Native code execution control for attack mitigation on android

Abstract

Sophisticated malware targeting the Android mobile operating system increasingly utilizes local root exploits. These allow for the escalation of privileges and subsequent automatic, unnoticed, and permanent infection of a target device. Poor vendor patch policy leaves customer devices vulnerable for many months. All current local root exploits are exclusively implemented as native code and can be dynamically downloaded and run by any app. Hence, the lack of control mechanisms for the execution of native code poses a major threat to the security of Android devices. In this paper, we present different approaches to prevent local root exploits by means of gradually controlling native code execution. The proposed alterations to the Android operating system protect against all current local root exploits, while limiting the user experience as little as possible. Thus, the approaches we present help to avert automatic privilege escalation and to reduce exploitability and malware infection of Android devices.