Mobile Phone Security

Mobile phones capable of running downloaded third-party applications, also known as smartphones, are now pervasive. The popularity of individual smartphone operating systems, such as Android, BlackBerry OS, and iOS (formerly iPhone OS), is strongly influenced by the applications made available to users through on-phone "application stores." A cottage industry for smartphone applications has emerged, supplying tens of thousands of applications, seemingly overnight. However, the speed at which these applications have emerged leaves into question the diligence and efficacy of developers and the resulting application code. Great harm may result from malicious or faulty smartphone applications, not only to the device and end user, but also to the relatively fragile cellular networks to which smartphones are attached.

Our research focuses on the security of smartphone applications. We have studied smartphone application security from various perspectives, which has resulted in multiple projects. Our overall research goals focus on the design of new technologies to protect the end user, application providers, content providers, and cellular network providers.

TaintDroid

The smartphone marketplace has evolved significantly and swiftly during the last few years. In particular, the number and variety of third-party applications available to smartphone users has grown almost exponentially. These applications are frequently of negligible cost (often free) and undergo limited (if any) quality assurance or security verification. Unfortunately, security features in existing smartphone operating systems are insufficient to protect users against malicious or poorly designed applications.

The TaintDroid system is designed track and identify smartphone privacy risks created by downloaded applications. TaintDroid uses dynamic taint analysis to track privacy sensitive information from their sources (e.g., GPS hardware, microphone, phone identifier storage, etc) to the point at which it leaves the phone through a wireless network interface. To perform this analysis in real time on existing smartphone hardware, TaintDroid uses several careful optimizations, trading tracking granularity for performance.

TaintDroid Architectural Approach

In a study of 30 popular applications for the Android phone platform, TaintDroid identified that two-thirds of the studied applications transmitted privacy sensitive information beyond reasonable expectations of the user. Of the 30 applications, 15 shared the phone's geographic location to advertisement servers, and 7 applications transmitted sensitive phone identifiers (e.g., the phone number and the device's IMEI) without the user's knowledge. These results confirm potential privacy concerns with smartphone applications and indicate that smartphone users must take great care when downloading applications.

More information on TaintDroid, a demo, and the source code is available at appanalysis.org.

Related Publications

William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox , Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), October 2010. Vancouver, BC.
(acceptance rate=16.1%) [pdf]

Saint

Smartphone applications interact and share information to provide value-add to end users. For example, a shopping application might use a location-based search application to find a product, purchase product with the support of a payment application, and then record the transaction in a bank ledger application. Each point of interaction introduces the potential for misuse or abuse. Unfortunately, existing smartphone OS protection systems provide insufficient controls for application provider to ensure secure interaction.

The Saint framework for the Android phone platform provides enhanced flexibility for application-provider specified security policy. Saint's functionality includes additional restrictions for permission granting upon application installation, and enhanced runtime interaction constraints for both participating applications. To enforce these policies, Saint extends the Android platform with additional security mediation logic.

Saint Extensions to Android

Using Saint, providers of applications can specify policies that ensure runtime interactions occur under safe conditions. For example, the provider of a shopping application can maintain a white list of trusted payment applications, or possibly specify minimum version numbers to avoid using application versions with known vulnerabilities. In doing so, Saint provides valuable and needed utility for providers and developers of applications.

Related Publications

Machigar Ongtang, Stephen McLaughlin, William Enck, and Patrick McDaniel. Semantically Rich Application-Centric Security in Android. Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC), December 2009. Honolulu, HI. (best paper).
(acceptance rate=19.0%) [pdf]

Kirin

Smartphones are susceptible malware that may attack vulnerabilities in the phone operating system or trick the user into installing it with the privileges necessary to perform an attack. Kirin considers the latter problem by automatically evaluating the privileges requested by applications when they are installed. By doing so, dependence on the user for security is reduced, which also reduces the likelihood of malware tricking the user into installing it.

Kirin provides lightweight certification of applications at time of install by looking at configuration metadata such as requested permissions that accompanies Android applications. From the application's configuration, Kirin infers potential functionality and compares it against a ruleset of potentially dangerous properties.

Kirin-base Software Installer

We used a variation of existing security requirements engineering techniques to derive a set of Kirin security rules designed to mitigate malware. This certification policy was then evaluated against 311 popular Android applications. The experiment results indicate Kirin can provide a practical security enhancement to Android, with minimal cases where user override is necessary.

Related Publications

William Enck, Machigar Ongtang, and Patrick McDaniel. On Lightweight Mobile Phone Application Certification. Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), November 2009. Chicago, IL.
(acceptance rate=18.4%) [pdf]

William Enck, Machigar Ongtang, and Patrick McDaniel, Mitigating Android Software Misuse Before It Happens. Technical Report NAS-TR-0094-2008, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, September 2008. Updated November 2008. [pdf]

Teaching Smartphone Security

While most smartphone operating systems are based on UNIX, they provide custom APIs and security frameworks. Therefore, understanding and teaching these concepts provides valuable contribution to the community. During the spring 2009 semester, Professor Patrick McDaniel and SIIS student William Enck co-instructed a course on smartphone operating system security, studying all major system designs and their security frameworks. McDaniel and Enck also presented a tutorial entitled "Understanding Android's Security Framework" at the ACM Conference on Computer and Communications Security (CCS).

Related Publications

William Enck, Machigar Ongtang, and Patrick McDaniel, Understanding Android Security. IEEE Security & Privacy Magazine, 7(1):50--57, January/February, 2009.