Galois Tech Talk: Comprehensive Analysis of the Android Ecosystem
Presented by Iulian Neamtiu.
The relative novelty and rapid evolution pace of the Android ecosystem (platform, vendor-installed apps and third-party apps) means both the platform and apps receive little scrutiny. Hence there is a need for tools that assess, monitor and verify all components of the Android ecosystem. This lack of tools and scrutiny is particularly problematic when combined with the open nature of Google Play, the main app distribution channel.
In the first part of this talk we will focus on multi-layer profiling of Android apps using ProfileDroid, a tool and framework we developed at UC Riverside. ProfileDroid is useful for a variety of Android app analyses, from performance to usability to security. ProfileDroid monitors and correlates the behavior of an app at four layers: (a) static, or app specification (b) user interaction, (c) operating system, and (d) network layer. Using ProfileDroid on 27 free and paid Android apps, we have revealed: (a) discrepancies between the app specification and app execution, (b) free versions of apps could end up costing more than their paid counterparts, due to an order of magnitude increase in traffic, (c) most network traffic is not encrypted, (d) apps communicate with many more sources than users might expect.
In the second part of the talk we will present results from our long-term permission evolution study of the Android ecosystem---platform and 237 apps---over three years. We found that the platform has increased the number of dangerous permissions and does not move towards finer-grained permissions, and that app developers do not follow the principle of least privilege. We will also briefly discuss our efforts with static information flow tracking for Android apps, as well as building a log-and-replay system for Android.