Privacy Issues with the Google Android Market Thorben Kr uger - - PowerPoint PPT Presentation

Privacy Issues with the Google Android Market

Thorben Kr¨ uger Bastiaan Wissingh benthor@os3.nl bastiaan@os3.nl February 2, 2011

1/ 18

Outline

Introduction Terms Research I Background MITM Sniffing Findings Research II App Analysis Findings Implications Bonus Conclusion

2/ 18

Definition of Terms

3/ 18

Definition of Terms

◮ Android

3/ 18

Definition of Terms

◮ Android ◮ Google Android Market

3/ 18

Definition of Terms

◮ Android ◮ Google Android Market ◮ XMPP

3/ 18

Definition of Terms

◮ Android ◮ Google Android Market ◮ XMPP ◮ App

3/ 18

Original Question

Google Android Market - Remotely Controllable?

4/ 18

Original Question

Google Android Market - Remotely Controllable?

◮ To what exact extent?

4/ 18

Original Question

Google Android Market - Remotely Controllable?

◮ To what exact extent?

◮ Suspicion: Highly Privileged Remove Administration

Functionality

4/ 18

Original Question

Google Android Market - Remotely Controllable?

◮ To what exact extent?

◮ Suspicion: Highly Privileged Remove Administration

Functionality

◮ What Privacy Issues?

4/ 18

Original Question

Google Android Market - Remotely Controllable?

◮ To what exact extent?

◮ Suspicion: Highly Privileged Remove Administration

Functionality

◮ What Privacy Issues? ◮ Proposed Mitigations?

4/ 18

Current Research: Status

5/ 18

Current Research: Status

◮ Market uses XMPP over SSL

5/ 18

Current Research: Status

◮ Market uses XMPP over SSL ◮ Google Android: A State-of-the-Art Review of Security

Mechanisms

5/ 18

Current Research: Status

◮ Market uses XMPP over SSL ◮ Google Android: A State-of-the-Art Review of Security

Mechanisms

◮ AppBrain

5/ 18

Approach: SSL Man-In-The-Middle

6/ 18

Approach: SSL Man-In-The-Middle

◮ Idea: Traffic Introspection

6/ 18

Approach: SSL Man-In-The-Middle

◮ Idea: Traffic Introspection ◮ Methods: Lots Of Dirty Hacks

6/ 18

Traffic Analysis: Results

7/ 18

Traffic Analysis: Results

◮ Confirmed: XMPP-Triggered Installation

7/ 18

Traffic Analysis: Results

◮ Confirmed: XMPP-Triggered Installation ◮ Unconfirmed: Additional Functionality

7/ 18

Approach: Reverse Engineering

8/ 18

Approach: Reverse Engineering

◮ Analyze Market Package

8/ 18

Approach: Reverse Engineering

◮ Analyze Market Package ◮ Core System Application

8/ 18

Binary Analysis: Findings

9/ 18

Binary Analysis: Findings

◮ Binary Decodable To “Assembly”

9/ 18

Binary Analysis: Findings

◮ Binary Decodable To “Assembly” ◮ Results Hardly Readable

9/ 18

Binary Analysis: Findings

◮ Binary Decodable To “Assembly” ◮ Results Hardly Readable ◮ Evidence: Remotely Triggerable Functionality

9/ 18

Binary Analysis: Findings

◮ Binary Decodable To “Assembly” ◮ Results Hardly Readable ◮ Evidence: Remotely Triggerable Functionality

◮ INSTALL ASSET ◮ REMOVE ASSET 9/ 18

Binary Analysis: Findings

◮ Binary Decodable To “Assembly” ◮ Results Hardly Readable ◮ Evidence: Remotely Triggerable Functionality

◮ INSTALL ASSET ◮ REMOVE ASSET

◮ Evidence: Persistent Connection

9/ 18

Privacy Implications

10/ 18

Privacy Implications

◮ No Evidence For: Advanced Remote Control Functionality

10/ 18

Privacy Implications

◮ No Evidence For: Advanced Remote Control Functionality ◮ Possible Issue For Some: Remotely Triggered Application

Removal

10/ 18

Mitigation Idea: Patch Script

11/ 18

Mitigation Idea: Patch Script

◮ “Assembly” Rebuildable To Binary

11/ 18

Mitigation Idea: Patch Script

◮ “Assembly” Rebuildable To Binary ◮ Result Still Executable

11/ 18

Mitigation Idea: Patch Script

◮ “Assembly” Rebuildable To Binary ◮ Result Still Executable ◮ Assembly-Level Patch: Remove Unwanted Functionality

11/ 18

Accidental Finding: Market App Honors Permission System

12/ 18

Accidental Finding: Market App Honors Permission System

◮ Error For Patched Market: No Permission To Install Apps

12/ 18

Accidental Finding: Market App Honors Permission System

◮ Error For Patched Market: No Permission To Install Apps ◮ Very Unexpected

12/ 18

Digression: Android Permission System

13/ 18

Digression: Android Permission System

◮ Central Part Of Android Architecture

13/ 18

Digression: Android Permission System

◮ Central Part Of Android Architecture ◮ Open Source!

13/ 18

Digression: Android Permission System

◮ Central Part Of Android Architecture ◮ Open Source! ◮ Uses: Plain XML Files

13/ 18

Digression: Android Permission System

◮ Central Part Of Android Architecture ◮ Open Source! ◮ Uses: Plain XML Files ◮ Problem: Very Coarse Grained UI

13/ 18

Android Permission System: Current Research

14/ 18

Android Permission System: Current Research

◮ permissionBlocker.apk

14/ 18

Android Permission System: Current Research

◮ permissionBlocker.apk ◮ Apex

14/ 18

Proposal: Extension of Apex

15/ 18

Proposal: Extension of Apex

◮ Requires: Changes To Software Stack

15/ 18

Proposal: Extension of Apex

◮ Requires: Changes To Software Stack ◮ Hurdle: System App Permissions Handled Differently

15/ 18

Proposal: Extension of Apex

◮ Requires: Changes To Software Stack ◮ Hurdle: System App Permissions Handled Differently ◮ Red Tape: Nothing Has Been Released

15/ 18

Conclusion

16/ 18

Conclusion

◮ Current Market App Less Evil Than Expected

16/ 18

Conclusion

◮ Current Market App Less Evil Than Expected ◮ Binary/Assembly Patches Possible

16/ 18

Conclusion

◮ Current Market App Less Evil Than Expected ◮ Binary/Assembly Patches Possible ◮ Alternative Approach: Permission Management

16/ 18

Outlook

17/ 18

Outlook

◮ Reimplement Apex: NLnet funding?

17/ 18

Questions?

18/ 18