Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings

Rui Li, Wenrui Diao, Zhou Li, Jianqi Du, Shanqing Guo
{"title":"Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings","authors":"Rui Li, Wenrui Diao, Zhou Li, Jianqi Du, Shanqing Guo","doi":"10.1109/SP40001.2021.00070","DOIUrl":null,"url":null,"abstract":"Permission is the fundamental security mechanism for protecting user data and privacy on Android. Given its importance, security researchers have studied the design and usage of permissions from various aspects. However, most of the previous research focused on the security issues of system permissions. Overlooked by many researchers, an app can use custom permissions to share its resources and capabilities with other apps. However, the security implications of using custom permissions have not been fully understood.In this paper, we systematically evaluate the design and implementation of Android custom permissions. Notably, we built an automatic fuzzing tool, called CuPerFuzzer, to detect custom permissions related vulnerabilities existing in the Android OS. CuPerFuzzer treats the operations of the permission mechanism as a black-box and executes massive targeted test cases to trigger privilege escalation. In the experiments, CuPerFuzzer discovered 2,384 effective cases with 30 critical paths successfully. Through investigating these vulnerable cases and analyzing the source code of Android OS, we further identified a series of severe design shortcomings lying in the Android permission framework, including dangling custom permission, inconsistent permission-group mapping, custom permission elevating, and inconsistent permission definition. Exploiting any of these shortcomings, a malicious app can obtain dangeroussystem permissions without user consent and further access unauthorized platform resources. On top of these observations, we propose some general design guidelines to secure custom permissions. Our findings have been acknowledged by the Android security team and rated as High severity.","PeriodicalId":6786,"journal":{"name":"2021 IEEE Symposium on Security and Privacy (SP)","volume":"10 1","pages":"70-86"},"PeriodicalIF":0.0000,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP40001.2021.00070","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 12

Abstract

Permission is the fundamental security mechanism for protecting user data and privacy on Android. Given its importance, security researchers have studied the design and usage of permissions from various aspects. However, most of the previous research focused on the security issues of system permissions. Overlooked by many researchers, an app can use custom permissions to share its resources and capabilities with other apps. However, the security implications of using custom permissions have not been fully understood.In this paper, we systematically evaluate the design and implementation of Android custom permissions. Notably, we built an automatic fuzzing tool, called CuPerFuzzer, to detect custom permissions related vulnerabilities existing in the Android OS. CuPerFuzzer treats the operations of the permission mechanism as a black-box and executes massive targeted test cases to trigger privilege escalation. In the experiments, CuPerFuzzer discovered 2,384 effective cases with 30 critical paths successfully. Through investigating these vulnerable cases and analyzing the source code of Android OS, we further identified a series of severe design shortcomings lying in the Android permission framework, including dangling custom permission, inconsistent permission-group mapping, custom permission elevating, and inconsistent permission definition. Exploiting any of these shortcomings, a malicious app can obtain dangeroussystem permissions without user consent and further access unauthorized platform resources. On top of these observations, we propose some general design guidelines to secure custom permissions. Our findings have been acknowledged by the Android security team and rated as High severity.
Android自定义权限揭秘:从权限升级到设计缺陷
权限是Android上保护用户数据和隐私的基本安全机制。鉴于其重要性,安全研究人员从多个方面对权限的设计和使用进行了研究。然而,以往的研究大多集中在系统权限的安全问题上。一个应用程序可以使用自定义权限与其他应用程序共享其资源和功能,这一点被许多研究人员所忽视。但是,使用自定义权限的安全含义尚未得到充分理解。在本文中,我们系统地评估了Android自定义权限的设计和实现。值得注意的是,我们构建了一个自动模糊测试工具,名为CuPerFuzzer,用于检测Android操作系统中存在的自定义权限相关漏洞。CuPerFuzzer将权限机制的操作视为黑盒,并执行大量有针对性的测试用例来触发权限升级。在实验中,CuPerFuzzer成功发现了2384个有效案例和30个关键路径。通过对这些漏洞案例的调查和对Android操作系统源代码的分析,我们进一步发现了Android权限框架存在的一系列严重的设计缺陷,包括悬空自定义权限、不一致的权限组映射、自定义权限提升和不一致的权限定义。利用这些缺陷,恶意应用程序可以在未经用户同意的情况下获得危险的系统权限,并进一步访问未经授权的平台资源。在这些观察的基础上,我们提出了一些通用的设计准则来保护自定义权限。我们的发现得到了安卓安全团队的认可,并被评为高严重性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信