Capítulo de livro Revisado por pares

Splitting Third-Party Libraries’ Privileges from Android Apps

2017; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-319-59870-3_5

ISSN

1611-3349

Autores

Jiawei Zhan, Quan Zhou, Xiaozhuo Gu, Yuewu Wang, Yingjiao Niu,

Tópico(s)

Software Testing and Debugging Techniques

Resumo

Third-party libraries are very prevalent in the development of Android Apps. However, the wide use of third-party libraries may cause potential violations on user's privacy. In the original Android permission mechanism, host Apps share all permissions with their third-party libraries. Moreover, the details of most third-party libraries are not very clear to developers and malicious code may be contained. With privileges and malicious code, the attack may be conducted. In this paper, we present a novel privilege splitting mechanism for the third-party libraries in Android Apps. Different from other similar approaches, our system makes full use of the original permission mechanism to minimize the attack surface and the impact on Android system. Since the lightweight customization on Android, our system can be easily adapted to both Dalvik and ART (Android Runtime) virtual machines. We deployed a prototype on a real Android device and evaluated it's compatibility, effectiveness and performance. The experiment results show that our system is compatible with existing Apps, splits the third-party libraries' privileges effectively according to the given policies, and works well with negligible performance overhead.

Referência(s)