So there's a really interesting paper out about detecting "capability leaks" in Android smartphones courtesy of the folks over at North Carolina State.
It's called (unsurprisingly enough) "Systematic Detection of Capability Leaks in Stock Android Smartphones" and it's a great read.
So these guys built a tool (called "woodpecker") that snakes around inside popular Android phone platforms looking for places where the phone is configured so as to violate the Android permission enforcement model.
Go read it... you'd be surprised what they've found.
Now, I'm not going to steal their thunder and I highly recommend you go read the original source material, but to whet your appetite, take a look at this table from their report summarizing what they found:
(click image to enlarge)
Pretty wild, right? Apparently most of the platforms out there have situations that do violate the permission model, thereby allowing apps to do stuff that maybe the user doesn't want.
Of course, I've made the point a few times that users tend not to care about permissions anyway. I mean, the case of a Sudoku app that wants "full internet access" I can sort of get... maybe they want to show me ads or whatever.
Or maybe I can forgive the fact that Skype wants to be able to "MANAGE THE ACCOUNTS LIST", "USE THE AUTHENTICATION CREDENTIALS OF AN ACCOUNT", "DISABLE KEYLOCK", and "DISCOVER KNOWN ACCOUNTS".
Maybe... just maybe (because they're Skype), I'll (reluctantly) agree to let them "MODIFY GLOBAL SYSTEM SETTINGS" and "RETRIEVE RUNNING APPLICATIONS"... much though I'd rather they didn't.
But seriously... doesn't it scare anybody else that "Funny Jokes for Kids" needs "FINE (GPS) LOCATION", "FULL INTERNET ACCESS", and "READ PHONE STATE AND IDENTITY" (i.e., "An application with this permission can determine the phone number and serial number of this phone...")?
Um, really? So, here's an app, with an install base of "100,000 - 500,000" (from the overview page on the market) that's targeted to "children 8 and under" that can:
- Uniquely identify you (or your child),
- Determine fine-grained geographical location, and
- Communicate those details to whomever it wants
Nope... that's not scary at all. Perfectly reasonable, right? Bah. I blame the user community... and I include myself quite squarely in this category.
For example, I routinely install apps with only a cursory glance at the permissions; the times that I happen to glance at what the app wants to run (that are, quite frankly, "crazysauce" in many cases), I usually install them anyway betting on the fact that it's probably innocuous.
And I actually care about this stuff. But "Joe Average" user? Not likely to even read it... or care about it if they do.
Until users start to actually care about permissions, I'm not sure the enforcement model - and how well it does or doesn't work - is going to matter much. But it would be nice to know it worked when/if they do.
Image source: oakcreekprintworks.com
Cross-posted from: Security Curve Weblog