Android Permission System Violation: Case Study and Refinement

Abstract

Android uses permissions for application security management. Android also allows inter-application communication (IAC), which enables cooperation between different applications to perform complex tasks by using some components and Intents. In other words, Android provides more flexibility and places less restriction on application development. This is a major feature that differentiates Android from its competitors. However, IAC also facilitates malicious applications that can collude in attacks of privilege escalation. In this paper, the authors demonstrate with case studies that all IAC channels can potentially be utilized for privilege escalation attacks, and the authors propose a refinement to solve this problem by enforcing IAC permissions and exposing IAC to users. Android Permission System Violation: Case Study and Refinement