Android Root and its Providers: A Double-Edged Sword

@article{Zhang2015AndroidRA,
  title={Android Root and its Providers: A Double-Edged Sword},
  author={Hang Zhang and Dongdong She and Zhiyun Qian},
  journal={Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security},
  year={2015}
}
Android root is the voluntary and legitimate process of gaining the highest privilege and full control over a user's Android device. To facilitate the popular demand, a unique Android root ecosystem has formed where a variety of root providers begin to offer root as a service. Even though legitimate, many convenient one-click root methods operate by exploiting vulnerabilities in the Android system. If not carefully controlled, such exploits can be abused by malware author to gain unauthorized… Expand
Detecting Android Root Exploits by Learning from Root Providers
TLDR
This paper builds a system RootExplorer, able to detect all malware samples known to perform root exploits and incurs no false positives, and finds an app that is currently available on the markets, that has an embedded root exploit. Expand
System Log-Based Android Root State Detection
TLDR
This paper proposed the system log based root state detection method that uses the existing log information to find clues to verify the system root state and uses the triggering features of some special operations to update and enrich the log information. Expand
Monitoring of Root Privilege Escalation in Android Kernel
TLDR
A new monitoring method KRPM is presented, which breaks the traditional defense idea, adopts active monitoring and alarming method, obtains all the current process information directly from the kernel, builds state graphs for access permission of the progress, and recognizes the process of root privilege escalation and process hiding. Expand
Analyzing Use of High Privileges on Android: An Empirical Case Study of Screenshot and Screen Recording Applications
TLDR
This paper proposes an approach to identify the potential privilege leakage in Android apps that using ADB workaround, and proposes some mitigation techniques to help developers create their apps that not only satisfy users’ needs but also protect users' privacy from similar attacks in future. Expand
Super Root: A New Stealthy Rooting Technique on ARM Devices
TLDR
This paper proposes a new powerful and stealthy root attack, named super root, which can escalate a piece of code to the hypervisor privilege, which is typically left unoccupied in real ARM devices with virtualization support. Expand
A root privilege management scheme with revocable authorization for Android devices
TLDR
A root privilege management scheme named Root Privilege Manager (RPM) is proposed, which adopts the root privilege access control to guarantee the exclusive root access opportunity of the authenticated apps. Expand
RootAgency: A digital signature-based root privilege management agency for cloud terminal devices
TLDR
A root privilege management agency named RootAgency is proposed, which adopts a digital signature scheme to guarantee the exclusive root-privilege-granting opportunities of authenticated apps. Expand
Adaptive Android Kernel Live Patching
TLDR
KARMA is proposed, an adaptive live patching system for Android kernels that features a multi-level adaptive patching model to protect kernel vulnerabilities from exploits and can protect most critical kernel vulnerabilities on many Android devices with only minor performance overhead. Expand
Android Rooting: An Arms Race between Evasion and Detection
TLDR
An arms race between rooting detection and rooting evasion is presented, which shows that rooting has become more and more prevalent as an inevitable trend, and it raises big security concerns regarding detection and evasion. Expand
A survey of Android exploits in the wild
TLDR
A taxonomy on Android exploitation is constructed and the similarities/differences and strength/weakness of different types of exploits are presented and based on both the theoretical analysis and the experimental results of the evaluation, insight is presented into the Android exploitation. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 40 REFERENCES
Two vulnerabilities in Android OS kernel
TLDR
This work reveals a new security pitfall in memory management that can cause severe errors and even system failures and proposes a patching solution, which has been adopted by Google. Expand
The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations
TLDR
This study analyzed three popular phones from Samsung, identified their likely flaws and built end-to-end attacks that allow an unprivileged app to take pictures and screenshots, and even log the keys the user enters through touch screen. Expand
Security Enhanced (SE) Android: Bringing Flexible MAC to Android
TLDR
The work to bring flexible mandatory access control (MAC) to Android is motivated and described by enabling the effective use of Security Enhanced Linux (SELinux) for kernel-level MAC and by developing a set of middleware MAC extensions to the Android permissions model. Expand
Dissecting Android Malware: Characterization and Evolution
TLDR
Systematize or characterize existing Android malware from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software. Expand
RGBDroid: A Novel Response-Based Approach to Android Privilege Escalation Attacks
TLDR
This paper shows that a system can still be safely protected even after the system security is breached by privilege escalation attacks, and the proposed response technique has comparative advantage over conventional prevention techniques in terms of operational overhead which can lead to significant deterioration of overall system performance. Expand
ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors
TLDR
This paper presents ANDRUBIS, a fully automated, publicly available and comprehensive analysis system for Android apps that combines static analysis with dynamic analysis on both Dalvik VM and system level, as well as several stimulation techniques to increase code coverage. Expand
Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets
TLDR
A permissionbased behavioral footprinting scheme to detect new samples of known Android malware families and a heuristics-based filtering scheme to identify certain inherent behaviors of unknown malicious families are proposed. Expand
Android Hacker's Handbook
The first comprehensive guide to discovering and preventing attacks on the Android OSAs the Android operating system continues to increase its share of the smartphone market, smartphone hackingExpand
Mobile Root Exploit Detection based on System Events Extracted from Android Platform
Recently, the number of attacks by malicious application has significantly increased, targeting Android-platform mobile terminal such as Samsung Galaxy Note I/II and Galaxy Tab 10.1, etc. TheExpand
DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket
TLDR
DREBIN is proposed, a lightweight method for detection of Android malware that enables identifying malicious applications directly on the smartphone and outperforms several related approaches and detects 94% of the malware with few false alarms. Expand
...
1
2
3
4
...