Project Overview

The ever increasing expansion of mobile applications into
nearly every aspect of modern life, from banking to healthcare systems,
is making their security more important than ever. Modern smartphone
operating systems (OS) rely substantially on the permission-based security model to enforce restrictions on the operations that each application
can perform. In this paper, we perform an analysis of the permission
protocol implemented in Android, a popular OS for smartphones. We
propose a formal model of the Android permission protocol in Alloy, and
describe a fully automatic analysis that identifies potential flaws in the
protocol. A study of real-world Android applications corroborates our
finding that the flaws in the Android permission protocol can have severe security implications, in some cases allowing the attacker to bypass
the permission checks entirely.

Contributors

Hamid Bagheri, Eunsuk Kang, Sam Malek, and Daniel Jackson

Relevant Links

Analysis of the Android permission system Paper