Android Root and its Providers: A Double-Edged Sword

@article{Zhang2015AndroidRA,
  title={Android Root and its Providers: A Double-Edged Sword},
  author={Hang Zhang and Dongdong She and Zhiyun Qian},
  journal={Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security},
  year={2015}
}
Android root is the voluntary and legitimate process of gaining the highest privilege and full control over a user's Android device. To facilitate the popular demand, a unique Android root ecosystem has formed where a variety of root providers begin to offer root as a service. Even though legitimate, many convenient one-click root methods operate by exploiting vulnerabilities in the Android system. If not carefully controlled, such exploits can be abused by malware author to gain unauthorized… 

Figures and Tables from this paper

Detecting Android Root Exploits by Learning from Root Providers

This paper builds a system RootExplorer, able to detect all malware samples known to perform root exploits and incurs no false positives, and finds an app that is currently available on the markets, that has an embedded root exploit.

System Log-Based Android Root State Detection

This paper proposed the system log based root state detection method that uses the existing log information to find clues to verify the system root state and uses the triggering features of some special operations to update and enrich the log information.

Monitoring of Root Privilege Escalation in Android Kernel

A new monitoring method KRPM is presented, which breaks the traditional defense idea, adopts active monitoring and alarming method, obtains all the current process information directly from the kernel, builds state graphs for access permission of the progress, and recognizes the process of root privilege escalation and process hiding.

Analyzing Use of High Privileges on Android: An Empirical Case Study of Screenshot and Screen Recording Applications

This paper proposes an approach to identify the potential privilege leakage in Android apps that using ADB workaround, and proposes some mitigation techniques to help developers create their apps that not only satisfy users’ needs but also protect users' privacy from similar attacks in future.

Super Root: A New Stealthy Rooting Technique on ARM Devices

This paper proposes a new powerful and stealthy root attack, named super root, which can escalate a piece of code to the hypervisor privilege, which is typically left unoccupied in real ARM devices with virtualization support.

Adaptive Android Kernel Live Patching

KARMA is proposed, an adaptive live patching system for Android kernels that features a multi-level adaptive patching model to protect kernel vulnerabilities from exploits and can protect most critical kernel vulnerabilities on many Android devices with only minor performance overhead.

Android Rooting: An Arms Race between Evasion and Detection

An arms race between rooting detection and rooting evasion is presented, which shows that rooting has become more and more prevalent as an inevitable trend, and it raises big security concerns regarding detection and evasion.
...

References

SHOWING 1-10 OF 40 REFERENCES

Two vulnerabilities in Android OS kernel

This work reveals a new security pitfall in memory management that can cause severe errors and even system failures and proposes a patching solution, which has been adopted by Google.

The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations

This study analyzed three popular phones from Samsung, identified their likely flaws and built end-to-end attacks that allow an unprivileged app to take pictures and screenshots, and even log the keys the user enters through touch screen.

Security Enhanced (SE) Android: Bringing Flexible MAC to Android

The work to bring flexible mandatory access control (MAC) to Android is motivated and described by enabling the effective use of Security Enhanced Linux (SELinux) for kernel-level MAC and by developing a set of middleware MAC extensions to the Android permissions model.

Dissecting Android Malware: Characterization and Evolution

Systematize or characterize existing Android malware from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software.

RGBDroid: A Novel Response-Based Approach to Android Privilege Escalation Attacks

This paper shows that a system can still be safely protected even after the system security is breached by privilege escalation attacks, and the proposed response technique has comparative advantage over conventional prevention techniques in terms of operational overhead which can lead to significant deterioration of overall system performance.

ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors

This paper presents ANDRUBIS, a fully automated, publicly available and comprehensive analysis system for Android apps that combines static analysis with dynamic analysis on both Dalvik VM and system level, as well as several stimulation techniques to increase code coverage.

Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets

A permissionbased behavioral footprinting scheme to detect new samples of known Android malware families and a heuristics-based filtering scheme to identify certain inherent behaviors of unknown malicious families are proposed.

Android Hacker's Handbook

The first comprehensive guide to discovering and preventing attacks on the Android OS, written by experts who rank among the world's foremost Android security researchers, presents vulnerability discovery, analysis, and exploitation tools for the good guys.

Mobile Root Exploit Detection based on System Events Extracted from Android Platform

This paper investigates mobile root exploits for Android based mobile devices and proposes countermeasure system that enables to extract and collect events related to root exploit attacks occurring from mobile terminal, which contributes to active protection from malicious mobile attacks.

DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket

DREBIN is proposed, a lightweight method for detection of Android malware that enables identifying malicious applications directly on the smartphone and outperforms several related approaches and detects 94% of the malware with few false alarms.