Sciweavers

CCS
2015
ACM

Hybrid User-level Sandboxing of Third-party Android Apps

8 years 8 months ago
Hybrid User-level Sandboxing of Third-party Android Apps
Users of Android phones increasingly entrust personal information to third-party apps. However, recent studies reveal that many apps, even benign ones, could leak sensitive information without user awareness or consent. Previous solutions either require to modify the Android framework thus significantly impairing their practical deployment, or could be easily defeated by malicious apps using a native library. In this paper, we propose AppCage, a system that thoroughly confines the run-time behavior of third-party Android apps without requiring framework modifications or root privilege. AppCage leverages two complimentary user-level sandboxes to interpose and regulate an app’s access to sensitive APIs. Specifically, dex sandbox hooks into the app’s Dalvik virtual machine instance and redirects each sensitive framework API to a proxy which strictly enforces the user-defined policies, and native sandbox leverages software fault isolation to prevent the app’s native libraries f...
Yajin Zhou, Kunal Patel, Lei Wu, Zhi Wang, Xuxian
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where CCS
Authors Yajin Zhou, Kunal Patel, Lei Wu, Zhi Wang, Xuxian Jiang
Comments (0)