Introduction to Android | Android Tutorials | Android Blog - SearchforSolutionsOnline
An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps...
Transcript of An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps...
![Page 1: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/1.jpg)
www.data61.csiro.au
AnAnalysisofthePrivacyandSecurityRisksofAndroidVPNPermission-enabledAppsMuhammadIkram(UNSW,Data61,CSIRO)NarseoVallina-Rodriguez(ICSI,IMDEANetworks)SurangaSeneviratne(Data61,CSIRO)MohamedAliKaafar(Data61,CSIRO)VernPaxson(UCBerkeley,ICSI)
![Page 2: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/2.jpg)
PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
TypicalVPNUseCases
2
VPNTunnel
• Geo-filteredcontent• Anti-surveillance• Censorship• Untrustednetworks
![Page 3: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/3.jpg)
PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
AndroidVPNAPI• AvailablesinceAndroid≧ 4.0(IceCreamSandwich)• HighlysensitiveAPI
+ ProtectedbyBIND_VPN_SERVICE+ Requiresuser’sdirectaction
3
- UsersmaynotunderstandVPNtechnology- Lackofapps’vettingprocess
![Page 4: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/4.jpg)
4 PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 5: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/5.jpg)
5 PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
AreVPNAndroidappstrustworthy?
![Page 6: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/6.jpg)
6 PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
1.StaticAnalysis
2.NetworkMeasurements
Approach
![Page 7: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/7.jpg)
Somesalientresults
7 PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
•Malwarepresence• Trafficleak• JavascriptinjectionandTLSinterception
38%ofVPNappshavemalwarepresence(VirusTotal)18%ofVPNappsdonotuseencryptedtunnels
84%leakIPv6traffic66%leakDNStraffic
2appsinjectJavaScriptcode4appsimplementTLSinterception
![Page 8: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/8.jpg)
Agenda
• VPNAppDetectionandMethodology
• PassiveAnalysis
• NetworkMeasurements
• Summary
• Developer’sfeedback
8 PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 9: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/9.jpg)
Methodology
9
Google Play Crawl (1.4M+ Apps) Static
AnalysisNetwork
Measurements
VPNAppDetectionandClassification
Executablesandmetadata(appsdescription,reviews,etc)
PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 10: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/10.jpg)
10
AppCategory #ofappsfound(N=283)
FreeVPNappswithFreeservices 130
FreeVPNappswithPremiumservices 153
IdentifiedVPNApp
PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 11: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/11.jpg)
AnalyzedVPNApps- Evolution
11
Android4.0releasedate
Estimated ReleaseDate
PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 12: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/12.jpg)
Userinstallsandratings
12
37%ofapps>500Kinstalls
55%ofapps>4-starrating
PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 13: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/13.jpg)
StaticAnalysis
13 PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 14: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/14.jpg)
67%ofAndroidVPNappsclaimprivacyandsecurityenhancementfeatures
14 PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 15: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/15.jpg)
AccesstoSensitiveDataandResources
• 82%oftheVPNappsrequestsensitivepermissions
• READ_LOGS(14%)
• READ_SMS(6%)
• READ_CONTACTS(6%)
• WRITE_SMS(4%)
15 PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
Limitation:istheuseofthosepermissionslegitimate?
![Page 16: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/16.jpg)
3rd-partyTrackingLibraries
• 67%ofVPNappsinclude3rd-partytrackinglibraries
16 PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 17: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/17.jpg)
MalwarePresence• Scanner:VirusTotalaggregator• AV-rank: numberofAVtoolsreportingmalware• 38%ofVPNappscontainmalwarewith4%haveAV-rank≧ 5
17 PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 18: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/18.jpg)
NetworkMeasurements
18 PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 19: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/19.jpg)
Testbed
19 PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
Trafficmanipulations
![Page 20: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/20.jpg)
• Testedmanuallyeachvantagepointreportedintheapp
• 18%ofappsdonotinformabouttheterminatingend-point
• 4%ofVPNappsintercepttrafficonlocalhost
• 16%usevantagepointshostedonresidentialnetworks(SpamhausPBL)
20
Forwardingmodels
1lt.su
PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 21: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/21.jpg)
21 PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
USERSHAVENOCONTROL!
maxhane.comqudosteam.com
![Page 22: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/22.jpg)
DNSandIPv6Leakages
22
• 18%ofappsdonotuseencryptedtunnels
• 84%ofVPNappsleakIPv6traffic
• 66%ofVPNappsleaksDNSqueries
Userscanbepotentiallysubjecttoin-pathmodification,profiling,redirection,andcensorship.
PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 23: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/23.jpg)
AdblockingandJavaScriptInjection
• DOM-basedanalysis
• Top30Alexasites,referencewebsiteandsevene-commercesites
23 PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 24: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/24.jpg)
TLSInterception
• Analysedcertificatesfrom60websites/domains
• Appscompromiserootstore
24
Domain(port) Neopard DashVPN DashNet PacketCapture
amazon.com ❌ ✅ ❌ ✅
gmail.com ✅ ✅ ✅ ✅
orcart.facebook.com(8883) ✅ ❌ ❌ ✅
bankofamerica.com ✅ ✅ ✅ ✅
hsbc.com ❌ ✅ ❌ ✅
PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 25: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/25.jpg)
Moredetails:
25 PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 26: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/26.jpg)
“Andisn’titironic?”
26
• Douserscare?
• Manuallyanalysednegativereviews(4.5K)(1- and2-Stars)
• < 1%ofthenegativereviewsraisedprivacyandsecurityconcerns
PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 27: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/27.jpg)
Summary
• 38%ofappshavemalwarepresence
• 67%ofappshaveatleastonethird-partytrackinglibrary
• 66%ofVPNappshaveDNSleakagesand84%haveIPv6Leakages
• 2VPNappsperformJS-injectionforads,tracking,andredirections
• 4VPNappsperformTLSinterception
27 PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 28: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/28.jpg)
DeveloperFeedbackandReactions
28
“…Appflood[third-partylibrary]wasthebestchoicetomonetizetheapp”.
Now:ads- andtrackingfreeapp
ConfirmedJS-Injectionsfortrackingusersandshowingtheirownadvertisements
Now:statusquo
PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
![Page 29: An Analysis of the Privacy and Security Risks of Android ... · Android VPN Permission-enabled Apps Muhammad Ikram (UNSW, Data61, CSIRO) Narseo Vallina-Rodriguez (ICSI, IMDEA Networks)](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42ff618419c61bda460d26/html5/thumbnails/29.jpg)
29
November2015 October2016
PrivacyandSecurityRisksofAndroidVPNPermission-enabledApps|MuhammadIkram
“…wewillpromisetheseproblemsneveroccuragain.”
15AV-RANK 1AV-RANK
DeveloperFeedbackandReactions