Android Security via Static Program Analysis

Abstract

Android is a popular platform designed for mobile devices. It consists of a customized Linux kernel, middleware, and a few core applications such as the Phone application. The middleware, commonly referred to as the Android framework, provides libraries and runtime services to applications. Applications in Android are written mainly in Java. Once compiled, Android transforms its applications into the Dalvik Executable (or DEX) format to minimize the memory footprint. Android uses a Java VM called Dalvik to execute DEX bytecode. Unlike other mobile OSes, Android has a unique permission mechanism. At development time, an application developer needs to explicitly request permissions by including them in an application configuration file. We refer to this configuration file simply as the manifest invthe remainder of the paper. At installation time, each uservneeds to review the permissions that the application requestsvand explicitly grant them.