LibCapsule: Complete Confinement of Third-Party Libraries in Android Applications

Qiu, Jun; Yang, Xuewu; Wu, Huamao; Zhou, Yajin; Li, Jinku; Ma, Jianfeng

doi:10.1109/tdsc.2021.3075817

Cited by 8 publications

(7 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…e second approach is to design a more granular permission mechanism that restricts the interaction between TPLs and resources. For example, FLEXDROID [16], Zhan et al [17], LIB CAPSULE [18], and others enable the Android system to manage TPLs permissions directly by implementing librarylevel access control mechanisms.…”

Section: Introductionmentioning

confidence: 99%

A Secure Communication and Access Control Scheme for Native Libraries of Android Applications

Liu

Peng

Fang

2022

Security and Communication Networks

View full text Add to dashboard Cite

The Android system cannot perform fine-grained permission management for TPLs (third-party libraries) in applications. TPLs can use all permissions of the host application, which poses a threat to users and system security. In order to solve this problem, this paper studies the underlying principles of multiple modules in the framework and kernel layers of the Android system. We construct a fine-grained access control scheme for native libraries through technologies such as isolation environment creation, remote function call, and dynamic permission management. We also implement the prototype system. The experimental results show that our proposed scheme can effectively assist developers in managing the permissions of the native libraries in a fine-grained manner and curb the suspicious privileged behaviors of the native libraries. Meanwhile, our proposed scheme is adaptable for high-version Android systems with reasonable overhead, and it will not break the current Android security mechanisms.

show abstract

Section: Introductionmentioning

confidence: 99%

A Secure Communication and Access Control Scheme for Native Libraries of Android Applications

Liu

Peng

Fang

2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Although TPLs bring functionality conveniences, TPLs also import data leakage. According to Android permission mechanism, TPLs share the same privileges with host apps [19]- [21]. TPLs may abuse permissions to access users' personally identifiable information without users' consent [22], [23], which results in personal information leakage [8]- [18], [53].…”

Section: A Android Third-party Librariesmentioning

confidence: 99%

“…ATPChecker finds the variable (srcv) in srcstmt that corresponds to DOI vt (line 17). If srcv is a variable, ATPChecker continues backward analysis, starts with srcstmt in srcm and focuses analysis on variable srcv (line [18][19]; if srcv is a constant, ATPChecker finds one piece of code that describes the data usage of var (line 21).…”

Section: Data Typementioning

confidence: 99%

“…Since the host apps share the same process space and permissions with TPLs, the mechanism violates the principle of least privilege, which leads to TPLs being over-privileged. Recent papers find that permission abuse makes TPLs access users' personal information and causes potential privacy leakage [19]- [26]. In addition, the incorrect use of TPLs [26]- [28] may cause serious personal information leakage.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Demystifying Privacy Policy of Third-Party Libraries in Mobile Apps

Kaifa¹,

Zhan²,

Liu³

et al. 2023

Preprint

View full text Add to dashboard Cite

“…Since the host apps share the same process space and permissions with TPLs, the mechanism violates the principle of least privilege, which leads to TPLs being over-privileged. Recent studies find that permission abuse allows TPLs to access users' personal information and causes potential privacy leakage [19]- [26]. In addition, the incorrect use of TPLs [26]- [28] may cause serious personal information leakage.…”

Section: Introductionmentioning

confidence: 99%