Real-time detection and prevention of android SMS permission abuses

Abstract

The Android permission system informs users about the privileges demanded by applications (apps), and in principle allows users to assess potential risks of apps. Unfortunately, recent studies showed that the installation-time permission verification procedure is often ignored, due to users' lack of attention or insufficient understanding of the privileges or the Android permission system. As a consequence, malicious apps are likely granted with security- and privacy-critical permissions, and launch various kinds of attacks without being noticed by the users. In this paper, we present the design, analysis, and implementation of DroidPAD, a novel solution that aims to leverage system-wide state information to detect and block in real-time possible abuses of Android permissions. Especially, with a focus on SMS-related permissions, we have implemented a proof-of-concept prototype. Our evaluation based on 48 representative benign and malicious apps shows that DroidPAD successfully detected SMS permissions-abusing activities with low false-positive rates, and zero false-negative rates.