Abstract
Customizability is a key feature of the Android operating system that differentiates it from Apple's iOS. One concrete feature that gaining popularity is called "app virtualization''. This feature allows multiple copies of the same app to be installed and opened simultaneously (e.g., with multiple accounts logged in). Virtualization frameworks are used by more than 100 million users worldwide. As with any new system features, we are interested in two aspects: (1) whether the feature itself introduces security risks and (2) whether the feature is abused for unintended purposes. This paper conducts a systematic study on the two aspects of the app virtualization techniques.
With a thorough study of 32 popular virtualization frameworks from Google Play, we identify seven areas of potential attack vectors and find that most of the frameworks are susceptible to them. By deeply investigating their ecosystem, we show, with demonstrations, that attackers can easily distribute malware that takes advantage of these attack vectors. In addition, we show that the same virtualization techniques are also abused by malware as an alternative and easy-to-use repackaging mechanism. To this end, we design and implement a new app repackage detector. After scanning 250,145 apps from app markets, it finds 164 repackaged apps that attempt to steal user credentials and private data.
- Yousra Aafer, Nan Zhang, Zhongwen Zhang, Xiao Zhang, Kai Chen, XiaoFeng Wang, Xiaoyong Zhou, Wenliang Du, and Michael Grace. 2015. Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References. In CCS . Google Scholar
Digital Library
- Yousra Aafer, Xiao Zhang, and Wenliang Du. 2016. Harvesting inconsistent security configurations in custom android Roms via differential analysis. In USENIX SECURITY . Google Scholar
Digital Library
- Android. 2017. Android: 2 billion monthly active devices. https://www.youtube.com/watch?v=S_M4B-pl05M.Google Scholar
- Android. 2019. Android Open Source Project. https://source.android.com/.Google Scholar
- AppInChina. 2018. TOP 20 CHINESE ANDROID APP STORES. https://www.appinchina.co/market/.Google Scholar
- asLody. 2018. VirtualApp. https://github.com/asLody/VirtualApp/tree/master.Google Scholar
- Bromium. 2019. Browser Isolation with Microsoft Windows Defender Application Guard (WDAG): What It Does, How It Works and What It Means. https://www.bromium.com/browser-isolation-with-microsoft-windows-defender-application-guard/.Google Scholar
- Chin Erika and Wagner David. 2013. Bifocals: Analyzing WebView Vulnerabilities in Android Applications. In WISA . Google Scholar
Digital Library
- Sascha Fahl, Marian Harbach, and Perl Henning. 2013. Rethinking ssl development in an appified world. In CCS. Google Scholar
Digital Library
- Sascha Fahl, Marian Harbach, and Thomas Muders. 2012. Why eve and mallory love android: an analysis of android ssl (in)security. In CCS. Google Scholar
Digital Library
- Adrienne-Porter Felt, Erika Chin, Steve Hanna, Dawn Song, and David Wagner. 2011a. Android permissions demystified. In CCS . Google Scholar
Digital Library
- Adrienne-Porter Felt, Helen J. Wang, and Alexander Moshchuk. 2011b. Permission Re-Delegation: Attacks and Defenses. In USENIX SECURITY . Google Scholar
Digital Library
- Roberto Gallo, Patricia Hongo, and Ricardo Dahab. 2015. Security and system architecture: Comparison of android customizations.. In WISEC . Google Scholar
Digital Library
- GameGuardian. 2018. No root via Parallel Space Lite on x86 - GameGuardian. https://gameguardian.net/forum/gallery/image/447-no-root-via-parallel-space-lite-on-x86-gameguardian/.Google Scholar
- Martin Georgiev, Subodh Iyengar, and Suman Jana. 2012. The most dangerous code in the world: validating ssl certificates in non-browser software. In CCS. Google Scholar
Digital Library
- Michael Grace, Yajin Zhou, Zhi Wang, and Xuxian Jiang. 2012. Systematic detection of capability leaks in stock Android smartphones.. In NDSS .Google Scholar
- Heqing Huang, Sencun Zhu, Kai Chen, and Peng Liu. 2015. From system services freezing to system server shutdown in android: All you need is a loop in an app. In CCS . Google Scholar
Digital Library
- Programming in LUA. 2018. An Overview of the C API. https://www.lua.org/pil/24.html.Google Scholar
- Infosec institute. 2018. Exploiting Unintended Data Leakage (Side Channel Data Leakage). http://resources.infosecinstitute.com/android-hacking-security-part-4-exploiting-unintended-data-leakage-side-channel-data-leakage/#gref.Google Scholar
- Jeon Jinseong, Micinski Kristopher K., and Vaughan Jeffrey A. 2012. Dr. Android and Mr. Hide: Fine-grained Permissions in Android Applications. In SPSM . Google Scholar
Digital Library
- Crussell Jonathan, Gibler Clint, and Chen Hao. 2012. Attack of the Clones: Detecting Cloned Applications on Android Markets. In ESORICS .Google Scholar
- Crussell Jonathan, Gibler Clint, and Chen Hao. 2013. AnDarwin: Scalable Detection of Semantically Similar Android Applications. In ESORICS .Google Scholar
- Tongbo Luo, Hao Hao, and Wenliang Du. 2011. Attacks on WebView in the Android system. In ACSAC. Google Scholar
Digital Library
- Egele Manuel, Brumley David, Fratantonio Yanick, and Kruegel Christopher. 2013. An empirical study of cryptographic misuse in android applications.. In CCS . Google Scholar
Digital Library
- Sebastian Poeplau, Yanick Fratantonio, and Antonio Bianchi. 2014. Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications. In NDSS.Google Scholar
- Qemu. 2019. QEMU, the FAST! processor emulator. https://www.qemu.org.Google Scholar
- Yinfeng Qiu. 2012. Bypassing Android Permissions: What You Need to Know. https://blog.trendmicro.com/trendlabs-security-intelligence/bypassing-android-permissions-what-you-need-to-know/.Google Scholar
- Quora. 2016a. Is the app parallel space on my android phone safe to use is there no risk of hacking or anything like that? https://www.quora.com/Is-the-app-parallel-space-on-my-android-phone-safe-to-use-is-there-no-risk-of-hacking-or-anything-like-that.Google Scholar
- Quora. 2016b. What is the process of creating bots for Android games? https://www.quora.com/What-is-the-process-of-creating-bots-for-Android-games.Google Scholar
- Yuru Shao, Jason Ott, Qi Alfred Chen, Zhiyun Qian, and Z Morley Mao. 2016a. Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework. In NDSS .Google Scholar
- Yuru Shao, Jason Ott, Yunhan-Jack Jia, Zhiyun Qian, and Z.Morley Mao. 2016b. The Misuse of Android Unix Domain Sockets and Security Implications. In CCS . Google Scholar
Digital Library
- Excelliance Tech. 2018a. Multiple Accounts:Parallel App. https://play.google.com/store/apps/details?id=com.excellianc e.multiaccounts.Google Scholar
- LBE Tech. 2018b. Over 100 million users worldwide. https://www.facebook.com/parallelspaceapp.Google Scholar
- LBE Tech. 2018c. Parallel Space - Multiple accounts & Two face. https://play.google.com/store/apps/details?id=com.lbe. parallel.intl.Google Scholar
- Julien Thomas. 2018. In-App virtualization to bypass Android security mechanisms of unrooted devices. https://2018.bsidesbud.com/wp-content/uploads/2018/03/julien_thomas.pdf.Google Scholar
- tiann. 2018. fuck_anti_virus.gradle. https://gist.github.com/tiann/42f829ae86b90934c8467f6f76dd6a85.Google Scholar
- VirtusTotal. 2018. VirtusTotal. https://www.virustotal.com.Google Scholar
- Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, and Xuxian Jiang. 2013. The impact of vendor customizations on android security. In CCS . Google Scholar
Digital Library
- Zhou Wu, Zhou Yajin, and Jiang Xuxian. 2012. Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces. In CODASPY . Google Scholar
Digital Library
- Xen. 2019. Xen project. https://www.xenproject.org.Google Scholar
- Aafer Yousra, Huang Jianjun, and Sun Yi. 2018. AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection. In NDSS .Google Scholar
- Fangfang Zhang, Heqing Huang, and Sencun Zhu. 2014. ViewDroid: Towards obfuscation-resilient mobile application repackaging detection. In WISEC. Google Scholar
Digital Library
- Hang Zhang, Dongdong She, and Zhiyun Qian. 2016. Android ION Hazard: The Curse of Customizable Memory Management System. In CCS. Google Scholar
Digital Library
- Cong Zheng, Tongbo Luo, Zhi Xu, Wenjun Hu, and Xin Ouyang. 2018. Android Plugin Becomes a Catastrophe to Android Ecosystem. In RESEC. ACM. Google Scholar
Digital Library
- Wu Zhou, Yajin Zhou, and Michael Grace. 2013. Fast, scalable detection of piggybacked mobile applications. In CODASPY. Google Scholar
Digital Library
Index Terms
App in the Middle: Demystify Application Virtualization in Android and its Security Threats
Recommendations
Parallel Space Traveling: A Security Analysis of App-Level Virtualization in Android
SACMAT '20: Proceedings of the 25th ACM Symposium on Access Control Models and TechnologiesApp-level virtualization becomes increasingly popular. It allows multiple instances of an application to run simultaneously on the same Android system, without requiring modification of the Android firmware. These virtualization-capable apps are used by ...
App in the Middle: Demystify Application Virtualization in Android and its Security Threats
Customizability is a key feature of the Android operating system that differentiates it from Apple's iOS. One concrete feature that gaining popularity is called "app virtualization". This feature allows multiple copies of the same app to be installed ...
App in the Middle: Demystify Application Virtualization in Android and its Security Threats
SIGMETRICS '19: Abstracts of the 2019 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer SystemsCustomizability is a key feature of the Android operating system that differentiates it from Apple's iOS. One concrete feature that gaining popularity is called "app virtualization''. This feature allows multiple copies of the same app to be installed ...






Comments