RetroSkeleton - PowerPoint Presentation

Slide1

RetroSkeleton: Retrofitting Android AppsBenjamin Davis, Hao ChenUniversity of California, Davis

MobiSys

2013Slide2

The AndroidTM Platform2

More than 600,000 third-party

apps & games on Google

Play

TM

alone

Android and Google Play are trademarks of Google Inc. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License.

“What are these apps doing?”

“How can I control what these apps do?”

?Slide3

Limitations of Android’s Permission System3

All or Nothing

Coarse-grained

No

revocationSlide4

Examples: TISSA (TRUST ‘11), Apex (ASIACCS ‘10)Deployment ChallengesProprietary binaries for device hardwareRequires rooting phone, voiding warranty, etc.InflexibleDifficult to enforce app-specific policiesNew behavior requires system changesEach Android version requires new implementation

4

Current Proposals: Platform ModificationsSlide5

GoalsObserve and control the behavior of third-party appsDevicesRequire no platform modificationsApproachPowerfulCompletePolicyApp-independentApplied automaticallyNon-goal: prevent detection by app

5Slide6

Rewriting Android AppsObservations:Apps interact with device via platform API method calls95% of apps are implemented entirely in DalvikDalvik bytecode is structured & unambiguousOur approach: in-app method-call interception via automatic bytecode rewriting

6Slide7

RetroSkeletonAutomatic App Analysis & RewritingTransformation Policy

Target Methods

Method Handlers

Original App

INPUT

REWRITING

OUTPUT

7

Rewritten AppSlide8

Intercepting Method InvocationsInterception strategy depends on:Method type (static, instance, …)Method attributes (protected, final, …)

Invocation kind (

direct

,

virtual

,

…)Higher-level strategies for:InheritanceVirtual method invocation8Slide9

DeveloperSocket

bind()

Inheritance-Based

Interception

9

WedgeSocket

@Override

bind()

DatagramSocketbind()

Android

Platform Code

App CodeSlide10

Challenge: Interception CompletenessReflection API (behavior specified at runtime)Statically identify invocation of the reflection APIAdd handlers to inspect and dispatch at runtimeNative and dynamically-loaded codeDetect and intercept invocation

10Slide11

RetroSkeletonAutomatic App Analysis & RewritingTransformation Policy

Target Methods

Method Handlers

Original App

INPUT

REWRITING

OUTPUT

11

Rewritten AppSlide12

Transformation Policy Specification12Target MethodHandler Behavior

public static void

retroSkeletonConnect

(

DatagramSocket

p0,

SocketAddress p1) throws SocketException{ Log.i("RSKEL", "connect called!"); p0.connect(p1); // invoke target method}

java.net.DatagramSocket

public void connect(SocketAddress peer) throws SocketExceptionSlide13

Use: Fine-Grained Network Access Control13

evil.com

example.comSlide14

Use: HTTPS-Everywhere for Apps14

http://

example.com

HTTPS Everywhere Project: https://

www.eff.org

/https-everywhere

https://example.com

HTTP

HTTPSSlide15

Use: Automatic Localization15

App Code

translation

service

Guten

Tag!

setText("Guten

Tag!")

"Guten Tag!"

"Good Day!"

Good Day!

setText("Good

Day!")Slide16

EvaluationRun-time overhead: (0.2 µs) + handlerRewrite speed: fast (~5 seconds)Impact on app size: (0.5% for our policies)Policy functionality:Applied to over 1,000 apps from Google PlayTested rewritten apps in emulator & observed handler behavior

16

Transformation Policy

Success

Network Access Control

99.5%

HTTPS-Everywhere93.2%Automatic Localization99.6%Slide17

Conclusion17In-app method interceptionApp-agnostic policy specification and applicationAutomatic rewriting, no manual guidanceRewritten apps deployable to any Android deviceComing Soon:retroskeleton.com