Author(s): Michael Grace, Yajin Zhou, Zhi Wang and Xuxian Jiang

Download: Paper (PDF)

Date: 7 Feb 2012

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2012


In this research, we systematically analyze eight flagship Android smartphones from leading manufacturers and discover that the stock phone images do not properly enforce the Android permission model. Sensitive user data and dangerous features on the phones are unsafely exposed to other applications which do not have the proper permission, a security violation we term a capability leak.