Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings

Research Article

Enhancing Android Security Through App Splitting

Download
170 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-78813-5_2,
        author={Drew Davidson and Vaibhav Rastogi and Mihai Christodorescu and Somesh Jha},
        title={Enhancing Android Security Through App Splitting},
        proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings},
        proceedings_a={SECURECOMM},
        year={2018},
        month={4},
        keywords={Security Android Privilege separation Permissions},
        doi={10.1007/978-3-319-78813-5_2}
    }
    
  • Drew Davidson
    Vaibhav Rastogi
    Mihai Christodorescu
    Somesh Jha
    Year: 2018
    Enhancing Android Security Through App Splitting
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-78813-5_2
Drew Davidson1,*, Vaibhav Rastogi2,*, Mihai Christodorescu3,*, Somesh Jha,*
  • 1: Tala Security
  • 2: University of Wisconsin-Madison
  • 3: Visa Research
*Contact email: drew@talasecurity.io, vrastogi@cs.wisc.edu, mihai.christodorescu@visa.com, jha@cs.wisc.edu

Abstract

The Android operating system provides a rich security model that specifies over 100 distinct permissions. Before performing a sensitive operation, an app must obtain the corresponding permission through a request to the user. Unfortunately, an app is treated as an opaque, monolithic security principal, which is granted or denied permission as a whole. This blunts the effectiveness of the permissions model. Even the recent enhancements in Android do not account for the interactions between multiple permissions or for multiple uses of a single permission for disparate functionality.