System call analysis on Android

Android system call (syscall) analysis is a well researched domain. However, finding information on how to do syscall analysis is a bit difficult. I would like to share some of my experiences on the matter here. For doing android syscall analysis you need Android SDK, installed on your computer. Make sure you install the emulator version you want to use. The recommended version is the one that has the Google Play Services in the image and is for the x86_64 or x86 architecture. If you use the arm build you will find the emulator is quite slow. Once the emulator download completes create an Android Virtual Device (AVD) using Android Studio. It’s pretty easy to use and allows you to customize a lot of things including the graphics emulation options. On windows make sure you have installed the intel provided hardware execution manager software (sdk\extras\intel\Hardware_Accelerated_Execution_Manager\silent_install.bat). Then choose hardware acceleration in the graphics emulation option. On linux and mac systems I didn’t have to install the hardware acceleration software but I had to make sure the right NVIDIA driver for my NVIDIA GPU was installed. The AVD would get stuck otherwise. Once the setup finishes you will have to write some code to launch the emulator like shown below:

#!/bin/bash
adb start-server
emulator -avd nexus6 &
#Use the line below instead the one above if you want the AVD to be clean i.e. factory reset every time you launch the emulator.
#emulator -avd nexus6 -wipe-data &

Now that you have launched the AVD you need to install the app you want to analyze using the Android Debug Bridge (adb) utility. Just do the following for that:

adb install path_to_apk_file

After installing the app you need to start the app and attach strace to the app’s process to do the syscall capture. I found the technique to do this from stackoverflow here. I made one small change in the code to serve the process of capturing syscalls as can be seen below:

am start -n com.packagename.here\.ActivityName && set `ps | grep com.packagename.here` && strace -p $2 -o output_file_path

That’s it! I will write more blogs or update this as I learn more.

Safepod App @ Baltimore Hackathon 2015

A small team of like-minded people combined their individual talents to create an app. The app’s purpose? Keeping people safe. How does it do that? Well, imagine you want to go out tonight. You expect to be back home at 11PM. Just before you leave you tell our app you will be back home at 11. If you don’t return by that time, we alert your friends to check up on you. It’s that simple. You can read more about our app here.

I will be detailing the technical challenges I handled, during the app’s development process and the things I learned in a future post.

Initial impressions: Android M permissions

Google I/O 2015 was a very important day for privacy researchers. For the first time Google acknowledged a need for better privacy control. Researchers and Developers working with Android for sometime probably know that their was a feature called AppOps. This feature was introduced in Android 4.3 and later removed in 4.4.2. The reasons stated for its inclusion and removal have been discussed extensively. However, the only conclusion we could clearly draw from all the discussion was that there was a demand for such a feature. Our friends from over at Apple have repeatedly mentioned how Apple has always cared for User Privacy more than Google. As a result of this, it was only a matter of time and a pleasant development for Android enthusiasts to see this new feature in Android.

We installed the new Android M OS on a Nexus 5. The first thing we wanted to see was the permissions feature. Listed below are our impressions of what we thought of this new feature from a Privacy researcher’s perspective.

The feature is not easy to find
We had to weed through the settings of our phone and we were not able to find it straightaway. There was no menu item for Privacy. How do you access it then? You will have to click on the phone’s setting and then click on “Apps” and then select a particular app whose permission access you wish to control. Following this you will have to click on “Permissions” for that app. At this point you get the menu which allows you to toggle the permissions.

The Permission control is essentially useless till your Apps upgrade
Now, Google stated yesterday that the behavior of apps which do not upgrade to the new API version will remain the same as before. Therefore, even with this feature present you cannot actually stop an app from accessing the restricted data. What you do see is a warning dialog stating the obvious.

Warning message for apps using pre Android M SDK

Warning message for apps using pre Android M SDK

Not all permissions shows up in the list
The granularity of permissions that will be available in this new feature is still uncertain. If you check the Facebook permission list in the Google Play Store, you will see that it requests a lot of permissions.

Permissions description

Permissions description

Permissions description

Permissions description

Permissions description

Permissions description

Permissions description

Permissions description

But when you check out the permission control menu, you will see just a few of these permissions here.

App permissions list

App permissions list

We can assume that Google is grouping the permissions into logical groups. However, that means that the primary issue that a lot of researchers have raised about granular access control is still not being addressed by Google. We have been doing research with fine-grained permission control for sometime now. In our work, we have created a system that is capable of controlling the access to data on a mobile device based on the context of the user. Such an intelligent system would not only know what data to give access to but also when to do so. That goal still remains to be completely realized.

Obviously, we must not forget that Something is always better than nothing! Google is taking steps to improve the means by which it protects a user’s privacy and provides security. It is an iterative process and it’s still far from the goal. It is getting closer to that goal though.

Android References

In this blog I have added few quick references that I found useful for Android app development. The information collected here comes from various sources. I have added the references as accurately as possible. I have created the list here for my personal note, but you may use it in any way you find it useful.

Android permissions list: I copied the Android permission list from the Android Documentation on February 17th, 2014. The list will obviously change over time and I will try to keep it updated. You can find the list here. You can see the XML format permission list below.

HTML Color codes: I found it useful to create a list of color codes for quick note during app development. The list is based on HTML color codes and may be used as an alternative to the “@android:color/black” technique for text colors in activities. You can find the list here. You can see the colors xml resource file posted below.
Continue reading →