Android security data-dependent security policies

Android is the most widely used mobile operating system today with over 80% of market share. As the world grows more data-driven, people are storing more and more sensitive information on their smartphones, security is more important than ever. This project aims to study and to enhance Android security by allowing user to control sensitive data that are accessed by applications in their Android phones. The author has worked on a customized Android operating system, called LogicDroid, that was built in a research group to enhance Android security [1]. Several Inter-process communication(IPC) mechanisms that describe activity of sharing data across different types of android components are present in Android system. In LogicDroid, a security reference monitor was developed and put inside the Linux kernel to handle the IPC calls between Android application software, and manage accesses to certain resources by applications. The main purpose of the monitor is to prevent malwares from accessing functionalities that are not explicitly granted by the device owner. The security monitor can be flexibly modified to enforce different security policies depending on needs. The policy language format is based on a formal logic, called metric linear temporal logic. Before staring this project, the security monitor in LogicDroid can detect and intercept accesses to GPS location, internet connection, contact number, phone call and SMS. Since IMEI number is considered as another important resource, the LogicDroid framework is modified to intercept access to this resource. In is in fact that every mobile phone has a unique 15 digits IMEI number and based on this number, the mobile operator and other parties who have the access to this data can track usage of the mobile phone. Hence, this sensitive data should be manageable among applications that have permission to access. Additionally, LogicDroid Master application is developed in this project to provide a simple user interface to the Android device owner for handling sensitive system functionalities accessed by applications regardless to the complicated underlying monitoring framework. With the help from this application, the user is able to control accesses to certain resources, which is not supported by the Android official version. The LogicDroid framework has been implemented and tested successfully on the simulator with the added IMEI Interception feature and the LogicDroid Master application. It provides Android device owners the capability of handling accessed resources among application software. based on user practical experiences in real Android devices, more important data and resources will be considered and implemented in the future development of LogicDroid monitoring framework.