Identifying and Mitigating Trust Violations in the Mobile Ecosystem
- Author(s): Bianchi, Antonio
- Advisor(s): Vigna, Giovanni
- Kruegel, Christopher
- et al.
Mobile systems, such as smartphones and tablets, are now the most common way users handle digital
information and interact with online services.
The interaction with these devices encompasses different actors, trusting each other in different ways. Users interact with apps, trusting them to access valuable and privacy-sensitive information.
At the same time, apps usually communicate with remote backends and mediate user authentication to online services. Finally, all these interactions are mediated, on one side, by the user interface and, on the other, by the operating system.
In this thesis, I will present my studies on how all these different actors trust each other and how this trust can be unfortunately violated by attackers.
This is possible due to limitations on how the operating system, apps, and the user interface are currently designed and implemented.
To assist my work, I developed automatic analysis tools to perform large-scale analyses of Android apps.
In this thesis, I will describe both the tools I have developed and my findings.
Specifically, I will first describe my work on how, in an Android system, it is possible to lure users to interact with malicious apps which ``look like'' legitimate ones. This completely violates the trust relationship, mediated by the user interface, between users and apps.
As a countermeasure, I implemented modifications of the Android user interface and evaluated their effectiveness with a user study.
Then, I will explain how many apps unsafely authenticate their users to remote backends, due to misplaced trust in the operating system.
In particular, I identified different apps that only rely on values provided by the operating system to perform authentication. For this reason, an attacker can trivially spoof these values, and logins in behalf of a legitimate user.
Finally, I will show how many apps misuse hardware-backed authentication devices, such as trusted execution environments and fingerprint readers, making them vulnerable to a variety of authentication bypass attacks