2014 IEEE Symposium on Security and Privacy 2014
DOI: 10.1109/sp.2014.32
|View full text |Cite
|
Sign up to set email alerts
|

Upgrading Your Android, Elevating My Malware: Privilege Escalation through Mobile OS Updating

Abstract: Abstract-Android is a fast evolving system, with new updates coming out one after another. These updates often completely overhaul a running system, replacing and adding tens of thousands of files across Android's complex architecture, in the presence of critical user data and applications (apps for short). To avoid accidental damages to such data and existing apps, the upgrade process involves complicated program logic, whose security implications, however, are less known. In this paper, we report the first s… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

1
41
0
1

Year Published

2015
2015
2022
2022

Publication Types

Select...
5
2

Relationship

0
7

Authors

Journals

citations
Cited by 81 publications
(43 citation statements)
references
References 17 publications
1
41
0
1
Order By: Relevance
“…Over The Air (OTA) new version update significantly changes the existing version by adding and modifying large number of files across Android platform, ensuring integrity of existing user data and apps [43]. New version update is facilitated through a service called Package Management System (PMS).…”
Section: A Update Problemmentioning
confidence: 99%
See 2 more Smart Citations
“…Over The Air (OTA) new version update significantly changes the existing version by adding and modifying large number of files across Android platform, ensuring integrity of existing user data and apps [43]. New version update is facilitated through a service called Package Management System (PMS).…”
Section: A Update Problemmentioning
confidence: 99%
“…New version update is facilitated through a service called Package Management System (PMS). Luyi Xing et al [43] performed a comprehensive study of pileup vulnerabilities that can be exploited by malware apps in case of new version upgrades. For example, an app for older version can declare dangerous permissions in AndroidManifest.xml that have been introduced in next version(s).…”
Section: A Update Problemmentioning
confidence: 99%
See 1 more Smart Citation
“…AppSealer [20] combines static-and dynamic-code analysis techniques to patch the applications's bytecode in order to mitigate component hijacking attacks. Xing et al [7] Authors introduce a scanner tool for detecting applications that are vulnerable against the pileup threat.…”
Section: Update Behavior Of Androidmentioning
confidence: 99%
“…With the old system, each update of the application, if developer added a new permission, the Play Store posted it and the user must then accept it. With the new system, developers can add for example the permission ACCESS_SUPERUSER that allow him to take control of all the features of the phone and storage if his application had permissions in the group "another category" [7].…”
Section: Introduction Smentioning
confidence: 99%