Splitting Third-Party Libraries’ Privileges from Android Apps
2017; Springer Science+Business Media; Linguagem: Inglês
10.1007/978-3-319-59870-3_5
ISSN1611-3349
AutoresJiawei Zhan, Quan Zhou, Xiaozhuo Gu, Yuewu Wang, Yingjiao Niu,
Tópico(s)Software Testing and Debugging Techniques
ResumoThird-party libraries are very prevalent in the development of Android Apps. However, the wide use of third-party libraries may cause potential violations on user's privacy. In the original Android permission mechanism, host Apps share all permissions with their third-party libraries. Moreover, the details of most third-party libraries are not very clear to developers and malicious code may be contained. With privileges and malicious code, the attack may be conducted. In this paper, we present a novel privilege splitting mechanism for the third-party libraries in Android Apps. Different from other similar approaches, our system makes full use of the original permission mechanism to minimize the attack surface and the impact on Android system. Since the lightweight customization on Android, our system can be easily adapted to both Dalvik and ART (Android Runtime) virtual machines. We deployed a prototype on a real Android device and evaluated it's compatibility, effectiveness and performance. The experiment results show that our system is compatible with existing Apps, splits the third-party libraries' privileges effectively according to the given policies, and works well with negligible performance overhead.
Referência(s)