Ghost Installer in the Shadow: Security Analysis of App Installation on Android

  title={Ghost Installer in the Shadow: Security Analysis of App Installation on Android},
  author={Yeonjoon Lee and Tongxin Li and Nan Zhang and Soteris Demetriou and Mingming Zha and Xiaofeng Wang and Kai Chen and Xiao-yong Zhou and Xinhui Han and Michael Grace},
  journal={2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)},
  • Yeonjoon LeeTongxin Li M. Grace
  • Published 26 June 2017
  • Computer Science
  • 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
Android allows developers to build apps with app installation functionality themselves with minimal restriction and support like any other functionalities. Given the critical importance of app installation, the security implications of the approach can be significant. This paper reports the first systematic study on this issue, focusing on the security guarantees of different steps of the App Installation Transaction (AIT). We demonstrate the serious consequences of leaving AIT development to… 

Figures and Tables from this paper

Watch Out for Race Condition Attacks When Using Android External Storage

An analysis engine is proposed, named RECAST, which gathers file operation events on external storage and infers the associated file operation processes and finds that, with the limited kinds of events, a tremendous number of unique file operating patterns are constituted.

Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews

The contention between the demand for convenient cross-WebView communication and the need for security control on the channel is revealed, and the first step toward building OS-level protection to safeguard this fast-growing technology is made.

Android on PC: On the Security of End-user Android Emulators

A systematic study on end-user Android emulators is performed and a series of security flaws on communication channel authentication, permission control, and open interfaces are discovered that could cause severe security consequences.

Defense and Attack Techniques Against File-Based TOCTOU Vulnerabilities: A Systematic Review

This paper applies a reproducible methodology to search, filter, and analyze the most relevant research proposals to define a global and understandable vision of existing solutions to the file-based TOCTOU vulnerability.

KingFisher: Unveiling Insecurely Used Credentials in IoT-to-Mobile Communications

With an evaluation of eight real-world IoT solutions with more than 35 million deployed devices, KingFisher revealed that all these solutions involve insecurely used credentials, and are subject to privacy leakage or device hijacking.

The Role of the Adversary Model in Applied Security Research

Kindness is a Risky Business: On the Usage of the Accessibility APIs in Android

The Chinese University of Hong Kong, {xf016, khzhang} ‖Indiana University Bloomington,,



Understanding and improving app installation security mechanisms through empirical analysis of android

Empirical evidence is found that Android's current signing architecture does not encourage best security practices, and limitations of Android's UID sharing method force developers to write custom code rather than rely on OS-level mechanisms for secure data transfer between apps.

Leave Me Alone: App-Level Protection against Runtime Information Gathering on Android

This new approach, called App Guardian, thwarts a malicious app's runtime monitoring attempt by pausing all suspicious background processes when the target app is running in the foreground, and resuming them after the app stops and its runtime environment is cleaned up.

Security Enhanced (SE) Android: Bringing Flexible MAC to Android

The work to bring flexible mandatory access control (MAC) to Android is motivated and described by enabling the effective use of Security Enhanced Linux (SELinux) for kernel-level MAC and by developing a set of middleware MAC extensions to the Android permissions model.

Towards Discovering and Understanding Task Hijacking in Android

Design flaws of Android multitasking are found which make all recent versions of Android vulnerable to task hijacking attacks, and possible mitigation techniques are discussed.

What the App is That? Deception and Countermeasures in the Android User Interface

This paper analyzes in detail the many ways in which Android users can be confused into misidentifying an app, thus, for instance, being deceived into giving sensitive information to a malicious app and designs and implements an on-device defense that addresses the underlying issue of the lack of a security indicator in the Android GUI.

Analyzing inter-application communication in Android

This work examines Android application interaction and identifies security risks in application components and provides a tool, ComDroid, that detects application communication vulnerabilities and found 34 exploitable vulnerabilities.

Android permissions demystified

Stowaway, a tool that detects overprivilege in compiled Android applications, is built and finds that about one-third of applications are overprivileged.

FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps

FlowDroid is presented, a novel and highly precise static taint analysis for Android applications that successfully finds leaks in a subset of 500 apps from Google Play and about 1,000 malware apps from the VirusShare project.

Taming the Android AppStore: Lightweight Characterization of Android Applications

This work develops a lightweight characterization methodology that can automatically extract descriptions of application network behavior, and applies this to a large selection of applications from the Google App Store, finding several instances of overly aggressive communication with tracking websites, of excessive communication with ad related sites, and of communication with sites previously associated with malware activity.

On lightweight mobile phone application certification

The Kirin security service for Android is proposed, which performs lightweight certification of applications to mitigate malware at install time and indicates that security configuration bundled with Android applications provides practical means of detecting malware.