URANOS: User-Guided Rewriting for Plugin-Enabled ANdroid ApplicatiOn Security
نویسندگان
چکیده
URANOS is an Android application which uses syntactical static analysis to determine in which component of an Android application a permission is required. This work describes how the detection and analysis of widely distributed and security critical adware plugins is achieved. We show, how users can trigger bytecode rewriting to (de)activate selected or redundant permissions in Android applications without sacrificing functionality. The paper also discusses performance, security, and legal implications of the presented approach.
منابع مشابه
Boxify: Full-fledged App Sandboxing for Stock Android
We present the first concept for full-fledged app sandboxing on stock Android. Our approach is based on application virtualization and process-based privilege separation to securely encapsulate untrusted apps in an isolated environment. In contrast to all related work on stock Android, we eliminate the necessity to modify the code of monitored apps, and thereby overcome existing legal concerns ...
متن کاملVirtualExplorer: A Plugin-Based Virtual Reality Framework
This paper introduces VirtualExplorer, a customizable plugin-based virtual reality framework for immersive scientific data visualization, exploration and geometric modeling. The framework is layered on top of a run-time plugin system and reconfigurable virtual user interface and provides a variety of plugin components. The system provides access to scene-graphbased APIs, including Performer and...
متن کاملPoster: Full-fledged App Sandboxing for Stock Android
We present the first concept for full-fledged app sandboxing on stock Android. Our approach is based on application virtualization and process-based privilege separation to securely encapsulate untrusted apps in an isolated environment. In contrast to all related work on stock Android, we eliminate the necessity to modify the code of monitored apps, and thereby overcome existing legal concerns ...
متن کاملDEMO: Enabling Trusted Stores for Android
In the Android ecosystem, the process of verifying the integrity of downloaded apps is left to the user. Different from other systems, e.g., Apple App Store, Google does not provide any certified vetting process for the Android apps. This choice has a lot of advantages but it is also the open door to possible attacks as the recent one shown by Bluebox [4]. To address this issue, this demo prese...
متن کاملEnforcing Least Privilege with Android Permissions in Mobile App Development
Though there is evidence that presenting Android app permission information to the user in a clear, more contextdependent way can influence mobile phone users in choosing apps that request fewer permissions [4], ultimately users still tend to make poor privacy and security decisions, especially when warnings are unclear or inhibitive [1]. As a result, we believe that code developers should take...
متن کامل