Flexible Data-Driven Security for Android

Abstract

Android allows users to cancel the installation of apps whenever requested permissions to resources seem inappropriate from their point of view. Since permissions can neither be granted individually nor changed after installation, this results in rather coarse, and often too liberal, access rules. We propose a more fine-grained security system beyond the standard permission system. With our system, it is possible to enforce complex policies that are built on temporal, cardinality, and spatial conditions ("notify if data is used after thirty days'', "blur data outside company's premises'', etc.). Enforcement can be done by means of modification or inhibition of certain events and the execution of additional actions. Leveraging recent advances in information flow tracking technology, our policies can also pertain to data rather than single representations of that data. For instance, we can prohibit a movie from being played more than twice even if several copies have been created. We present design and implementation of the system and provide a security and performance analysis.