Avoiding the Pandora Pitfall Tyler Shields Secure Coding Practices for Veracode Research Android Application Privacy November 3, 2011
Mobile Security Privacy Landscape Implications START END 1 2 3 4 Case Studies Q&A
Risk - noun `riskThe possibility of loss or injury
PC Sensitive Data Financial data Corporate data Computing power Email Call L Contact List ogs! Photos … ages! MMS! Vi deo ImSMS!
Mobile Mitigations Patch methodology Process isolation Reasonable permission model Some disk encryption Code signatures … DEP! irus!Anti-V
10.9 billion mobile apps downloaded in2010, according to IDC Expected to rise to 76.9 billion apps by 2014
Part 1: Malicious Code Activity monitoring and data retrieval Unauthorized dialing, SMS, and payments Unauthorized network connectivity (exﬁltration or command & control) UI impersonation System modiﬁcation (rootkit, APN proxy conﬁg) Logic or time bomb
Part 2: Code VulnerabilitiesSensitive data leakage (inadvertent or side channel)Unsafe sensitive data storageUnsafe sensitive data transmissionHardcoded password/keys
Goo gle Tran Cale smi ndar tted ! ! in c appoint on! lear m ebook applicati text ent datOff icial Fac rything e xcept ! a ed eveT ransmitt in clear text! d passwor ! es, privat e messag Photos, , etc! wall posts ! bled! Web- SSL Ena E ven with
!Or better yet… er!!! ert che cking all togeth Just disable c WILD! As Seen In The
WSJ Breaks Story on Pandora Investigation “Federal prosecutors in New Jersey are investigating whether numerous smartphone applications illegally obtained or transmitted information about their users without proper disclosures”
! m execution No progra ! urce! bin ary or so Full c overage of ! y! of bu g discover Wi der range ! a ! by ru ntime dat N ot limitedSta tic -- JD-GUI! Ana -- Veracode Engine! lysi s !
Phone Calls Read Phone State and Identity System Tools Modify Global System Settings Prevent Device From Sleeping Permissions ! Bluetooth Administration Change Wi-Fi State Change Network Connectivity Automatically Start at Boot Network Communication Full Internet Access Create Bluetooth Connections View Network State View Wi-Fi State Your Personal Information Read Contact Data Add or Modify Calendar Events and Send Email To Guestshttps://market.android.com/details?id=com.pandora.android&feature=search_result – 4/25/2011
Just a bit deeper…Google purchases AdMob for$750 million dollars. Closed May, 2010
ESPN, CBS Interactive, Geico, Starbucks… 100,000 – 500,000 installations Permissions: • FINE (GPS) LOCATION • COARSE (NETWORK-BASED) LOCATION • FULL INTERNET ACCESS 5,000,000 – 10,000,000 installation Permissions: • RECORD AUDIO • CHANGE YOUR AUDIO SETTINGS • FINE (GPS) LOCATION • COARSE (NETWORK-BASED) LOCATION • FULL INTERNET ACCESS • MODIFY/DELETE USB STORAGE CONTENTS MODIFY/DELETE SD CARD CONTENTS • PREVENT DEVICE FROM SLEEPINGPermissions retrieved from official Android Marketplace on 4/25/2011
Here are Some Numbers… Permissions Requeste d! 24% GPS information (11,929)! 8% Read Contacts (3,6 26)! 53,000 - # Of 4% Send SMS (1,693)! Applications 3% Receive SMS (1262 )! 2%Record Audio (1100 Analyzed! )! 2% Read SMS (832)! ! 1% Process Outgoing! ~48,000 Android 3 Average Numb er of Calls (323)! Market! Permissions .5% Use Credentials (2 48)! ~5,000 3rd Party Requested! Markets! ! 117 Most Reque sted for Single Application!
Code Reuse Most Code Is! !Outsourcing Reused! Outsourced! 3rd Party Libraries (with source)! 3rd Party Libraries (binary format)!Third Party Libraries ! Nobody really knows what their code does!!
Risk Transference! ! Your code! Your libraries! Outsourced code! 3rd party libraries! Purchased code! COTS code! ! ! Contract your vendors to do the same!I’ll Accept that Risk!Pass it on over..
Tyler Shields @email@example.com@donkeyonawaﬄe.org Summary Case Studies! ape! ! L andsc rity No Hardcoded Passwords! On ile Secu ly T P Mob ! atio ns ! ! ake rivacy! pplic k! Wh l e A Encrypt Data In Transit! at Y Mobi High Ris Be H one ! ou Nee Ar e ! st W d! ! ! bile Code Secure Data At Rest! Use ith You iou s Mo Flaws! rs! r! M alic Co ding ! Be W ! M obile a Analyze Security of ALL Code! Tran ry of R sfe (Includes Code Reuse)! renc isk e !