Privacy Issues with the Google Android Market Thorben Kr¨ uger Bastiaan Wissingh benthor@os3.nl bastiaan@os3.nl February 2, 2011 1/ 18
Outline Introduction Terms Research I Background MITM Sniffing Findings Research II App Analysis Findings Implications Bonus Conclusion 2/ 18
Definition of Terms 3/ 18
Definition of Terms ◮ Android 3/ 18
Definition of Terms ◮ Android ◮ Google Android Market 3/ 18
Definition of Terms ◮ Android ◮ Google Android Market ◮ XMPP 3/ 18
Definition of Terms ◮ Android ◮ Google Android Market ◮ XMPP ◮ App 3/ 18
Original Question Google Android Market - Remotely Controllable? 4/ 18
Original Question Google Android Market - Remotely Controllable? ◮ To what exact extent? 4/ 18
Original Question Google Android Market - Remotely Controllable? ◮ To what exact extent? ◮ Suspicion: Highly Privileged Remove Administration Functionality 4/ 18
Original Question Google Android Market - Remotely Controllable? ◮ To what exact extent? ◮ Suspicion: Highly Privileged Remove Administration Functionality ◮ What Privacy Issues? 4/ 18
Original Question Google Android Market - Remotely Controllable? ◮ To what exact extent? ◮ Suspicion: Highly Privileged Remove Administration Functionality ◮ What Privacy Issues? ◮ Proposed Mitigations? 4/ 18
Current Research: Status 5/ 18
Current Research: Status ◮ Market uses XMPP over SSL 5/ 18
Current Research: Status ◮ Market uses XMPP over SSL ◮ Google Android: A State-of-the-Art Review of Security Mechanisms 5/ 18
Current Research: Status ◮ Market uses XMPP over SSL ◮ Google Android: A State-of-the-Art Review of Security Mechanisms ◮ AppBrain 5/ 18
Approach: SSL Man-In-The-Middle 6/ 18
Approach: SSL Man-In-The-Middle ◮ Idea: Traffic Introspection 6/ 18
Approach: SSL Man-In-The-Middle ◮ Idea: Traffic Introspection ◮ Methods: Lots Of Dirty Hacks 6/ 18
Traffic Analysis: Results 7/ 18
Traffic Analysis: Results ◮ Confirmed: XMPP-Triggered Installation 7/ 18
Traffic Analysis: Results ◮ Confirmed: XMPP-Triggered Installation ◮ Unconfirmed: Additional Functionality 7/ 18
Approach: Reverse Engineering 8/ 18
Approach: Reverse Engineering ◮ Analyze Market Package 8/ 18
Approach: Reverse Engineering ◮ Analyze Market Package ◮ Core System Application 8/ 18
Binary Analysis: Findings 9/ 18
Binary Analysis: Findings ◮ Binary Decodable To “Assembly” 9/ 18
Binary Analysis: Findings ◮ Binary Decodable To “Assembly” ◮ Results Hardly Readable 9/ 18
Binary Analysis: Findings ◮ Binary Decodable To “Assembly” ◮ Results Hardly Readable ◮ Evidence: Remotely Triggerable Functionality 9/ 18
Binary Analysis: Findings ◮ Binary Decodable To “Assembly” ◮ Results Hardly Readable ◮ Evidence: Remotely Triggerable Functionality ◮ INSTALL ASSET ◮ REMOVE ASSET 9/ 18
Binary Analysis: Findings ◮ Binary Decodable To “Assembly” ◮ Results Hardly Readable ◮ Evidence: Remotely Triggerable Functionality ◮ INSTALL ASSET ◮ REMOVE ASSET ◮ Evidence: Persistent Connection 9/ 18
Privacy Implications 10/ 18
Privacy Implications ◮ No Evidence For: Advanced Remote Control Functionality 10/ 18
Privacy Implications ◮ No Evidence For: Advanced Remote Control Functionality ◮ Possible Issue For Some: Remotely Triggered Application Removal 10/ 18
Mitigation Idea: Patch Script 11/ 18
Mitigation Idea: Patch Script ◮ “Assembly” Rebuildable To Binary 11/ 18
Mitigation Idea: Patch Script ◮ “Assembly” Rebuildable To Binary ◮ Result Still Executable 11/ 18
Mitigation Idea: Patch Script ◮ “Assembly” Rebuildable To Binary ◮ Result Still Executable ◮ Assembly-Level Patch: Remove Unwanted Functionality 11/ 18
Accidental Finding: Market App Honors Permission System 12/ 18
Accidental Finding: Market App Honors Permission System ◮ Error For Patched Market: No Permission To Install Apps 12/ 18
Accidental Finding: Market App Honors Permission System ◮ Error For Patched Market: No Permission To Install Apps ◮ Very Unexpected 12/ 18
Digression: Android Permission System 13/ 18
Digression: Android Permission System ◮ Central Part Of Android Architecture 13/ 18
Digression: Android Permission System ◮ Central Part Of Android Architecture ◮ Open Source! 13/ 18
Digression: Android Permission System ◮ Central Part Of Android Architecture ◮ Open Source! ◮ Uses: Plain XML Files 13/ 18
Digression: Android Permission System ◮ Central Part Of Android Architecture ◮ Open Source! ◮ Uses: Plain XML Files ◮ Problem: Very Coarse Grained UI 13/ 18
Android Permission System: Current Research 14/ 18
Android Permission System: Current Research ◮ permissionBlocker.apk 14/ 18
Android Permission System: Current Research ◮ permissionBlocker.apk ◮ Apex 14/ 18
Proposal: Extension of Apex 15/ 18
Proposal: Extension of Apex ◮ Requires: Changes To Software Stack 15/ 18
Proposal: Extension of Apex ◮ Requires: Changes To Software Stack ◮ Hurdle: System App Permissions Handled Differently 15/ 18
Proposal: Extension of Apex ◮ Requires: Changes To Software Stack ◮ Hurdle: System App Permissions Handled Differently ◮ Red Tape: Nothing Has Been Released 15/ 18
Conclusion 16/ 18
Conclusion ◮ Current Market App Less Evil Than Expected 16/ 18
Conclusion ◮ Current Market App Less Evil Than Expected ◮ Binary/Assembly Patches Possible 16/ 18
Conclusion ◮ Current Market App Less Evil Than Expected ◮ Binary/Assembly Patches Possible ◮ Alternative Approach: Permission Management 16/ 18
Outlook 17/ 18
Outlook ◮ Reimplement Apex: NLnet funding? 17/ 18
Questions? 18/ 18
Recommend
More recommend