Lee, B., Wiedermann, B., Hirzel, M., Grimm, R., McKinley, K.S.: Jinn: synthesizing dynamic bug detectors for foreign language interfaces. In: Zorn, B.G., Aiken, A. (eds.) Proceedings of the 2010 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2010), 5–10 June 2010, Toronto, Ontario, Canada, pp. 36–49. ACM (2010)Google Scholar
  22. 22.
    Loosemore, S., Stallman, R.M., McGrath, R., Oram, A., Drepper, U.: The GNU C Library Reference Manual. Free Software Foundation, Boston (2001)Google Scholar
  23. 23.
    McGraw, G., Felten, E.W.: Securing Java: Getting Down to Business with Mobile Code. Wiley, New York (1999)Google Scholar
  24. 24.
    Ongtang, M., McLaughlin, S.E., Enck, W., McDaniel, P.: Semantically rich application-centric security in android. Secur. Commun. Netw. 5(6), 658–673 (2012)CrossRefGoogle Scholar
  25. 25.
    Pearce, P., Felt, A.P., Nunez, G., Wagner, D.: AdDroid: privilege separation for applications and advertisers in android. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2012), NY, USA, pp. 71–72 (2012).
  26. 26.
    Portokalidis, G., Homburg, P., Anagnostakis, K., Bos, H.: Paranoid android: versatile protection for smartphones. In: ACSAC, pp. 347–356 (2010)Google Scholar
  27. 27.
    Sehr, D., Muth, R., Biffle, C., Khimenko, V., Pasko, E., Schimpf, K., Yee, B., Chen, B.: Adapting software fault isolation to contemporary CPU architectures. In: Proceedings of the 19th USENIX Conference on Security (USENIX Security 2010), p. 1. USENIX Association, Berkeley (2010).
  28. 28.
    Siefers, J., Tan, G., Morrisett, G.: Robusta: taming the native beast of the JVM. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010), 4–8 October 2010, Chicago, Illinois, USA, pp. 201–211. ACM (2010)Google Scholar
  29. 29.
    Sun, M., Tan, G.: JVM-portable sandboxing of java’s native libraries. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 842–858. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  30. 30.
    Sun, M., Tan, G.: Nativeguard: protecting android applications from third-party native libraries. In: Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2014), NY, USA, pp. 165–176 (2014).
  31. 31.
    Tan, G., Appel, A.W., Chakradhar, S., Raghunathan, A., Ravi, S., Wang, D.: Safe java native interface. In: IEEE International Symposium on Secure Software Engineering, March 2006Google Scholar
  32. 32.
    Viennot, N., Garcia, E., Nieh, J.: A measurement study of google play. In: The 2014 ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS 2014), NY, USA, pp. 221–233 (2014).
  33. 33.
    Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L.: Efficient software-based fault isolation. In: Proceedings of the Fourteenth ACM Symposium on Operating Systems Principles (SOSP 1993), NY, USA, pp. 203–216 (1993).
  34. 34.
    Wang, T., Lu, K., Lu, L., Chung, S., Lee, W.: Jekyll on IOS: when benign apps become evil. In: Proceedings of the 22nd USENIX Conference on Security. USENIX Association (2013)Google Scholar
  35. 35.
    Xu, R., Saidi, H., Anderson, R.: Aurasium: practical policy enforcement for android application. In: Proceedings of the 21st USENIX Conference on Security. USENIX Association (2012)Google Scholar
  36. 36.
    Yan, L.K., Yin, H.: Droidscope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX Conference on Security Symposium (Security 2012), p. 29. USENIX Association, Berkeley, CA, USA (2012).
  37. 37.
    Yee, B., Sehr, D., Dardyk, G., Chen, J.B., Muth, R., Orm, T., Okasaka, S., Narula, N., Fullagar, N., Inc, G.: Native client: a sandbox for portable, untrusted x86 native code. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy (2009)Google Scholar
  38. 38.
    Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy, pp. 95–109 (2012)Google Scholar
  39. 39.
    Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative Android markets. In: Proceedings of the 19th Annual Network & Distributed System Security Symposium, February 2012Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Elias Athanasopoulos
    • 1
    Email author
  • Vasileios P. Kemerlis
    • 2
  • Georgios Portokalidis
    • 3
  • Angelos D. Keromytis
    • 4
  1. 1.Vrije Universiteit AmsterdamAmsterdamThe Netherlands
  2. 2.Brown UniversityProvidenceUSA
  3. 3.Stevens Institute of TechnologyHobokenUSA
  4. 4.Columbia UniversityNew YorkUSA

Personalised recommendations