A Small But Non-negligible Flaw in the Android Permission Scheme

2010 IEEE International Symposium on Policies for Distributed Systems and Networks Pub Date : 2010-07-21 DOI:10.1109/POLICY.2010.11

Wook Shin, S. Kwak, S. Kiyomoto, Kazuhide Fukushima, Toshiaki Tanaka

{"title":"A Small But Non-negligible Flaw in the Android Permission Scheme","authors":"Wook Shin, S. Kwak, S. Kiyomoto, Kazuhide Fukushima, Toshiaki Tanaka","doi":"10.1109/POLICY.2010.11","DOIUrl":null,"url":null,"abstract":"This paper presents a flaw in the permission scheme of Android. The Android framework enforces a permission-based security policy where an application can access the other parts of the system only when the application is explicitly permitted. The security of the framework depends to a large extent on the owner of a device since the authorization decisions are mainly made by the user. As a result, the permission scheme imposes much of the administrative burden on the user instead of keeping it simple. Moreover, the framework does not impose enough controls nor support dynamic adjustment in the following respects: No naming rule or constraint is applied for a new permission declaration; once an application acquires a permission, the permission is never revoked during the lifetime of the application, two different permissions can be in use having the same name. These features of the framework can result in a security flaw. We explain how we found the flaw, demonstrate an exploit example, and discuss the solution.","PeriodicalId":143330,"journal":{"name":"2010 IEEE International Symposium on Policies for Distributed Systems and Networks","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"50","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE International Symposium on Policies for Distributed Systems and Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/POLICY.2010.11","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 50

Abstract

This paper presents a flaw in the permission scheme of Android. The Android framework enforces a permission-based security policy where an application can access the other parts of the system only when the application is explicitly permitted. The security of the framework depends to a large extent on the owner of a device since the authorization decisions are mainly made by the user. As a result, the permission scheme imposes much of the administrative burden on the user instead of keeping it simple. Moreover, the framework does not impose enough controls nor support dynamic adjustment in the following respects: No naming rule or constraint is applied for a new permission declaration; once an application acquires a permission, the permission is never revoked during the lifetime of the application, two different permissions can be in use having the same name. These features of the framework can result in a security flaw. We explain how we found the flaw, demonstrate an exploit example, and discuss the solution.

查看原文本刊更多论文

Android权限方案中的一个小但不可忽略的缺陷

本文提出了Android系统权限方案中的一个缺陷。Android框架强制执行基于权限的安全策略，只有当应用程序被明确允许时，应用程序才能访问系统的其他部分。框架的安全性在很大程度上取决于设备的所有者，因为授权决策主要由用户做出。因此，许可方案给用户带来了大量的管理负担，而不是保持简单。此外，该框架在以下方面没有施加足够的控制，也不支持动态调整:没有为新的权限声明应用命名规则或约束;一旦应用程序获得了一个权限，该权限在应用程序的生命周期内永远不会被撤销，两个不同的权限可以使用相同的名称。框架的这些特性可能导致安全缺陷。我们将解释如何发现漏洞，演示利用示例，并讨论解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2010 IEEE International Symposium on Policies for Distributed Systems and Networks

自引率

0.00%

发文量