EXPLORING VARIED APPROACHES FOR COUNTERING THE PRIVACY AND SECURITY RISKS OF THIRD-PARTY MOBILE APPLICATIONS
Analytics
214 views ◎162 downloads ⇓
Abstract
Third-party mobile applications have become an essential component of modernecosystems such as Android and iOS. The number of these applications has growntremendously in recent years, for instance, the number of Android applications inthe market is 1.8 million. In most cases, third-party applications need to access re-stricted resources on these platforms, thus, platform providers have deployed accesscontrol mechanisms to control the privileges these applications can obtain. Nonethe-less, malicious applications continue to find their ways to gain privileged access tousers data and profiles. The success of these malicious attacks depends largely on theefficiency of the access control mechanisms and users awareness and comprehension.In this dissertation, we investigate the security and privacy risks of third-party appli-cations in Android system by identifying a number of vulnerabilities caused by thelimitations of the Android permission access control system and bad implementationchoices for a popular authorization standard called OAuth. We show how maliciousapplications can exploit these vulnerabilities. Then, a stand-alone and an integratedframeworks are proposed to detect and offer solutions for the discovered vulnerabili-ties. Moreover, in-lab and online user studies are conducted to study users awarenessand comprehension to the vulnerabilities and the countermeasures.The OAuth-WebView implementation is the most widely used approach despite ex-plicit warnings to the developers of its security and privacy risks. OAuth-WebView in mobile applications is extensively studied in this dissertation for any security and pri-vacy violations. The dissertation investigates another threat that is caused by third-party mobile applications, the Keylogging threat in Android. Keyloggeing threat hasbeen reasonably studied in the computer systems but poorly covered in the domain ofmobile operating systems. Android took the lead among the other mobile operatingsystems in allowing developers to build custom third-party keyboards to replace thestock Android keyboard. This opened the door for malicious developers to create key-loggers for the purpose of spying and/or fishing for users sensitive data. A maliciousdeveloper may build a keylogger from scratch or utilize an existing keyboard. Usersmay unknowingly install keyloggers off the online markets or may use a keylogger thata malicious user with physical access has installed on their devices. The third and lastproblem of this dissertation is Android Broadcast Receivers of system actions. An-droid provides finer-grained security features through a permission mechanism thatputs limitations on the resources that each application can access. Upon installing anew Android application, a user is prompted to grant it a set of permissions. Thereare two typical assumptions made regarding permissions and mobile application se-curity and privacy. The first one is that malicious applications need to retain manypermissions. Secondly, mobile devices users assume that installed applications do notaccess data if they are not in the foreground. The dissertation seek to answer thefollowing research questions: What are the OAuth in-app implementation choices that would put mobileusers’ privacy at risk? How to measure the mobile users’ comprehension to OAuth-Embedded appsand what kind of security cue designs can be used to alert them of any OAuthrelated attacks?• Are there any other components that must be taken into account to determinethe malicious behavior of Android apps besides possessing dangerous permis-sions?• How effective embedding security tips in Android applications can be in en-hancing users’ awareness?For the purpose of answering the above questions, (1) The different OAuth implemen-tations approaches in mobile applications adopted by popular resource providers areidentified and possible attacks are being demonstrated. We summarize the OAuthimplementation choices made by the service providers in their SDKs (Software Devel-opment Kits) and by developers in their OAuth-Embedded mobile applications. (2)In-lab and online user studies are conducted to evaluate users’ awareness and com-prehension to the OAuth-Embedded mobile applications and the possible attacks.(3) New security cue designs for WebView-based mobile applications are proposedand evaluated on observability, understandability and affectivity aspects. After real-izing the problem of OAuth implementations in mobile applications (4) a stand-aloneapplication-based solution called OAuthManager is proposed and a prototype is imple-mented. The solution is based on the concept of privilege separation and does not re-quire high overhead. However, the solution mandates that both developers and serviceproviders change their implementations to work with the proposed solution. Thus, we introduce SecureOAuth, a whitelist access control protection framework for theAndroid platform. SecureOAuth is composed of: Android library modifications, ser-vice creation, and system app creation. A prototype of the SecureOAuth frameworkis implemented and evaluated on performance and memory overhead. The frameworkhardens the OAuth-WebView implementation with bounded overhead while keepingthe user’s involvement to minimum. Moreover, the framework requires no implemen-tations’ changes and assumes strong attacking assumptions. (5) An analysis study ona set of third-party Android keyboards, collected from the market, is conducted. Thenumber and type of permissions that are requested by these keyboards make thempotential victims for the keylogger attack. (6) The users and keyboard developersroles in increasing/decreasing the chance of successful keylogger attack is also stud-ied. The study shows that keylogging threat is of high probability due to the currentsecurity configurations and users and developers choices. Moreover, the study shoesthat the risk can be reduced by educating the users and by adopting new developmentapproaches.As far as the broadcast receivers, the evolution of Android broadcast ac-tions is studied, an attack scenario that made possible by the broadcast receivers isdemonstrated, and a large dataset of benign and malicious Android applications isanalyzed for the receivers usage pattern.