IMCAFS

Home

those permissions in android

Posted by tetley at 2020-03-22
all

With the popularity of smart phones, more and more applications and services appear on the mobile platform. These apps and services access the

Resources are related to the issue of permissions. Mobile phone is also a very sensitive platform, involving a lot of personal information, privacy and so on. In this context

It is very necessary to control the authority.

1. Android has defined the concept of permission to manage the permissions in the system, but a malicious program may apply for unnecessary permissions beyond its requirements, obtain user information, destroy the mobile phone, and so on. How can we control the behavior in the system more strictly? There are three options:

a) Isn't Android defining permission? We can achieve the purpose of control by removing the permission of malicious app. But this will cause a problem. When the app needs to access resources, AMS will check permission. If its permission is removed, the system will throw exception and the app may crash. The user experience brought by this is not good. The user will say that the app is running. Why did the app stop running?

b) If the app is not allowed to access a specific resource in the system, an invalid value will be returned to make it unable to get useful information or write information. Hook is implemented by root and process injection. The disadvantage of this scheme is that the system needs root, which will bring a lot of risks to the mobile phone. All apps can obtain the highest root permission. The security software of mobile phones on the market is all in this way. Without root, you can't control permissions.

c) If the system itself already has such a hook point, it does not need root to implement permission control. The specific method is to run a security process separately. If there is a behavior of accessing resources, IPC call is initiated from the hook point to the security process. The security process decides whether to allow access according to the information of the visitor, such as package name, uid, PID, etc. This is our solution. The security mechanism has been integrated in the system, and the Android system without root is really safe.

2. Let's see which permissions are concerned by users and how to deal with them to meet the needs of permission control and get the best experience. The first is sensitive data.

a) Database information, such as contact information, call records, SMS, etc. This information is very important, and many apps apply for access to these resources in addition to their own functions. We know that the information is stored in the form of provider in Android, and can have query, insert, delete and update operations when accessed through contentresolver. Different information is distinguished by URL in the database. Each record is a row. By detecting and judging the URL and app information, it is decided whether to allow reading or writing.

I. query operation

Through a specific URL query, the corresponding cursor is returned. If you disable this query, you can return a wrapcursor, which encapsulates the original information. After the app gets it, it can't get any information in it. If there is no row or column, any operation will return an invalid value.

II. Insert operation

Insert a row into the corresponding URL and return the inserted row. If this write operation is prohibited, null is returned and no insert operation is performed.

III. delete operation

Delete several lines in the corresponding URL, and return the number of deleted lines. If deletion is prohibited, return to - 1 without deleting anything.

IV. update operation

Update several lines in the URL, and return the number of update lines. If the update is disabled, return - 1 without any update.

b) There are many hardware related information in the mobile phone, such as IMSI, IMEI, mobile number, etc. This information indicates the identity of the mobile phone in the network. Get the mobile phone information phonesubinfo through the phonemanger, and then use the phonesubinfo method to get the corresponding information. Don't want app to get these useful information, just return null in these methods of phonesubinfo.

I. IMEI: international mobile device identification code, which corresponds to each mobile phone one by one, and it is the only one in the world. Get the getdeviceid method of phonesubinfo.

II. IMSI: international mobile user identification code, the mark to distinguish mobile users, stored in SIM card, which can be used to distinguish the effective information of mobile users. Get the getsubscriberid method of phonesubinfo.

III. mobile number: obtained by getline1number method of phonesubinfo.

c) There are two kinds of mobile phone location related information in Android, one is the precise location obtained by GPS, and the other is the coarse location obtained by base station. The specific implementation is that app registers a listener through the requestlocationupdate method of locationmanager, and notifies app when the location information changes. Users may not want to expose their location, so they can return before registering the listener in this method, so that the app cannot get the location information of the mobile phone.

3. Sensitive behaviors in Android Phones:

a) Call. Even the backstage service can apply for this permission and make a phone call secretly, while the user only wants the specific software to have this function, such as the system's own phone. How to control the call authority? In fact, the call interface of phone app is started through startactivity (intention (action? Call)) to dial. If we prohibit making calls, just return before the action of startactivity in AMS is actually executed.

b) Telephone recording. This permission is even more dangerous than making a call, because the system call interface will pop up when making a call, and the recording can be performed silently. If there is a malicious program recording in the background, it will cause users' privacy or even trade secrets to be disclosed. To record a call, you need to use the mediarecorder object. Set the recording source to setaudiosource (voice call). If you want to disable it, return it before it starts recording (mediarecorder. Start), or make it unable to start normally.

c) Text. Many apps apply for this permission, mostly for the convenience of users to use their services, but there is no lack of SMS fee deduction services. If users accidentally click a window when playing games, they may customize a certain service and spend a few yuan. What's more, app can quietly send SMS in the background, leading to user information disclosure. Sending SMS requires the send method provided by smsmanager to check whether the sender is legal before sending it. If it is forbidden, return it, so that the sending action is not actually executed.

d) Pop the notice in the notice column. The screen of the mobile phone is small, and many software will play many advertisements in the notice bar, which makes many users very distressed. Bullet notification is to add notification queue in enqueuenotificationinternal method of notificationmanagerservice through notification method of notificationmanager. Before that, we should check that the undesired bulletins are not allowed to join the queue, so that we can control the bulletins.

4. To sum up, our solution is that the system itself provides a permission checking mechanism, without the need to root the mobile phone. When the app accesses sensitive resources or behaviors, it will prompt the user to prevent the user's unwanted access, make the user truly the owner of the mobile phone, and minimize the potential danger.