DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices
Download: Paper (PDF)
Date: 7 Feb 2015
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2015
It is becoming a global trend for company employees to bring their own mobile devices into workplace and access company’s assets. Besides enterprise apps, lots of personal apps from various untrusted app stores have been installed on those devices. To secure the business environment, policy enforcement on whether a certain app is allowed to access system resources or how to access are required by enterprise IT. However, Android, as the largest mobile platform with a market share of 81.9%, provides very restricted interfaces for external policy enforcement. In this paper, we present DeepDroid, a dynamic enterprise security policy enforcement scheme on Android device. Different from most existing approaches, DeepDroid is implemented by dynamic memory instrumentation of several central system processes without any firmware modification. Thus, DeepDroid could be easily deployed on various Android platforms and is free from any following impacts after an absolute remove. Moreover, by introducing Android Binder intercepting, more fine-grained context-aware supervision policy may be enforced. The security and reliability of DeepDroid are also fully considered. We develop a prototype of DeepDroid and evaluate it on different devices with a variety of Android OS versions. Evaluation results show that we can effectively enforce policies on resource-related operations with negligible performance overhead.