A Systematic Study of Android Non-SDK (Hidden) Service API Security

by   Yi He, et al.

Android allows apps to communicate with its system services via system service helpers so that these apps can use various functions provided by the system services. Meanwhile, the system services rely on their service helpers to enforce security checks for protection. Unfortunately, the security checks in the service helpers may be bypassed via directly exploiting the non-SDK (hidden) APIs, degrading the stability and posing severe security threats such as privilege escalation, automatic function execution without users' interactions, crashes, and DoS attacks. Google has proposed various approaches to address this problem, e.g., case-by-case fixing the bugs or even proposing a blacklist to block all the non-SDK APIs. However, the developers can still figure out new ways of exploiting these hidden APIs to evade the non-SDKs restrictions. In this paper, we systematically study the vulnerabilities due to the hidden API exploitation and analyze the effectiveness of Google's countermeasures. We aim to answer if there are still vulnerable hidden APIs that can be exploited in the newest Android 12. We develop a static analysis tool called ServiceAudit to automatically mine the inconsistent security enforcement between service helper classes and the hidden service APIs. We apply ServiceAudit to Android 6 12. Our tool discovers 112 vulnerabilities in Android 6 with higher precision than existing approaches. Moreover, in Android 11 and 12, we identify more than 25 hidden APIs with inconsistent protections; however, only one of the vulnerable APIs can lead to severe security problems in Android 11, and none of them work on Android 12.


NatiDroid: Cross-Language Android Permission Specification

The Android system manages access to sensitive APIs by permission enforc...

Uncovering and Exploiting Hidden APIs in Mobile Super Apps

Mobile applications, particularly those from social media platforms such...

Simple Spyware: Androids Invisible Foreground Services and How to (Ab)use Them

With the releases of Android Oreo and Pie, Android introduced some backg...

On the (In)security of Bluetooth Low Energy One-Way Secure Connections Only Mode

To defeat security threats such as man-in-the-middle (MITM) attacks, Blu...

ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware

Billions of users rely on the security of the Android platform to protec...

Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation

Mobile application security has been one of the major areas of security ...

PolyScope: Multi-Policy Access Control Analysis to Triage Android Systems

Android filesystem access control provides a foundation for Android syst...

Please sign up or login with your details

Forgot password? Click here to reset