ANDROID APP INSTALLATION AND SCANNING Lecture 11a

Transcription

1 ANDROID APP INSTALLATION AND SCANNING Lecture 11a COMPSCI 702 Security for Smart-Devices Muhammad Rizwan Asghar March 24, 2016

2 APP REPACKAGING A major attack vector Attackers cannot forge signatures However, they can remove the original signature and sign the repackaged app using a new certificate Repackaged app encloses a malicious payload Android prevents malicious updates but breaks trust on the first time install Attracts users to download popular apps that are repackaged 2

3 WAYS TO INSTALL APPS Google Play Store A common way for most of users Sideloading Installing apps from other sources 3

4 SIDELOADING Sideloading refers to the process of downloading apps that are downloaded from sources other than Google Play Store Sideloading of apps is only possible if the user has enabled installation from "Unknown Sources" in Security Settings 4

5 ENABLING SIDELOADING 5

6 SIDELOADING METHODS USB adb install MyApp.apk This method is used mostly by app developers Bluetooth/Wi-Fi Memory card SD card Third-party app stores Website Amazon store and Chinese stores 6

7 ABOUT DOWNLOADING APPS Are you safe as long as you download apps from Google Play Store? Will you get hacked when you download apps from other sources? 7

8 SECURITY SERVICES BY GOOGLE PLAY There are currently two types of security services provided by Google Play for all Android users Protection within Google Play Store Verify Apps protection with Safety Net outside of Google Play Store There are over 1 billion devices protected by Google Play 8

9 PROTECTION WITHIN GOOGLE PLAY STORE Google Play Store is Android's app distribution platform that protects users from potentially harmful apps It has policies in place to protect users from attackers trying to distribute potentially harmful apps Within Google Play, developers are validated in two stages: Developers are first reviewed when they create their Google Play developer account based on their profile and credit cards Developers are then reviewed further with additional signals upon app submission Google Play regularly scans apps for malware and other vulnerabilities Google also suspends developer accounts that violate developer program policies 9

10 GOOGLE PLAY APP REVIEW Google Play also has rating and reviews that provide information about an app before installing it If an app tries to mislead users, it is likely to have a low star rating and poor comments 10

11 REMOTE APP REMOVAL BY GOOGLE Google removes malicious apps from Android Market In cases where users may have installed a malicious app that poses a threat, Google remotely removes that If an app is removed in this way, users will receive a notification on their phone 11

12 VERIFY APPS Since 2012, Google Play has also offered a service called Verify Apps that provides protection from apps outside of Google Play This includes a technology code-named Safety Net that detects and protects against non app-based security threats such as network attacks Verify Apps scans apps when you install them and periodically scans for potentially harmful apps Users who use Verify Apps may also upload apps to Google to improve detection of Potentially Harmful Applications (PHA) from sources outside of Google Play 12

13 VERIFY APPS By default, app verification is turned on No data is sent to Google, unless the user agrees to allow this, prior to installing the first app from a source other than Google Play Verify Apps is available on Android 2.3+ On devices running Android 4.2 or higher, users can enable or disable Verify Apps Google Settings > Security > Verify Apps 13

14 VERIFY APPS In the first 12 months of availability, the service grew rapidly to checking for PHAs for millions of install attempts per day In the next 12 months, installs checked by Verify Apps have grown by nearly 300% 14

15 VERIFY APPS: GROWTH Source: Google Report, Android Security 2014 Year in Review 15

16 VERIFY APPS: SCANS Source: Google Report, Android Security 2014 Year in Review 16

17 VERIFY APPS: LOCALE The Verify Apps user base is generally reflective of the worldwide mobile user population Source: Google Report, Android Security 2014 Year in Review 17

18 RESOURCES Chapter 3 of Android Security Internals: An In-Depth Guide to Android's Security Architecture Elenkov, Nikolay First Edition No Starch Press 2014 ISBN: Alternative Distribution Options Exercising Our Remote Application Removal Feature Google Report, Android Security 2014 Year in Review /Google_Android_Security_2014_Report_Final.pdf 18

19 Questions? Thanks for your attention! 19