1. Dynamic Vetting Android Applications for Privilege-escalation Risks Jiaojiao Fu 1

2. Motivation Four components Activity Service Broadcast receiver Content provider Security mechanisms Sandbox Permission Zero-permission app could also be dangerous 2

3. Android specific security risks Privilege escalation Component hijacking, confused deputy, stealing private data, modify critical settings, perform privileged actions Sandbox App a Permissions: - Ca1Ca2 Sandbox App b permission:p1 Cb1Cb2 Sandbox App c Cc1Cc2 p1 p2 √ allowed × not allowed 3

4. Related work CHEX [CCS’12] Static analysis method, can’t determine if the permission is really used while running can’t involve apps written by jni Towards Taming Privilege-Escalation Attacks on Android[NDSS’12] Flexible and Fine-Grained Mandatory Access Control on Android for Diverse Security and Privacy policies[USENIX’13] Need to recompile android framework and linux kernel Complicated and self-defined policies 4

5. Our approach Design and implement a tool that can be used by google play and users. Dynamic analysis PC Android App crawler Manifest and smali Exposed components Invoke the components on hooked android OS Trace the permissions used while the app is running Log analysis Run the application 5

6. Current progress Decompile successfully Have a systematic method to find exposed components and invoke them, except content provider Hook android framework successfully and get the log. We are working on content provider now. 6