Android Security Model – A Different Perspective

SafeDroid — Wed, 31 Aug 2011 05:07:17 +0000

Android Security Model

In the new few blog posts, I would like to review the Android Security Model as defined in the base OS and highlight some of the issues that I see and have been exploited in recent past. Here is a good presentation on the security model.

Understanding android security model

View more presentations from Pragati Ogal Rai

Issue 1: Permissions Model based on User Acceptance

Whenever an application is installed on Android, it asks user to accept the permissions that the application needs. In any security model, the weakest link is the only piece that matters and as you can imagine, the user is the weakest link here. I do not think any user has the knowledge to understand what the permission sets are and whether an application should need those permissions. For example why would the facebook application need to access the phone?

So invariably majority of users, end up saying yes. I would not be surprised if the percentage of users who ever declined the install based on permissions is less .1%. This means that the malicious writer can easily pose as a useful application and then ask user for permission to access the whole world.

Issue 2: User Defined Permissions

Another weakness in android is the user defined permissions. Imagine a scenario where a malicious application writer, writes a very useful application and gets the credit card and other sensitive information from the user. As part of this application, the application writer can define their own permission set which can then be exploited by another application that is written later.

Many more issues

Self signed binaries and many other so called security models are just waiting to be exploited or have been exploited.

Android Security – Will we live the windows nightmare all over again?

SafeDroid — Tue, 30 Aug 2011 05:54:47 +0000

If you look at the recent vulnerability that has been discovered on android called “Android Class Loading Hijacking”, it is very similar to the dll hijacking attacks on windows which has been an age old way to run malicious code. A detailed analysis of this recent vulnerability can be found here. There are multiple ways to exploit such a vulnerability – by overwriting the code that the loader is using from an insecure location or by replacing the critical personal data stored and hence making a legitimate application do malicious stuff.

The promise of simplicity

If you look at the big promise of android over linux as a mobile OS, it has been the simplicity to write great apps and this is clear visible in all the android introduction presentations from google. If the developers start to really believe in this simplicity and they do not understand the intricacies of where to store the data and where to load the code from and how to secure these locations, then we will have pretty looking applications that can exploited with ease.

How will this evolve?

Given that android is getting such a wide spread adoption on all kinds of devices, the security technologies will evolve in a very similar manner as in windows world starting with the A/V technologies and then moving towards behavior based technologies and others. If you see this latest vulnerability, this can be easily prevented from being exploited with whitelisting like technology in windows world.