The objective is to preserve the privacy of a user. Information is the most important asset.

Ways to steal info

• Malware.
• Colluding applications.
• User misuse.
• Exploits.

Malware

• App that misleads the user.
• The real objective of the app is to steal some information.
• Every bit in the mobile device is information.

Malware

• App that simulates to be a well-known application but steals information.
• App that simulates to be a well-known app but installs a piece of code that steals info
• The same but independient app.

Colluding Applications

• Two or more apps that together steal some information from the user.
• A mix of malware and colluding applications can be easily achieved.

User misuse

• An evil app can explicitly ask for permissions to obtain private info.
• These apps take advantage of the lack of security knowledge.
• These methodology is usually combined with one or more of the others.

Exploits

• Piece of code that steals information from the user
• Downloaded by web page, sms, email, etc.
• Auto download.*

Research Community

• Policies.
• Profiles.
• Taints.
• System calls.
• SEAndroid.

Achievements

• Good performance.
• Profile isolation.
• Tainting for human analysis.
• Policies.
• Secure Linux Core.

Failures

• Automated privacy assurance system.
• System easy to install and understand by any user.
• Information classification to create privacy levels.

What will I try to do?

• Automated privacy assurance system.
• Easy to install and understand.
• Information classification.
• Good performance.
• Secure Linux Core.

Questions?

Privacy

Android fundamental blocks

• Device hardware.
• Android OS.
• Android application runtime.

Sources for applications

• Pre-installed applications.
• User-installed applications.

Google secures Android

• Protecting user data.
• Protecting system resources.
• Application isolation.

Key security features

• Linux kernel.
• Application sandbox.
• Secure inter-process communication.
• Application signing.
• Per application user-granted permissions.

IPC

• Binder. Remote procedure cal.
• Services. 
• Intents.
• Content providers.

MOSES

• Policy based framework.
• Security profiles.
• Uses contexts to change the actual profile.

moses

• Battery and processing time almost intact.
• Protects privacy between contexts.
• What about information leak in the same context?
• Depends on policy definition.
• Solves accidental leaks but not intentional ones.

taintdroid

• Taints the data dinamically.
• Taints sensors, db, device ids, network.
• Three levels: variable, message, method, file.

taintdroid

• Small overhead.
• Only taints explicit data flows.
• How to analize the taint?

tissa

• TAMING INFORMATION-STEALING SMARTPHONE APPLICATIONS.
• Small footprint.
• Trust in pre-installation applications.
• Extra permission especification.
• User clasiffies the data.

tissa

• Data can be Empty, anonymized, or bogus
• App can be fully or partially trusted.
• It does not affect performance.
• Depends on the user.

Xmandroid

• eXtended Monitoring on Android.
• Security framework.
• Extends the android monitoring system
• Detects and prevents privilege escalation attacks at runtime.
• Based on a system-centric system policy.

xmandroid

• Establishes an state with the instaled apps & communication links.
• Called after ICC.
• Affects performance.
• A lot of false positives.
• Use policies.

SEAndroid

• MAC to Linux core.
• First approach.
• Used by Google.
• MAC on Android middleware not fully implemented.

Questions?

Paranoid android

• Dynamic analysis, AV, memory scanners.
• system call anomaly detection.
• A way to notify a user is not defined.
• Old stuff, they use a G1!!!!

Paranoid Android

• Remote replica of smartphone in servers.
• Detection techniques simultaneously applied.
• Don't replay kernel executions.
• Tamper - evidence secure storage.