Analyzing use of high privileges on android: An empirical case study of screenshot and screen recording applications

Mark H. Meng; Guangdong Bai; Joseph K. Liu; Xiapu Luo; Yu Wang

doi:10.1007/978-3-030-14234-6_19

Analyzing use of high privileges on android: An empirical case study of screenshot and screen recording applications

Mark H. Meng
, Guangdong Bai
, Joseph K. Liu
, Xiapu Luo
, Yu Wang

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

2 Citations (Scopus)

Abstract

The number of Android smartphone and tablet users has experienced a rapid growth in the past few years and it raises users’ awareness on privacy and security issues of their mobile devices. There are lots of users rooting their Android devices for some useful functions, which are not originally provided to developers and users, such as taking screenshot and screen recording. However, after observing the danger of rooting devices, the developers begin to look for non-root alternatives to implement those functions. Android Debug Bridge (ADB) workaround is one of the best known non-root alternatives to help app gain a higher privilege on Android. It used to be considered as a secure practice until some cases of ADB privilege leakage have been found. In this paper, we propose an approach to identify the potential privilege leakage in Android apps that using ADB workaround. We apply our approach to analyze three real-world apps that are downloaded from Google Play Store. We then present a general methodology to conduct exploitation on those apps using ADB workaround. Based on our study, we suggest some mitigation techniques to help developers create their apps that not only satisfy users’ needs but also protect users’ privacy from similar attacks in future. © 2019, Springer Nature Switzerland AG.

Original language	English
Title of host publication	Information Security and Cryptology - 14th International Conference, Inscrypt 2018, Revised Selected Papers
Publisher	Springer Verlag
Pages	349-369
Volume	11449 LNCS
ISBN (Print)	9783030142339
DOIs	https://doi.org/10.1007/978-3-030-14234-6_19
Publication status	Published - Feb 2019
Externally published	Yes
Event	14th International Conference on Information Security and Cryptology, Inscrypt 2018 - Fuzhou, China Duration: 14 Dec 2018 → 17 Dec 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11449 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	14th International Conference on Information Security and Cryptology, Inscrypt 2018
Place	China
City	Fuzhou
Period	14/12/18 → 17/12/18

Bibliographical note

Publication details (e.g. title, author(s), publication statuses and dates) are captured on an “AS IS” and “AS AVAILABLE” basis at the time of record harvesting from the data source. Suggestions for further amendments or supplementary information can be sent to [email protected].

Funding

This work was supported by NSFC Project 61802080.

Research Keywords

ADB workaround
Android security
Application analysis
Exploit
Privilege escalation

Access Output

10.1007/978-3-030-14234-6_19

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

Meng, M. H., Bai, G., Liu, J. K., Luo, X., & Wang, Y. (2019). Analyzing use of high privileges on android: An empirical case study of screenshot and screen recording applications. In Information Security and Cryptology - 14th International Conference, Inscrypt 2018, Revised Selected Papers (Vol. 11449 LNCS, pp. 349-369). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11449 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-14234-6_19

Meng, Mark H. ; Bai, Guangdong ; Liu, Joseph K. et al. / Analyzing use of high privileges on android : An empirical case study of screenshot and screen recording applications. Information Security and Cryptology - 14th International Conference, Inscrypt 2018, Revised Selected Papers. Vol. 11449 LNCS Springer Verlag, 2019. pp. 349-369 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{7784ce6e90cc46e99d91a8ffac004161,

title = "Analyzing use of high privileges on android: An empirical case study of screenshot and screen recording applications",

abstract = "The number of Android smartphone and tablet users has experienced a rapid growth in the past few years and it raises users{\textquoteright} awareness on privacy and security issues of their mobile devices. There are lots of users rooting their Android devices for some useful functions, which are not originally provided to developers and users, such as taking screenshot and screen recording. However, after observing the danger of rooting devices, the developers begin to look for non-root alternatives to implement those functions. Android Debug Bridge (ADB) workaround is one of the best known non-root alternatives to help app gain a higher privilege on Android. It used to be considered as a secure practice until some cases of ADB privilege leakage have been found. In this paper, we propose an approach to identify the potential privilege leakage in Android apps that using ADB workaround. We apply our approach to analyze three real-world apps that are downloaded from Google Play Store. We then present a general methodology to conduct exploitation on those apps using ADB workaround. Based on our study, we suggest some mitigation techniques to help developers create their apps that not only satisfy users{\textquoteright} needs but also protect users{\textquoteright} privacy from similar attacks in future. {\textcopyright} 2019, Springer Nature Switzerland AG.",

keywords = "ADB workaround, Android security, Application analysis, Exploit, Privilege escalation",

author = "Meng, \{Mark H.\} and Guangdong Bai and Liu, \{Joseph K.\} and Xiapu Luo and Yu Wang",

note = "Publication details (e.g. title, author(s), publication statuses and dates) are captured on an “AS IS” and “AS AVAILABLE” basis at the time of record harvesting from the data source. Suggestions for further amendments or supplementary information can be sent to [email protected].; 14th International Conference on Information Security and Cryptology, Inscrypt 2018 ; Conference date: 14-12-2018 Through 17-12-2018",

year = "2019",

month = feb,

doi = "10.1007/978-3-030-14234-6\_19",

language = "English",

isbn = "9783030142339",

volume = "11449 LNCS",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "349--369",

booktitle = "Information Security and Cryptology - 14th International Conference, Inscrypt 2018, Revised Selected Papers",

address = "Germany",

}

Meng, MH, Bai, G, Liu, JK, Luo, X & Wang, Y 2019, Analyzing use of high privileges on android: An empirical case study of screenshot and screen recording applications. in Information Security and Cryptology - 14th International Conference, Inscrypt 2018, Revised Selected Papers. vol. 11449 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11449 LNCS, Springer Verlag, pp. 349-369, 14th International Conference on Information Security and Cryptology, Inscrypt 2018, Fuzhou, China, 14/12/18. https://doi.org/10.1007/978-3-030-14234-6_19

Analyzing use of high privileges on android: An empirical case study of screenshot and screen recording applications. / Meng, Mark H.; Bai, Guangdong; Liu, Joseph K. et al.
Information Security and Cryptology - 14th International Conference, Inscrypt 2018, Revised Selected Papers. Vol. 11449 LNCS Springer Verlag, 2019. p. 349-369 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11449 LNCS).

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

TY - GEN

T1 - Analyzing use of high privileges on android

T2 - 14th International Conference on Information Security and Cryptology, Inscrypt 2018

AU - Meng, Mark H.

AU - Bai, Guangdong

AU - Liu, Joseph K.

AU - Luo, Xiapu

AU - Wang, Yu

N1 - Publication details (e.g. title, author(s), publication statuses and dates) are captured on an “AS IS” and “AS AVAILABLE” basis at the time of record harvesting from the data source. Suggestions for further amendments or supplementary information can be sent to [email protected].

PY - 2019/2

Y1 - 2019/2

N2 - The number of Android smartphone and tablet users has experienced a rapid growth in the past few years and it raises users’ awareness on privacy and security issues of their mobile devices. There are lots of users rooting their Android devices for some useful functions, which are not originally provided to developers and users, such as taking screenshot and screen recording. However, after observing the danger of rooting devices, the developers begin to look for non-root alternatives to implement those functions. Android Debug Bridge (ADB) workaround is one of the best known non-root alternatives to help app gain a higher privilege on Android. It used to be considered as a secure practice until some cases of ADB privilege leakage have been found. In this paper, we propose an approach to identify the potential privilege leakage in Android apps that using ADB workaround. We apply our approach to analyze three real-world apps that are downloaded from Google Play Store. We then present a general methodology to conduct exploitation on those apps using ADB workaround. Based on our study, we suggest some mitigation techniques to help developers create their apps that not only satisfy users’ needs but also protect users’ privacy from similar attacks in future. © 2019, Springer Nature Switzerland AG.

AB - The number of Android smartphone and tablet users has experienced a rapid growth in the past few years and it raises users’ awareness on privacy and security issues of their mobile devices. There are lots of users rooting their Android devices for some useful functions, which are not originally provided to developers and users, such as taking screenshot and screen recording. However, after observing the danger of rooting devices, the developers begin to look for non-root alternatives to implement those functions. Android Debug Bridge (ADB) workaround is one of the best known non-root alternatives to help app gain a higher privilege on Android. It used to be considered as a secure practice until some cases of ADB privilege leakage have been found. In this paper, we propose an approach to identify the potential privilege leakage in Android apps that using ADB workaround. We apply our approach to analyze three real-world apps that are downloaded from Google Play Store. We then present a general methodology to conduct exploitation on those apps using ADB workaround. Based on our study, we suggest some mitigation techniques to help developers create their apps that not only satisfy users’ needs but also protect users’ privacy from similar attacks in future. © 2019, Springer Nature Switzerland AG.

KW - ADB workaround

KW - Android security

KW - Application analysis

KW - Exploit

KW - Privilege escalation

UR - https://www.scopus.com/pages/publications/85064111096

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85064111096&origin=recordpage

U2 - 10.1007/978-3-030-14234-6_19

DO - 10.1007/978-3-030-14234-6_19

M3 - RGC 32 - Refereed conference paper (with host publication)

SN - 9783030142339

VL - 11449 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 349

EP - 369

BT - Information Security and Cryptology - 14th International Conference, Inscrypt 2018, Revised Selected Papers

PB - Springer Verlag

Y2 - 14 December 2018 through 17 December 2018

ER -

Meng MH, Bai G, Liu JK, Luo X, Wang Y. Analyzing use of high privileges on android: An empirical case study of screenshot and screen recording applications. In Information Security and Cryptology - 14th International Conference, Inscrypt 2018, Revised Selected Papers. Vol. 11449 LNCS. Springer Verlag. 2019. p. 349-369. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-14234-6_19

Analyzing use of high privileges on android: An empirical case study of screenshot and screen recording applications

Abstract

Publication series

Conference

Bibliographical note

Funding

Research Keywords

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this