zbMATH — the first resource for mathematics

Splitting third-party libraries’ privileges from Android apps. (English) Zbl 06764617
Pieprzyk, Josef (ed.) et al., Information security and privacy. 22nd Australasian conference, ACISP 2017, Auckland, New Zealand, July 3–5, 2017. Proceedings. Part II. Cham: Springer (ISBN 978-3-319-59869-7/pbk; 978-3-319-59870-3/ebook). Lecture Notes in Computer Science 10343, 80-94 (2017).
Summary: Third-party libraries are very prevalent in the development of Android apps. However, the wide use of third-party libraries may cause potential violations on user’s privacy. In the original Android permission mechanism, host Apps share all permissions with their third-party libraries. Moreover, the details of most third-party libraries are not very clear to developers and malicious code may be contained. With privileges and malicious code, the attack may be conducted. In this paper, we present a novel privilege splitting mechanism for the third-party libraries in Android apps. Different from other similar approaches, our system makes full use of the original permission mechanism to minimize the attack surface and the impact on Android system. Since the lightweight customization on Android, our system can be easily adapted to both Dalvik and ART (Android Runtime) virtual machines. We deployed a prototype on a real Android device and evaluated it’s compatibility, effectiveness and performance. The experiment results show that our system is compatible with existing Apps, splits the third-party libraries’ privileges effectively according to the given policies, and works well with negligible performance overhead.
For the entire collection see [Zbl 1365.94005].
68 Computer science
Full Text: DOI