Sleeping Android: Exploit Through Dormant Permission Requests

James Sellwood

Research output: ThesisMaster's Thesis

89 Downloads (Pure)


This report begins by providing a very brief history of telecommunications, followed by background into the usage and capabilities of modern smartphone devices. As this report focuses on information security considerations, it highlights some of the security requirements associated with the significant usage of these ubiquitous devices. The aspect of mobile device information security that is considered within this report is the security architectures employed to achieve those security requirements. In particular, the major security relevant architectures within the Android platform are described: Sandboxing, Permissions and App Stores. Following the description of these significant security concepts, a number of detailed investigations into the Android permission architecture are performed and discussed. The investigations are structured around four distinct topics.

The Permission Categorisation Investigation looks at how Android permissions are organised both regarding severity, through the use of protection levels, and regarding logical subject area, through the use of permission groupings. The 130 currently documented Android permissions are investigated through the development and use of a test app, Permission Test, which allows them to be categorised. This investigation provides information not currently documented within the Android documentation and thereby not obvious to developers.

Following the categorisation of the 130 permissions on Android 4.0.4 (Ice Cream Sandwich), a Permission Evolution Investigation is performed tracking the categorisation and labelling of the permissions across six of Android’s platform versions. The versions tested cover the Android API versions 8, 10, 13, 14, 15 and 16 — platforms Froyo through to the recent release, Jelly Bean (Android’s platform versions are named alphabetically after desserts). This investigation highlights the changes that have occurred across platform releases and in particular identifies several potential discrepancies in the Android documentation.

Having built up considerable information and understanding through the first two investigations, the third investigation looks specifically at Third-party Permission Requests. Unlike the 130 permissions already discussed, third-party permission requests are defined by app developers themselves and are used to provide limited authorisation in relation to Inter-Process Communication (IPC). This investigation makes use of two more test apps, Permission Test Creator and Permission Test Requestor, and helps frame a hypothesis which forms the basis for the final investigation.

The most significant investigation of this report identifies the existence of a weakness in the Android permission architecture, exploitable through the use of Dormant Permission Requests. A fourth test app, Permission Test Jelly Bean, is developed and demonstrates exploiting this weakness. The repercussions and potential mitigation of the weakness are then discussed.

The conclusion highlights related work in this field, covering relevant research which has been of significant value. Whilst other work in this field has discussed several mechanisms through which malicious apps can exploit the Android permission architecture, to my knowledge the Dormant Permission Requests weakness I describe in this project has not previously been identified. I believe this contribution to therefore be unique within the existing body of knowledge. Finally, ongoing and future work is introduced with this report as the principle basis.
Original languageEnglish
Awarding Institution
  • Department of Information Security
  • Crampton, Jason, Supervisor
Award date1 Nov 2012
Place of PublicationDepartment of Mathematics Technical Reports
Publication statusPublished - 28 Aug 2012

Cite this