![Page 1: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/1.jpg)
MobileDeviceandPlatformSecurity– PartII
JohnMitchell
CS155 Spring2017
![Page 2: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/2.jpg)
GuestLectureTuesdayJune6
• Diogo Mónica,DirectorofsecurityatDocker• Topicsincludecontainersecurityandwhatitislikeworkingasasecurityengineer
• Diogo averygoodspeaker.Pleaseshowyourappreciatingandcometoclass.
• Wewillincludetopicsonthefinalexam
![Page 3: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/3.jpg)
Twolecturesonmobilesecurity• Introduction:platformsandtrends• Threatcategories
– Physical,platformmalware,maliciousapps• Defenseagainstphysicaltheft• Malwarethreats• Systemarchitectureanddefenses
– AppleiOSsecurityfeaturesandappsecuritymodel– Androidsecurityfeaturesandappsecuritymodel
• Securityappdevelopment– WebView– secureappandwebinterfacedev– Devicefragmentation
Tues
Thurs
![Page 4: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/4.jpg)
ANDROID
Historyandearlydecisions
![Page 5: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/5.jpg)
Androidhistory
• Android,IncfoundedbyAndyRubinaround2005– WorkedwithHTC-builtdevicewithaphysicalkeyboard– ScrappedBlackberry-likephonewheniPhonecameout– FirstAndroidphoneHTCDream,Oct2008(T-MobileG1):touchscreenandkeyboard
• Open-sourcesoftwareproject• BackedandacquiredbyGoogle
![Page 6: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/6.jpg)
HTCDream• Firstphonehad
– Android1.6(Donut)– 3.15megapixelrear
camerawithauto-focus– 3.2inchtouchscreen– Gmail, GoogleMaps,
Search,GoogleTalk, YouTube,calendar,contacts,alarm
![Page 7: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/7.jpg)
Androidecosystem
• Open-sourcesoftwaredistributedbyGoogle– IncreasenumberofusersanddeviceslinkedtocoreGoogleproducts
• Multiplehardwarevendors– Cancustomizesoftwarefortheirproducts
• Openmarketplaceforapps
![Page 8: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/8.jpg)
Appmarket
• Self-signedapps• Apppermissions
– grantedonuserinstallation
• Openmarket– Badappsmayshowuponmarket– Shiftsfocusfromremoteexploittoprivilegeescalation
![Page 9: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/9.jpg)
ANDROIDPLATFORM
Devicelockingandpermissions
![Page 10: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/10.jpg)
Devicelockandunlock
• SimilarPINandfingerprint• FingerprintAPIletsusers
– Unlockdevice– Securelysignintoapps– UseAndroidPay– PurchaseonPlayStore
![Page 11: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/11.jpg)
Androidpermissions
• ExampleofpermissionsprovidedbyAndroid
– “android.permission.INTERNET”– “android.permission.READ_EXTERNAL_STORAGE– “android.permission.SEND_SMS”– “android.permission.BLUETOOTH”
• Alsopossibletodefinecustompermissions
![Page 12: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/12.jpg)
Androidpermissionmodel
https://www.owasp.org/images/3/3e/Danelon_OWASP_EU_Tour_2013.pdf
![Page 13: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/13.jpg)
ANDROIDPLATFORM
Platformsecurityfeatures
![Page 14: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/14.jpg)
Android
• Platformoutline:– Linuxkernel,browser,SQL-litedatabase– Softwareforsecurenetworkcommunication
• OpenSSL,BouncyCastlecryptoAPIandJavalibrary
– Clanguageinfrastructure– Javaplatformforrunningapplications
• Dalvik bytecode,virtualmachine
![Page 15: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/15.jpg)
![Page 16: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/16.jpg)
Exploitprevention• Opensource:publicreview,noobscurity• Goals
– Preventremoteattacks,privilegeescalation– Securedrivers,mediacodecs,newandcustomfeatures
• Overflowprevention– ProPolice stackprotection
• FirstontheARMarchitecture– Someheapoverflowprotections
• ChunkconsolidationinDLmalloc (fromOpenBSD)
• ASLR– Avoidedininitialrelease
• Manypre-linkedimagesforperformance– LaterdevelopedandcontributedbyBojinov,Boneh
![Page 17: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/17.jpg)
dlmalloc (DougLea)
• Storesmetadatainband• Heapconsolidationattack
– Heapoverflowcanoverwritepointerstopreviousandnextunconsolidatedchunks
– Overwritingthesepointersallowsremotecodeexecution
• Changetoimprovesecurity– Checkintegrityofforwardandbackwardpointers
• Simplycheckthatback-forward-back=back,f-b-f=f– Increasesthedifficultyofheapoverflow
![Page 18: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/18.jpg)
ANDROIDPLATFORM
Appexecutionenvironment
![Page 19: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/19.jpg)
Applicationdevelopmentconcepts• Activity– one-usertask
– Example:scrollthroughyourinbox– Emailclientcomprisesmanyactivities
• Service– Javadaemonthatrunsinbackground– Example:applicationthatstreamsanmp3inbackground
• Intents– asynchronousmessagingsystem– Fireanintenttoswitchfromoneactivitytoanother– Example:emailapphasinbox,composeactivity,vieweractivity
• Userclickoninboxentryfiresanintenttothevieweractivity,whichthenallowsusertoviewthatemail
• Contentprovider– Storeandsharedatausingarelationaldatabaseinterface
• Broadcastreceiver– “mailboxes”formessagesfromotherapplications
![Page 20: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/20.jpg)
SecurityFeatures• Isolation
– Multi-userLinuxoperatingsystem– Eachapplicationnormallyrunsasadifferentuser
• Communicationbetweenapplications– MaysharesameLinuxuserID
• Accessfilesfromeachother• MaysharesameLinuxprocessandDalvik VM
– Communicatethroughapplicationframework• “Intents,”basedonBinder,discussedinafewslides
• Batterylife– Developersmustconservepower– Applicationsstorestatesotheycanbestopped(tosavepower)andrestarted– helpswithDoS
![Page 21: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/21.jpg)
Applicationdevelopmentprocess
![Page 22: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/22.jpg)
Applicationsandbox
• Applicationsandbox– EachapplicationrunswithitsUIDinitsownDalvikvirtualmachine
• ProvidesCPUprotection,memoryprotection• AuthenticatedcommunicationprotectionusingUnixdomainsockets
• Onlyping,zygote(spawnanotherprocess)runasroot
– Applicationsannouncepermissionrequirement• Createawhitelist model– usergrantsaccess
– Don’tinterruptuser– allquestionsaskedasinstalltime
• Inter-componentcommunicationreferencemonitorcheckspermissions
![Page 23: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/23.jpg)
Androidpermissionmodel
https://www.owasp.org/images/3/3e/Danelon_OWASP_EU_Tour_2013.pdf
![Page 24: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/24.jpg)
AndroidIntents
• Msg betweencomponentsinsameordifferentapp• Intentisabundleofinformation,e.g.,
– actiontobetaken– datatoacton– categoryofcomponenttohandletheintent– instructionsonhowtolaunchatargetactivity
• Routingcanbe– Explicit:deliveredonlytoaspecificreceiver– Implicit:allcomponentsthathaveregisteredtoreceivethatactionwillgetthemessage
![Page 25: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/25.jpg)
• Layersofsecurity– Eachapplicationexecutesasitsownuseridentity– Androidmiddlewarehasreferencemonitorthatmediatestheestablishmentofinter-componentcommunication(ICC)
Source: Penn State group Android security paper
![Page 26: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/26.jpg)
Source: Penn State group, Android security tutorial
![Page 27: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/27.jpg)
Securityissueswithintents
• Senderofanintentcanverifythattherecipienthasapermissionbyspecifyingapermissionwiththemethodcall
• Senderscanuseexplicitintentstosendthemessagetoasinglecomponent(avoidingbroadcasting)
• Receivershavetohandlemaliciousintents
![Page 28: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/28.jpg)
Attack:Permissionredelegation
• Definition:anapplicationwithoutapermissiongainsadditionalprivilegesthroughanotherapplication
• Exampleofthe“confuseddeputy”problem
![Page 29: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/29.jpg)
Permissionredelegation
https://www.owasp.org/images/3/3e/Danelon_OWASP_EU_Tour_2013.pdf
![Page 30: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/30.jpg)
Permissionredelegation
https://www.owasp.org/images/3/3e/Danelon_OWASP_EU_Tour_2013.pdf
![Page 31: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/31.jpg)
Howcouldthishappen?
• Appw/permissionsexposesapublicinterface• Studyin2011
– Examine872apps– 320ofthese(37%)havepermissionsandatleastonetypeofpubliccomponent
– Constructattacksusing15vulnerabilitiesin5apps• Reference
– PermissionRe-Delegation:AttacksandDefenses,AdrienneFelt,HelenWang,AlexanderMoshchuk,StevenHanna,ErikaChin,Usenix 2011
![Page 32: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/32.jpg)
Example:powercontrolwidget• DefaultwidgetsprovidedbyAndroid,presentonalldevices
• CanchangeWi-fi,BT,GPS,DataSync,ScreenBrightnesswithonlyoneclick
• UsesIntenttocommunicatetheeventofswitchingsettings• AmaliciousappwithoutpermissionscansendafakeIntentto
thePowerControlWidget,simulatingclicktoswitchsettings
https://www.owasp.org/images/3/3e/Danelon_OWASP_EU_Tour_2013.pdf
![Page 33: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/33.jpg)
Vulnerableversions(inred)
• Principleofleastprivilegehelpsbutisnotasolution• Appswithpermissionsneedtomanagesecurity
https://www.owasp.org/images/3/3e/Danelon_OWASP_EU_Tour_2013.pdf
![Page 34: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/34.jpg)
JavaSandbox
• Fourcomplementarymechanisms– Classloader
• Separatenamespacesforseparateclassloaders• Associatesprotectiondomainwitheachclass
– VerifierandJVMrun-timetests• NOuncheckedcastsorothertypeerrors,NOarrayoverflow• Preservesprivate,protectedvisibilitylevels
– SecurityManager• Calledbylibraryfunctionstodecideifrequestisallowed• Usesprotectiondomainassociatedwithcode,userpolicy
![Page 35: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/35.jpg)
StackInspection
• Permissiondependson– Permissionofcallingmethod
– Permissionofallmethodsaboveitonstack
• Uptomethodthatistrustedandassertsthistrust
Manydetailsomittedhere
java.io.FileInputStream
method f
method g
method h
Stories:Netscapefont/passwd bug;Shockwaveplug-in
![Page 36: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/36.jpg)
ANDROIDMALWARE
.
![Page 37: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/37.jpg)
Androidmalwareexample
![Page 38: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/38.jpg)
Installmalicious“conferenceapp”
![Page 39: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/39.jpg)
MalwarebehaviortriggeredbyC&Cserver(Chuli)
![Page 40: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/40.jpg)
Chuli source-to-sink flows
![Page 41: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/41.jpg)
ANDROIDWEBAPPS
.
![Page 42: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/42.jpg)
A Large-Scale Study of Mobile Web App Security
Patrick Mutchler, Adam Doupe, John Mitchell, Chris Kruegel, Giovanni Vigna
![Page 43: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/43.jpg)
MobileApps
![Page 44: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/44.jpg)
MobileApps
![Page 45: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/45.jpg)
MobileApps
![Page 46: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/46.jpg)
• Mobile web app: embeds a fully functional web browser as a UI element
MobileWebApps
![Page 47: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/47.jpg)
Obj foo = new Object();addJavascriptInterface(foo, ‘f’);
JavaScriptBridge
JavaJavaScript
![Page 48: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/48.jpg)
JavaScriptBridge
JavaJavaScript
f.bar();
![Page 49: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/49.jpg)
Why?
• Full-featuredmobilewebapps
• ExposephonefunctionalitytoJavaScript
![Page 50: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/50.jpg)
SecurityConcerns
• Whocanaccessthebridge?
– Everyone
![Page 51: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/51.jpg)
Isolated in Browser
![Page 52: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/52.jpg)
NoorigindistinctioninWebView
Java
JavaScript
f.bar();
![Page 53: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/53.jpg)
StaticAnalysis
• Howmanymobilewebapps?
• HowmanyuseJavaScriptBridge?
• Howmanyvulnerable?
![Page 54: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/54.jpg)
ExperimentalResults
• 737,828freeappsfromGooglePlay(Oct’13)
• 563,109appsembedabrowser
• 219,404usetheJavaScriptBridge
• 107,974haveatleastonesecurityviolation
![Page 55: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/55.jpg)
Mostsignificantvulnerabilities
1. Loading untrusted web content
2. Leaking URLs to foreign apps
3. Exposing state changing navigation to foreign apps
![Page 56: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/56.jpg)
1. Loading untrusted web content
2. Leaking URLs to foreign apps
3. Exposing state changing navigation to foreign apps
![Page 57: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/57.jpg)
“You should restrict the web-pages that can load inside your WebView with a whitelist.”
![Page 58: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/58.jpg)
“…only loading content from trusted sources into WebView will help protect users.”
- Adrian Ludwig, Google
![Page 59: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/59.jpg)
1. Navigate to untrusted content
![Page 60: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/60.jpg)
// In app codemyWebView.loadUrl(“foo.com”);
![Page 61: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/61.jpg)
<!-- In HTML --><a href=“foo.com”>click!</a>
![Page 62: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/62.jpg)
<!-- More HTML --><iframe src=“foo.com”/>
![Page 63: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/63.jpg)
// In JavaScriptwindow.location = “foo.com”;
![Page 64: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/64.jpg)
public boolean shouldOverrideUrlLoading(WebView view, String url){
// False -> Load URL in WebView// True -> Prevent the URL load
}
![Page 65: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/65.jpg)
public boolean shouldOverrideUrlLoading(WebView view, String url){
String host = new URL(url).getHost();if(host.equals(“stanford.edu”))
return false;log(“Overrode URL: ” + url); return true;
}
![Page 66: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/66.jpg)
ReachUntrustedContent?
• 40,084appswithfullURLsanduseJavaScript
Bridge
• 13,683apps(34%)canreachuntrusted
content
![Page 67: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/67.jpg)
UseHTTPS?
• 152,706appswithpartiallycomputedURLs• 87,968apps(57%)withHTTPURLs
![Page 68: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/68.jpg)
HandlingSSLErrors
onReceivedSslError
1. handler.proceed()2. handler.cancel()3. view.loadUrl(...)
![Page 69: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/69.jpg)
MishandlingSSLErrors
• 117,974appsimplementonReceivedSslError
• 29,652apps(25%)must ignoreerrors
![Page 70: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/70.jpg)
Vulnerability % Relevant % Vulnerable
Unsafe Nav 15 34
HTTP 40 56
Unsafe HTTPS 27 29
Primaryresults
![Page 71: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/71.jpg)
Popularity
![Page 72: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/72.jpg)
Outdated Apps
![Page 73: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/73.jpg)
29% unsafe nav
Libraries
51% HTTP
53% unsafe HTTPS
![Page 74: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/74.jpg)
AdditionalsecurityissuesBasedon998,286freewebappsfromJune2014
![Page 75: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/75.jpg)
Takeaways
• Apps must not load untrusted content into WebViews
• Able to identify violating apps using static analysis
• Vulnerabilities are present in the entire app ecosystem
![Page 76: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/76.jpg)
ANDROIDVERSIONING
.
![Page 77: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/77.jpg)
Target Fragmentation in Android Apps
Patrick MutchlerJohn Mitchell
Yeganeh SafaeiAdam Doupe
![Page 78: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/78.jpg)
Android apps can run using outdated OS behavior- The large majority of Android apps do this- Including popular and well maintained apps
Takeaways
Outdated security code invisibly permeates the app ecosystem- “Patched” security vulnerabilities still exist in the wild- “Risky by default” behavior is widespread
![Page 79: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/79.jpg)
What is target fragmentation?
Target fragmentation statistics
Security consequences
Roadmap
![Page 80: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/80.jpg)
What is target fragmentation?
Target fragmentation statistics
Security consequences
Roadmap
![Page 81: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/81.jpg)
“If the device is running Android 6.0 or higher… [the app] must request each dangerous permission that it needs while the app is running.
- Android Developer Reference
![Page 82: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/82.jpg)
“If the device is running Android 6.0 or higher and your app's target SDK is 6.0 or higher [the app] must request each dangerous permission that it needs while the app is running.
- Android Developer Reference
![Page 83: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/83.jpg)
“If the [operating system version of the device] is higher than the version declared by your app’s targetSdkVersion, the system may enable compatibility behaviors to ensure that your app continues to work the way you expect.”
- Android Developer Reference
![Page 84: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/84.jpg)
What is target fragmentation?
Target fragmentation statistics
Security consequences
Roadmap
![Page 85: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/85.jpg)
1,232,696 Android Apps
Popularity, Category, Update, and Developer metadata
Collected between May 2012 and Dec 2015
Broken into five datasets by collection date
Dataset
![Page 86: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/86.jpg)
Android 5.0
Released
Android 5.1
Released
Android 6.0
Released
App Collected
Outdatedness
![Page 87: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/87.jpg)
![Page 88: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/88.jpg)
![Page 89: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/89.jpg)
App Collected
Outdatedness
App Updated
Negligent Outdatedness
Android 5.0
Released
Android 5.1
Released
Android 6.0
Released
![Page 90: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/90.jpg)
![Page 91: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/91.jpg)
What is target fragmentation?
Target fragmentation statistics
Security consequences
Roadmap
![Page 92: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/92.jpg)
Fragment InjectionVulnerable App
PreferenceActivity
AttackedFragment
Malicious Intent
Extra.SHOW_FRAGMENT “Attacked Fragment”
Extra.SHOW_FRAG_ARG
Data OtherExtras
A malicious application can invoke any exported PreferenceActivity class and supply it with
an :android:show_fragment Intent extra in order to make it load an arbitrary class.
securityintelligence.com/new-vulnerability-android-framework-fragment-injection/
![Page 93: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/93.jpg)
Fragment Injection
Fixed in Android 4.4
Developers implement isValidFragment to authorize fragments
// Put this in your appprotected boolean isValidFragment(String fName){
return MyFrag.class.getName().equals(fName);}
![Page 94: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/94.jpg)
Fragment Injection
Vulnerable if:- Targets 4.3 or lower (31%)- Some class inherits from PreferenceActivity (4.8%)- That class is exported (1.1%)- That class does not override isValidFragment (0.55%)
4.2% of apps vulnerable if no fix was ever implemented
![Page 95: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/95.jpg)
Mixed Content in WebView
![Page 96: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/96.jpg)
Mixed Content in WebView
Major web browsers block Mixed Content
In Android 5.0, WebViews block Mixed Content by default
Can override default with setMixedContentMode()
![Page 97: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/97.jpg)
![Page 98: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/98.jpg)
![Page 99: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/99.jpg)
SOP for file:// URLs in WebView
Android 4.1 separate file:// URLs are treated as unique origins
Can override with setAllowFileAccessFromFileURLs()
![Page 100: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/100.jpg)
![Page 101: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/101.jpg)
![Page 102: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/102.jpg)
Android apps can run using outdated OS behavior- The large majority of Android apps do this- Including popular and well maintained apps
Outdated security code invisibly permeates the app ecosystem- “Patched” security vulnerabilities still exist in the wild- “Risky by default” behavior is widespread
Summary of Target Fragmentation
![Page 103: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/103.jpg)
Twolecturesonmobilesecurity• Introduction:platformsandtrends• Threatcategories
– Physical,platformmalware,maliciousapps• Defenseagainstphysicaltheft• Malwarethreats• Systemarchitectureanddefenses
– AppleiOSsecurityfeaturesandappsecuritymodel– Androidsecurityfeaturesandappsecuritymodel
• Securityappdevelopment– WebView– secureappandwebinterfacedev– Devicefragmentation
Tues
Thurs
![Page 104: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/104.jpg)
Comparison:iOS vs Android
• Appapprovalprocess– Androidappsfromopenappstore– iOS vendor-controlledstoreofvettedapps
• Applicationpermissions– Androidpermissionbasedoninstall-timemanifest– AlliOS appshavesamesetof“sandbox”privileges
• Appprogramminglanguage– AndroidappswritteninJava;nobufferoverflow…– iOSappswritteninObjective-C
![Page 105: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/105.jpg)
ComparisoniOS Android Windows
Unix x x
Windows
Open market x
Closedmarket x
Vendorsigned x
Self-signed x
Userapprovalofpermissions x
Managedcode x
Nativecode x
![Page 106: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/106.jpg)
ComparisoniOS Android Windows
Unix x x
Windows x
Open market x
Closedmarket x x
Vendorsigned x
Self-signed x x
Userapprovalofpermissions x 7-> 8
Managedcode x x
Nativecode x
![Page 107: Mobile Device and Platform Security –Part II · PDF fileMobile Device and Platform Security –Part II ... –Apple iOS security features and app security model –Android security](https://reader031.vdocuments.us/reader031/viewer/2022020214/5a9df6067f8b9ada718bc8c8/html5/thumbnails/107.jpg)
Twolecturesonmobilesecurity• Introduction:platformsandtrends• Threatcategories
– Physical,platformmalware,maliciousapps• Defenseagainstphysicaltheft• Malwarethreats• Systemarchitectureanddefenses
– AppleiOSsecurityfeaturesandappsecuritymodel– Androidsecurityfeaturesandappsecuritymodel
• Securityappdevelopment– WebView– secureappandwebinterfacedev– Devicefragmentation
Tues
Thurs