Applying Fuzz Driver Generation to Native C/C++ Libraries of OEM Android Framework: Obstacles and Solutions

The number of malicious Android applications has grown explosively, leaking massive privacy sensitive information. Nevertheless, the existing static code analysis tools relying on imprecise callbacks list will miss high numbers of leaks, which is demonstrated in the paper. This paper presents a machine learning approach to identifying callbacks automatically in Android framework. As long as it is given a training set of hand-annotated callbacks, the proposed approach can detect all of them in the entire framework. A series of experiments are conducted to identify 20,391 callbacks on Android 4.2. This proposed approach, verified by a ten-fold cross-validation, is effective and efficient in terms of precision and recall, with an average of more than 91%. The evaluation results shows that many of newly discovered callbacks are indeed used, which furthermore confirms that the approach is suitable for all Android framework versions.

SummaryAndroid smartphones are often reported to suffer from sluggish user interactions due to poor interactivity. This is partly because Android and its task scheduler, the completely fair scheduler (CFS), may incur perceptibly long response time to user‐interactive tasks. Particularly, the Android framework cannot systemically favor user‐interactive tasks over other background tasks since it does not distinguish between them. Furthermore, user‐interactive tasks can suffer from high dispatch latency due to the non‐preemptive nature of CFS. To address these problems, this paper presents framework‐assisted task characterization and virtual time‐based CFS. The former is a cross‐layer resource control mechanism between the Android framework and the underlying Linux kernel. It identifies user‐interactive tasks at the framework‐level, by using the notion of a user‐interactive task chain. It then enables the kernel scheduler to selectively promote the priorities of worker tasks appearing in the task chain to reduce the preemption latency. The latter is a cross‐layer refinement of CFS in terms of interactivity. It allows a task to be preempted at every predefined period. It also adjusts the virtual runtimes of the identified user‐interactive tasks to ensure that they are always scheduled prior to the other tasks in the run‐queue when they wake up. As a result, the dispatch latency of a user‐interactive task is reduced to a small value. We have implemented our approach into Android 4.1.2 running with Linux kernel 3.0.31. Experimental results show that the response time of a user interaction is reduced by up to 77.35% while incurring only negligible overhead. Copyright © 2014 John Wiley & Sons, Ltd.

Android Application Framework is an integral and foundational part of the Android system. Each of the two billion (as of 2017) Android devices relies on the system services of Android Framework to manage applications and system resources. Given its critical role, a vulnerability in the framework can be exploited to launch large-scale cyber attacks and cause severe harms to user security and privacy. Recently, many vulnerabilities in Android Framework were exposed, showing that it is indeed vulnerable and exploitable. While there is a large body of studies on Android application analysis, research on Android Framework analysis is very limited. In particular, to our knowledge, there is no prior work that investigates how to enable symbolic execution of the framework, an approach that has proven to be very powerful for vulnerability discovery and exploit generation. We design and build the first system, Centaur, that enables symbolic execution of Android Framework. Due to the middleware nature and technical peculiarities of the framework that impinge on the analysis, many unique challenges arise and are addressed in Centaur. The system has been applied to discovering new vulnerability instances, which can be exploited by recently uncovered attacks against the framework, and to generating PoC exploits.

This paper proposes a formal model of the Android permission scheme. We describe the scheme specifying entities and relationships, and provide a state-based model which includes the behavior specification of permission authorization and the interactions between application components. We also show how we can logically confirm the security of the specified system. Utilizing a theorem prover, we can verify security with given security requirements based on mechanically checked proofs. The proposed model can be used as a reference model when the scheme is implemented in a different embedded platform, or when we extend the current scheme with additional constraints or elements. We demonstrate the use of the verifiable specification through finding a security vulnerability in the Android system. To our knowledge, this is the first formalization of the permission scheme enforced by the Android framework.

Virtualization is used in various environments such as cloud and network, but it was difficult to utilize it in mobile devices due to computing resource problems. Technology such as containers that are faster and lighter than traditional hypervisor-based virtualization is being developed. In this paper, we implemented three virtualization technologies in the Android framework: hypervisor-based virtual machine, lightweight hypervisor-based virtual machine, and container. In the process of implementation, we created and applied the SEAndroid policy for each virtualization technology. In addition, we measured performance by considering the boot time for the implemented virtual instance. As a result of empirical experiments, the container showed the best performance, but it showed a problem with the compatibility of security function SEAndroid. The lightweight hypervisor technology shows faster performance than the legacy one and also provides safety by an additional kernel.

The Android framework provides several options to store application data. There is no single best storage option, as the options depend on the application and the use cases. This chapter briefly goes through each of the storage options offered by the Android framework, such as simple files, shared preferences, and the relational databases. Later in this chapter, we will explore Android Backup Services as a mechanism to back up and restore application data to the cloud in order make it persist between device upgrades and device resets.

With the popularity of the mobile terminal, there appears a new trend to release all kinds of campus information by intelligent mobile terminals. The efficient, intelligent and popular features of Android smart phone platform will be combined with the campus information system to achieve the synchronization and convenience of all types of campus information release and to strengthen the communication between the various campuses of the same university. In this paper, we design and realize a campus information release platform based on Android framework. This campus information release platform can effectively reduce the complexity of the information release system and strengthen the real-time performance of information, which thereby promote the information construction of the campus.

Among the most significant smartphone operating systems that have arisen recently is Google’s Android framework. Google’s Android is a software framework for mobile communication devices. The Android framework includes an operating system, middleware and a set of key applications. Designed as open, programmable, networked devices, Android is vulnerable to various types of threats. This paper provides a security assessment of the Android framework and the security mechanisms incorporated into it. In addition, a review of recent academic and commercial solutions in the area of smartphone security in general and Android in particular is presented.

The number of malicious Android applications has grown explosively, leaking massive privacy sensitive information. Nevertheless, the existing static code analysis tools relying on imprecise callbacks list will miss high numbers of leaks, which is demonstrated in the paper. This paper presents a machine learning approach to identifying callbacks automatically in Android framework. As long as it is given a training set of hand-annotated callbacks, the proposed approach can detect all of them in the entire framework. A series of experiments are conducted to identify 20,391 callbacks on Android 4.2. This proposed approach, verified by a ten-fold cross-validation, is effective and efficient in terms of precision and recall, with an average of more than 91%. The evaluation results shows that many of newly discovered callbacks are indeed used, which furthermore confirms that the approach is suitable for all Android framework versions.

The test suites of an Android app should take advantage of different types of tests including end-to-end tests, which validate user flows, and unit tests, which provide focused executions for debugging. App developers have two main options when creating unit tests: create unit tests that run on a device (either physical or emulated) or create unit tests that run on a development machine's Java Virtual Machine (JVM). Unit tests that run on a device are not really focused, as they use the full implementation of the Android framework. Moreover, they are fairly slow to execute, requiring the Android system as the runtime. Unit tests that run on the JVM, instead, are more focused and run more efficiently but require developers to suitably handle the coupling between the app under test and the Android framework. To help developers in creating focused unit tests that run on the JVM, we propose a novel technique called ARTISAN based on the idea of test carving. The technique (i) traces the app execution during end-to-end testing on Android devices, (ii) identifies focal methods to test, (iii) carves the necessary preconditions for testing those methods, (iv) creates suitable test doubles for the Android framework, and (v) synthesizes executable unit tests that can run on the JVM. We evaluated ARTISAN using 152 end-to-end tests from five apps and observed that ARTISAN can generate unit tests that cover a significant portion of the code exercised by the end-to-end tests (i.e., 45% of the starting statement coverage on average) and does so in a few minutes.

Android Application Framework is an integral and foundational part of the Android system. Each of the 1.4 billion Android devices relies on the system services of Android Framework to manage applications and system resources. Given its critical role, a vulnerability in the framework can be exploited to launch large-scale cyber attacks and cause severe harms to user security and privacy. Recently, many vulnerabilities in Android Framework were exposed, showing that it is vulnerable and exploitable. However, most of the existing research has been limited to analyzing Android applications, while there are very few techniques and tools developed for analyzing Android Framework. In particular, to our knowledge, there is no previous work that analyzes the framework through symbolic execution, an approach that has proven to be very powerful for vulnerability discovery and exploit generation. We design and build the first system, Centaur, that enables symbolic execution of Android Framework. Due to some unique characteristics of the framework, such as its middleware nature and extraordinary complexity, many new challenges arise and are tackled in Centaur. In addition, we demonstrate how the system can be applied to discovering new vulnerability instances, which can be exploited by several recently uncovered attacks against the framework, and to generating PoC exploits.

In software testing process, test data generation represents an important step for high quality software, even for mobile devices. As proposed in previous works, a potential source for random data generation is represented by the UI layout files that are used for almost all mobile platforms (Android, iOS, Windows Phone/Mobile). This paper continues the previous work and presents a test data generation system based on Android layout files. The test data generator uses DSL files as input and generates test data that conform to several testing principles. The generated test data could be stored in XML files or any format required by the testing frameworks.

Many applications for Android and iOS process sensitive data and, therefore, rely on cryptographic APIs natively provided by the operating system. For this to be effective, essential rules need to be obeyed, as otherwise the attainable level of security would be weakened or entirely defeated. In this paper, we inspect the differences between Android and iOS concerning the proper usage of platform-specific APIs for cryptography. For both platforms, we present concrete strategies to detect critical mistakes and introduce a new framework for Android that excels in pinpointing the origin of problematic security attributes. Applied on real-world apps with cryptography, we find that out of 775 investigated apps that vendors distribute for both Android and iOS, 604 apps for iOS (78%) and 538 apps for Android (69%) suffer from at least one security misconception.

SECUR-AMA: Active Malware Analysis Based on Monte Carlo Tree Search for Android Systems

The ability to repeat the execution of a program is a fundamental requirement in evaluating computer systems and apps. Reproducing executions of mobile apps has proven difficult under real-life scenarios due to different sources of external inputs and interactive nature of the apps. We present a new practical record/replay framework for Android, RandR, which handles multiple sources of input and provides cross-device replay capabilities through a dynamic instrumentation approach. We demonstrate the feasibility of RandR by recording and replaying a set of real-world apps.