skip to main content
research-article
Open Access

App in the Middle: Demystify Application Virtualization in Android and its Security Threats

Published:26 March 2019Publication History
Skip Abstract Section

Abstract

Customizability is a key feature of the Android operating system that differentiates it from Apple's iOS. One concrete feature that gaining popularity is called "app virtualization''. This feature allows multiple copies of the same app to be installed and opened simultaneously (e.g., with multiple accounts logged in). Virtualization frameworks are used by more than 100 million users worldwide. As with any new system features, we are interested in two aspects: (1) whether the feature itself introduces security risks and (2) whether the feature is abused for unintended purposes. This paper conducts a systematic study on the two aspects of the app virtualization techniques.

With a thorough study of 32 popular virtualization frameworks from Google Play, we identify seven areas of potential attack vectors and find that most of the frameworks are susceptible to them. By deeply investigating their ecosystem, we show, with demonstrations, that attackers can easily distribute malware that takes advantage of these attack vectors. In addition, we show that the same virtualization techniques are also abused by malware as an alternative and easy-to-use repackaging mechanism. To this end, we design and implement a new app repackage detector. After scanning 250,145 apps from app markets, it finds 164 repackaged apps that attempt to steal user credentials and private data.

References

  1. Yousra Aafer, Nan Zhang, Zhongwen Zhang, Xiao Zhang, Kai Chen, XiaoFeng Wang, Xiaoyong Zhou, Wenliang Du, and Michael Grace. 2015. Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References. In CCS . Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Yousra Aafer, Xiao Zhang, and Wenliang Du. 2016. Harvesting inconsistent security configurations in custom android Roms via differential analysis. In USENIX SECURITY . Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Android. 2017. Android: 2 billion monthly active devices. https://www.youtube.com/watch?v=S_M4B-pl05M.Google ScholarGoogle Scholar
  4. Android. 2019. Android Open Source Project. https://source.android.com/.Google ScholarGoogle Scholar
  5. AppInChina. 2018. TOP 20 CHINESE ANDROID APP STORES. https://www.appinchina.co/market/.Google ScholarGoogle Scholar
  6. asLody. 2018. VirtualApp. https://github.com/asLody/VirtualApp/tree/master.Google ScholarGoogle Scholar
  7. Bromium. 2019. Browser Isolation with Microsoft Windows Defender Application Guard (WDAG): What It Does, How It Works and What It Means. https://www.bromium.com/browser-isolation-with-microsoft-windows-defender-application-guard/.Google ScholarGoogle Scholar
  8. Chin Erika and Wagner David. 2013. Bifocals: Analyzing WebView Vulnerabilities in Android Applications. In WISA . Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Sascha Fahl, Marian Harbach, and Perl Henning. 2013. Rethinking ssl development in an appified world. In CCS. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Sascha Fahl, Marian Harbach, and Thomas Muders. 2012. Why eve and mallory love android: an analysis of android ssl (in)security. In CCS. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Adrienne-Porter Felt, Erika Chin, Steve Hanna, Dawn Song, and David Wagner. 2011a. Android permissions demystified. In CCS . Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Adrienne-Porter Felt, Helen J. Wang, and Alexander Moshchuk. 2011b. Permission Re-Delegation: Attacks and Defenses. In USENIX SECURITY . Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Roberto Gallo, Patricia Hongo, and Ricardo Dahab. 2015. Security and system architecture: Comparison of android customizations.. In WISEC . Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. GameGuardian. 2018. No root via Parallel Space Lite on x86 - GameGuardian. https://gameguardian.net/forum/gallery/image/447-no-root-via-parallel-space-lite-on-x86-gameguardian/.Google ScholarGoogle Scholar
  15. Martin Georgiev, Subodh Iyengar, and Suman Jana. 2012. The most dangerous code in the world: validating ssl certificates in non-browser software. In CCS. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Michael Grace, Yajin Zhou, Zhi Wang, and Xuxian Jiang. 2012. Systematic detection of capability leaks in stock Android smartphones.. In NDSS .Google ScholarGoogle Scholar
  17. Heqing Huang, Sencun Zhu, Kai Chen, and Peng Liu. 2015. From system services freezing to system server shutdown in android: All you need is a loop in an app. In CCS . Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Programming in LUA. 2018. An Overview of the C API. https://www.lua.org/pil/24.html.Google ScholarGoogle Scholar
  19. Infosec institute. 2018. Exploiting Unintended Data Leakage (Side Channel Data Leakage). http://resources.infosecinstitute.com/android-hacking-security-part-4-exploiting-unintended-data-leakage-side-channel-data-leakage/#gref.Google ScholarGoogle Scholar
  20. Jeon Jinseong, Micinski Kristopher K., and Vaughan Jeffrey A. 2012. Dr. Android and Mr. Hide: Fine-grained Permissions in Android Applications. In SPSM . Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Crussell Jonathan, Gibler Clint, and Chen Hao. 2012. Attack of the Clones: Detecting Cloned Applications on Android Markets. In ESORICS .Google ScholarGoogle Scholar
  22. Crussell Jonathan, Gibler Clint, and Chen Hao. 2013. AnDarwin: Scalable Detection of Semantically Similar Android Applications. In ESORICS .Google ScholarGoogle Scholar
  23. Tongbo Luo, Hao Hao, and Wenliang Du. 2011. Attacks on WebView in the Android system. In ACSAC. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Egele Manuel, Brumley David, Fratantonio Yanick, and Kruegel Christopher. 2013. An empirical study of cryptographic misuse in android applications.. In CCS . Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Sebastian Poeplau, Yanick Fratantonio, and Antonio Bianchi. 2014. Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications. In NDSS.Google ScholarGoogle Scholar
  26. Qemu. 2019. QEMU, the FAST! processor emulator. https://www.qemu.org.Google ScholarGoogle Scholar
  27. Yinfeng Qiu. 2012. Bypassing Android Permissions: What You Need to Know. https://blog.trendmicro.com/trendlabs-security-intelligence/bypassing-android-permissions-what-you-need-to-know/.Google ScholarGoogle Scholar
  28. Quora. 2016a. Is the app parallel space on my android phone safe to use is there no risk of hacking or anything like that? https://www.quora.com/Is-the-app-parallel-space-on-my-android-phone-safe-to-use-is-there-no-risk-of-hacking-or-anything-like-that.Google ScholarGoogle Scholar
  29. Quora. 2016b. What is the process of creating bots for Android games? https://www.quora.com/What-is-the-process-of-creating-bots-for-Android-games.Google ScholarGoogle Scholar
  30. Yuru Shao, Jason Ott, Qi Alfred Chen, Zhiyun Qian, and Z Morley Mao. 2016a. Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework. In NDSS .Google ScholarGoogle Scholar
  31. Yuru Shao, Jason Ott, Yunhan-Jack Jia, Zhiyun Qian, and Z.Morley Mao. 2016b. The Misuse of Android Unix Domain Sockets and Security Implications. In CCS . Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Excelliance Tech. 2018a. Multiple Accounts:Parallel App. https://play.google.com/store/apps/details?id=com.excellianc e.multiaccounts.Google ScholarGoogle Scholar
  33. LBE Tech. 2018b. Over 100 million users worldwide. https://www.facebook.com/parallelspaceapp.Google ScholarGoogle Scholar
  34. LBE Tech. 2018c. Parallel Space - Multiple accounts & Two face. https://play.google.com/store/apps/details?id=com.lbe. parallel.intl.Google ScholarGoogle Scholar
  35. Julien Thomas. 2018. In-App virtualization to bypass Android security mechanisms of unrooted devices. https://2018.bsidesbud.com/wp-content/uploads/2018/03/julien_thomas.pdf.Google ScholarGoogle Scholar
  36. tiann. 2018. fuck_anti_virus.gradle. https://gist.github.com/tiann/42f829ae86b90934c8467f6f76dd6a85.Google ScholarGoogle Scholar
  37. VirtusTotal. 2018. VirtusTotal. https://www.virustotal.com.Google ScholarGoogle Scholar
  38. Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, and Xuxian Jiang. 2013. The impact of vendor customizations on android security. In CCS . Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Zhou Wu, Zhou Yajin, and Jiang Xuxian. 2012. Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces. In CODASPY . Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Xen. 2019. Xen project. https://www.xenproject.org.Google ScholarGoogle Scholar
  41. Aafer Yousra, Huang Jianjun, and Sun Yi. 2018. AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection. In NDSS .Google ScholarGoogle Scholar
  42. Fangfang Zhang, Heqing Huang, and Sencun Zhu. 2014. ViewDroid: Towards obfuscation-resilient mobile application repackaging detection. In WISEC. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Hang Zhang, Dongdong She, and Zhiyun Qian. 2016. Android ION Hazard: The Curse of Customizable Memory Management System. In CCS. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Cong Zheng, Tongbo Luo, Zhi Xu, Wenjun Hu, and Xin Ouyang. 2018. Android Plugin Becomes a Catastrophe to Android Ecosystem. In RESEC. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Wu Zhou, Yajin Zhou, and Michael Grace. 2013. Fast, scalable detection of piggybacked mobile applications. In CODASPY. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. App in the Middle: Demystify Application Virtualization in Android and its Security Threats

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!