The presentation discusses the implementation of privacy dashboards by Android vendors and the need for improved privacy protection mechanisms.
- Android 12 has introduced a privacy dashboard to track app sensitive behaviors, but several vendors have implemented their own dashboards before
- App-ops provide an interface to check sensitive permission access, but it is not accurate or comprehensive for vendors to present on privacy dashboard directly
- Custom privacy protection mechanisms need to be improved and verified fully to protect billions of users' privacy
- Static and dynamic injection methods can be used to assist security testers in analyzing apps
- Private dashboards implemented by vendors can help both security testers and normal users understand the sensitive behavior of applications
The presentation explains that Android 12 has introduced a privacy dashboard to track app sensitive behaviors, but several vendors have already implemented their own dashboards before. These dashboards can help both security testers and normal users understand the sensitive behavior of applications. For example, the Blue Sandbox tool covers most sensitive behaviors, including location, device states, and camera. The tool flags related APIs and marks the sensitive level with different colors. Through the Blue Sandbox, the presenters were able to verify five vendors' previous dashboards. However, the presentation also highlights the need for improved custom privacy protection mechanisms to protect billions of users' privacy.
Most android vendors designed privacy dashboards before Android 12 to allow users to monitor sensitive behaviors of their installed apps, such as clipboard access, location collection, file operation, etc. However, we conducted comprehensive research about them and found that it is not accurate and complete for most privacy dashboards. Many design or development flaws allow malicious apps to bypass their monitor or report a false alarm for a benign App.Our research dive deep into the implementation of the privacy protection mechanism includes five top vendors and explains the difference of design in the aspect of sensitivity level, operation frequency, and behavior status, etc. We will discuss the flaws of these vendor's coarse-grained behavior control and how a malicious app performs sensitive operations without invoking the dashboard. For example, collecting your location leaving no trace, deleting your album silently, etc. Besides, we also found some vendor's over-designed monitoring strategies will generate a false positive report or alarm under some extreme conditions.Finally, we will present our method of how to extract sensitive APIs from custom android ROMs and our test process to verify the privacy dashboard report. By our presentation, we want to improve the privacy protection mechanism of vendors and better protect billions of users' privacy.