SanAdBox: Sandboxing third party advertising libraries in a mobile application

Kawabata, Hideaki; Isohara, Takamasa; Takemori, Keisuke; Kubota, Ayumu; Kani, Junya; Agematsu, Harunobu; Nishigaki, Masakatsu

doi:10.1109/icc.2013.6654845

Cited by 13 publications

(5 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…e TPLs can no longer share the permissions of the host application and thus can only access limited system resources or user data [10][11][12][13][14][15]. For example, CompARTist [13] splits Android applications at compile-time into isolated, privilege-separated compartments for the host app and the included TPLs.…”

Section: Introductionmentioning

confidence: 99%

A Secure Communication and Access Control Scheme for Native Libraries of Android Applications

Liu

Peng

Fang

2022

Security and Communication Networks

View full text Add to dashboard Cite

The Android system cannot perform fine-grained permission management for TPLs (third-party libraries) in applications. TPLs can use all permissions of the host application, which poses a threat to users and system security. In order to solve this problem, this paper studies the underlying principles of multiple modules in the framework and kernel layers of the Android system. We construct a fine-grained access control scheme for native libraries through technologies such as isolation environment creation, remote function call, and dynamic permission management. We also implement the prototype system. The experimental results show that our proposed scheme can effectively assist developers in managing the permissions of the native libraries in a fine-grained manner and curb the suspicious privileged behaviors of the native libraries. Meanwhile, our proposed scheme is adaptable for high-version Android systems with reasonable overhead, and it will not break the current Android security mechanisms.

show abstract

Section: Introductionmentioning

confidence: 99%

A Secure Communication and Access Control Scheme for Native Libraries of Android Applications

Liu

Peng

Fang

2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…TPLs can access the system resources via two ways: (1) directly invoke the system calls to get the system services or resources; (2) indirectly access the resource through the interfaces from the host app logic. [58] 2016 NDSS LibCage [79] 2016 ESORICS PEDAL [16] 2015 MobiSys NativeGuard [95] 2015 Wisec COMPAC [93] 2014 CODASPY AFrame [15] 2013 ACSAC SanAdBox [14] 2013 ICC AdDroid [18] 2012 ASIACCS AdSplit [17] 2012 USNIX Security…”

Section: Existing Solutionsmentioning

confidence: 99%

“…SanAdBox [14] is a privilege separation framework that can separate the advertising libraries from the host app and run the advertising libraries as different independent applications. In addition, SanAdBox is an updating sandbox where the host app and ad libraries run into and only can invoke their own permissions.…”

Section: Existing Researchmentioning

confidence: 99%

See 1 more Smart Citation

Research on Third-Party Libraries in AndroidApps: A Taxonomy and Systematic LiteratureReview

Zhan¹,

Liu²,

Fan³

et al. 2021

Preprint

View full text Add to dashboard Cite

Third-party libraries (TPLs) have been widely used in mobile apps, which play an essential part in the entire Android ecosystem. However, TPL is a double-edged sword. On the one hand, it can ease the development of mobile apps. On the other hand, it also brings security risks such as privacy leaks or increased attack surfaces (e.g., by introducing over-privileged permissions) to mobile apps. Although there are already many studies for characterizing third-party libraries, including automated detection, security and privacy analysis of TPLs, TPL attributes analysis, etc., what strikes us odd is that there is no systematic study to summarize those studies' endeavors. To this end, we conduct the first systematic literature review on Android TPL-related research. Following a well-defined systematic literature review protocol, we collected 74 primary research papers closely related to Android third-party library from 2012 to 2020. After carefully examining these studies, we designed a taxonomy of TPL-related research studies and conducted a systematic study to summarize current solutions, limitations, challenges and possible implications of new research directions related to third-party library analysis. We hope that these contributions can give readers a clear overview of existing TPL-related studies and inspire them to go beyond the current status quo by advancing the discipline with innovative approaches.

show abstract

“…Wang et al [177] proposed adding purposes to permissions requests to inform users what their data will be used for, while Agarwal et al [178] used crowdsourcing to help users determine which permissions were really necessary for a given application. Another suggested approach aims to help users by splitting permissions needed for the core application and any third-party libraries that these applications may include [179][180][181][182], thus reducing any confusion as to which parties will be accessing the data.…”

Section: A More Private Futurementioning

confidence: 99%

SoK: Privacy on Mobile Devices – It’s Complicated

Spensky

Stewart

Yerukhimovich

et al. 2016

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Modern mobile devices place a wide variety of sensors and services within the personal space of their users. As a result, these devices are capable of transparently monitoring many sensitive aspects of these users’ lives (e.g., location, health, or correspondences). Users typically trade access to this data for convenient applications and features, in many cases without a full appreciation of the nature and extent of the information that they are exposing to a variety of third parties. Nevertheless, studies show that users remain concerned about their privacy and vendors have similarly been increasing their utilization of privacy-preserving technologies in these devices. Still, despite significant efforts, these technologies continue to fail in fundamental ways, leaving users’ private data exposed.In this work, we survey the numerous components of mobile devices, giving particular attention to those that collect, process, or protect users’ private data. Whereas the individual components have been generally well studied and understood, examining the entire mobile device ecosystem provides significant insights into its overwhelming complexity. The numerous components of this complex ecosystem are frequently built and controlled by different parties with varying interests and incentives. Moreover, most of these parties are unknown to the typical user. The technologies that are employed to protect the users’ privacy typically only do so within a small slice of this ecosystem, abstracting away the greater complexity of the system. Our analysis suggests that this abstracted complexity is the major cause of many privacy-related vulnerabilities, and that a fundamentally new, holistic, approach to privacy is needed going forward. We thus highlight various existing technology gaps and propose several promising research directions for addressing and reducing this complexity.

show abstract

SanAdBox: Sandboxing third party advertising libraries in a mobile application

Cited by 13 publications

References 6 publications

A Secure Communication and Access Control Scheme for Native Libraries of Android Applications

A Secure Communication and Access Control Scheme for Native Libraries of Android Applications

Research on Third-Party Libraries in AndroidApps: A Taxonomy and Systematic LiteratureReview

SoK: Privacy on Mobile Devices – It’s Complicated

Contact Info

Product

Resources

About