Normal Permissions In Android: An Audiovisual Deception

Presented at DeepSec 2017 „Science First!“, Unknown date/time (Unknown duration)

Marshmallow was a significant revision for Android. Among the new fea- tures that were introduced one of the most significant is without any doubt the runtime permissions. The permission model was totally redesigned categorising the permissions into four main categories. The main concept of this categorisa- tion is to how much risk a user is exposed to when permissions are granted. Normal permissions imply the least risk for the user. However, there are some important issues in this case. Firstly, these permissions are not actually dis- played to the user; they are not displayed upon installation and the user needs to dig into several menus to find them for each app. Most importantly though, these permissions cannot be revoked. Unlike dangerous permissions, where the user can grant or revoke a permission whenever deemed necessary, the normal persmissions are automatically granted and cannot be revoked, unless the user uninstalls the app that uses them. The research question that arises from this change is whether the apps that request only normal permissions are benign. Note that an app requesting only normal permissions will never request any alerting action from the user, hence the user is more probable to install it and not worry about it. Furthermore, since these persmissions are automatically granted, this means that any malicious action that could be made with such permissions can be ported to any installed app as they will not require any user interaction. Our extensive experiments have shown that apps based only on the normal permissions are far from being considered benign as they can exploit many na- tive Android mechanisms to perform many malicious actions. More precisely, we present many methods which exploit the capabilities of user interface, voice as- sistants and intents in Android that lead to serious security issues. An overview of where these actions can be applied will be illustrated, indicating where Nougat is still vulnerable. The attacks which will be presented have already been disclosed to Google and Microsoft, and in some of these cases the appropriate patches have been made.

Presenters:

• Constantinos Patsakis - University of Piraeus
  Assistant Professor Constantinos Patsakis (male) holds a B.Sc. in Mathematics from the University of Athens, Greece and a M.Sc. in Information Security from Royal Holloway, University of London. He obtained his PhD in Cryptography and Malware from the Department of Informatics of University of Piraeus. His main areas of research include cryptography, security, privacy, data anonymization and malware analysis. He is the author of more than 70 publications in peer reviewed international conference proceedings and journals and has been teaching computer science courses at European universities for more than a decade. Dr Patsakis has been working in the industry as a freelance developer and security consultant. He has participated in several national (Greek, Spanish, Catalan and Irish) and European R&D projects. Additionally, he has worked as researcher at the UNESCO Chair in Data Privacy at the Rovira i Virgili University (URV) of Tarragona, Catalonia, Spain and as a research fellow at Trinity College, Dublin Ireland.

Links:

• https://deepsec.net/archive/2017.deepsec.net/speaker.html#PSLOT305

Similar Presentations:

• DEF CON 18 (2010) / These Aren't the Permissions You're Looking For
• Black Hat USA 2010 / These Aren't the Permissions You're Looking For
• Black Hat USA 2017 / Cloak & Dagger: From Two Permissions to Complete Control of the UI Feedback Loop