Hey, NSA: Stay Away from my Market! Future Proofing App Markets against Powerful Attackers

Sascha Fahl; Sergej Dechand; Henning Perl; Felix Fischer; Jaromir Smrcek; Matthew Smith

doi:10.1145/2660267.2660311

Hey, NSA: Stay Away from my Market! Future Proofing App Markets against Powerful Attackers

Sascha Fahl, Sergej Dechand, Henning Perl, Felix Fischer, Jaromir Smrcek and Matthew Smith.
Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014

PDF Abstract Cite DOI

Abstract

Mobile devices are evolving as the dominant computing platform and consequently application repositories and app markets are becoming the prevalent paradigm for deploying software. Due to their central and trusted position in the software ecosystem, coerced, hacked or malicious app markets pose a serious threat to user security. Currently, there is little that hinders a nation state adversary (NSA) or other powerful attackers from using such central and trusted points of software distribution to deploy customized (malicious) versions of apps to specific users. Due to intransparencies in the current app installation paradigm, this kind of attack is extremely hard to detect.

In this paper, we evaluate the risks and drawbacks of current app deployment in the face of powerful attackers. We assess the app signing practices of 97% of all free Google Play apps and find that the current practices make targeted attacks unnecessarily easy and almost impossible to detect for users and app developers alike. We show that high profile Android apps employ intransparent and unaccountable strategies when they publish apps to (multiple) alternative markets. We then present and evaluate Application Transparency (AT), a new framework that can defend against “targeted-and-stealthy” attacks, mount by malicious markets.

We deployed AT in the wild and conducted an extensive field study in which we analyzed app installations on 253,819 real world Android devices that participate in a popular anti-virus app’s telemetry program. We find that AT can effectively protect users against malicious targeted attack apps and furthermore adds transparency and accountability to the current intransparent signing and packaging strategies employed by many app developers.

Reference

@inproceedings{DBLP:conf/ccs/FahlDPFSS14,
 author = {Sascha Fahl and
Sergej Dechand and
Henning Perl and
Felix Fischer and
Jaromir Smrcek and
Matthew Smith},
 bibsource = {dblp computer science bibliography, https://dblp.org},
 biburl = {https://dblp.org/rec/conf/ccs/FahlDPFSS14.bib},
 booktitle = {Proceedings of the 2014 ACM SIGSAC Conference on Computer and
Communications Security, Scottsdale, AZ, USA, November 3-7, 2014},
 doi = {10.1145/2660267.2660311},
 editor = {Gail-Joon Ahn and
Moti Yung and
Ninghui Li},
 pages = {1143--1155},
 publisher = {ACM},
 title = {Hey, NSA: Stay Away from my Market! Future Proofing App Markets
against Powerful Attackers},
 url = {https://doi.org/10.1145/2660267.2660311},
 year = {2014}
}