Android Declassification Infrastructure

Matan DavidYuval Evron

Project Advisor: Roei Schuster

1

Smart Phones

• Go with us everywhere we go.• Getting richer in capabilities and sensors.• We install different applications on our phone.• An over-privileged application could pose a

serious threat to us as end users.

Android OS

• Unveiled by Google at 2007.• Based on the Linux OS.• Used by 50% of smartphone

owners in the U.S.• Over 400 million Android devices in use by

February 2012.• Over 1,000,000 Android devices activated

every day.

3

Android Permissions

• Enables apps to “communicate” with different hardware components (Camera, SD Card..)• <uses-permission android:name="android.permission.CAMERA"/>• Not very fine grained.• Each permission grants access to not only one service, but to several.

4

Our Project

• Does not involve changing the OS infrastructure itself.

• Identify the most commonly used and most vulnerable

permissions .• Subdivide them into smaller,

finer grained permissions.• A “Declassifier”.

5

Project Goals

• Enable much safer Android programming.• Applications utilizing our infrastructure will be less privileged and more secure.• No compromise on application functionality.• Make porting of applications as simple as

possible.

Success Criteria

• Try to influence as many applications as possible.

• Success will be measured by revising consumer applications, limiting their privileges, while preserving their original capabilities.

7

Implemented Declassifier Services1. Android Permission – android.permission.READ_CONTACTS

Declassifier Permissions: my.declassifier.CONTACTS_PHOTO_BY_NAME_PERMISSION my.declassifier.CONTACTS_PHONE_BY_NAME_PERMISSION my.declassifier.CONTACTS_ADDRESS_BY_NAME_PERMISSION my.declassifier.CONTACTS_BIRTHDAY_BY_NAME_PERMISSION my.declassifier.CONTACTS_EMAIL_BY_NAME_PERMISSION my.declassifier.CONTACTS_IS_STARRED_BY_NUMBER_PERMISSION

2. Android Permission - android.permission.WRITE_EXTERNAL_STORAGE Declassifier Permissions:

my.declassifier.EXTERNALSTORAGE_WRITE_FILE_PERMISSION my.declassifier.EXTERNALSTORAGE_DELETE_FILE_PERMISSION my.declassifier.EXTERNALSTORAGE_ALL_FILENAMES_PERMISSION my.declassifier.EXTERNALSTORAGE_CLEAR_ALL_DATA_PERMISSION

3. Android Permission – android.permission.READ_PHONE_STATE Declassifier Permissions:

my.declassifier.PHONE_STATED_READ_PHONE_TYPE_PERMISSION my.declassifier.PHONE_STATE_READ_SUBSCRIBER_ID_PERMISSION my.declassifier.PHONE_STATE_READ_CALL_STATE_PERMISSION my.declassifier.PHONE_STATE_READ_SIM_SERIAL_NUMBER_PERMISSION

Implemented Declassifier Services

4. Android Permission - android.permission.READ_CALENDAR

Declassifier Permissions:4. my.declassifier.CALENDAR_EVENT_DATE_BY_TITLE_PERMISSION5. my.declassifier.CALENDAR_LOCATION_BY_TITLE_PERMISSION6. my.declassifier.CALENDAR_DESCRIPTION_BY_TITLE_PERMISSION

5. Android Permission - android.permission.RECORD_AUDIO

Declassifier Permissions: my.declassifier.START_VOICE_RECORD_PERMISSION

6. Android Permission - android.permission.CHANGE_WIFI_STATE

Declassifier Permissions: my.declassifier.TURN_OFF_WIFI_PERMISSION my.declassifier.TURN_ON_WIFI_PERMISSION my.declassifier.CONNECT_TO_WIFI_PERMISSION

ImplementationWe broke down our Declassifier into 3 types:I. BroadcastReceiver –• The app sends an ordered broadcast, with all the information

encapsulated inside an Intent.

Intent i = new Intent("com.example.Declassifier. CALENDAR_EVENT_BY_TITLE_ACTION");i.putExtra("Title",titleNameStr);

• The app also supplies a custom BroadcastReceiver which will handle the Declassifier’s result (callback mechanism).

• The Declassifier filters out requests which to not satisfy the relevant permissions, and the app filters out returned results from unauthorized sources.

Implementation

II. ContentProvider – • Encapsulates data and provides it to applications through the

single ContentResolver interface.• Content is queried:

Uri uri = Uri.parse("content://" + AUTHORITY + "/" + BASE_PATH + "/" + GET_EVENT_DESCRIPTION_BY_TITLE);Cursor cursor = cr.query(uri,null,selection,null,null);

• A cursor to the content is returned.• The Declassifier checks if the given URI is permitted access

(using the path-permission mechanism) and filters out queries that are not.

Implementation

III. Activity - • Pops up a confirmation screen on the service the

3rd party application is trying to access.• The User has the option of granting or denying the

application access.• If permission is granted, the calling application uses

service as needed.• If permission is denied, the calling application will

return appropriate message and end running method.

Ported Applications• SMS Popup – For use with the Phone State declassifier• http://code.google.com/p/android-smspopup/• Auto Answer – For use with the Contacts declassifier.• http://code.google.com/p/auto-answer/• My Simple Notepad – For use with the External Storage

declassifier.• http://code.google.com/p/my-simple-notepad/feeds• Wifi Compass – For use with the Wifi declassifier.• http://code.google.com/p/wificompass/• GVoiceMail – For use with the Voice Record declassifier.• http://code.google.com/p/gvoicemail/

Running Examples - Auto Answer

Running Examples - Auto Answer

Running Examples - Auto Answer

Running Examples - GVoiceMail

Running Examples - GVoiceMail

Running Examples - GVoiceMail

Running Examples - GVoiceMail

Running Examples - GVoiceMail

Running Examples - wificompass

Running Examples - wificompass

Running Examples - wificompass

Running Examples - wificompass

Running Examples - wificompass

Running Examples - wificompass

Running Examples - wificompass

Running Examples - my-simple-notepad

Running Examples - my-simple-notepad

Running Examples - my-simple-notepad

Running Examples - my-simple-notepad

Running Examples - my-simple-notepad

Running Examples - my-simple-notepad

Running Examples - SMSPopup

Running Examples - SMSPopup