The use of Certificates and Signatures can also augment/modify the effectiveness of the permissions framework.
If two apps have a certificates that share a public key---indicating that they are from the same developer(s)---they may be granted access to non-exported components and/or files that belong to either app and be granted a special permissions under the "signed" and "signedOrSystem" permission group. Two applications may also share the same user ID if they share the same public key. For instance if you've ever installed facebook home you'd notice that it requests NO permissions but only requires that you have the facebook app installed! This is because it gets all the permissions it needs from the facebook app by means of "signature" permissions. A good mindset to have---from the perspective of application security---is to assume that whenever developers publish apps under that same public key, they can effectively increase the attack surface of all other apps signed with the same key, because if any of the apps in the signing group has vulnerabilities that allow privilege escalation or access to non-exported components attackers can abuse the "signature" permissions to leverage access to them. A simple example of this would be if if facebook home advertised an exported component maybe a content provider that say allowed other apps to query your facebook friends list---which belongs to the facebook app---and that required no permissions a malicious app would be able to leak your friends list by abusing the permissions granted to facebook home because of the signature it shares with the facebook app. Refs: http://developer.android.com/tools/publishing/app-signing.html http://developer.android.com/reference/android/R.attr.html#sharedUserId https://play.google.com/store/apps/details?id=com.facebook.home&hl=en http://developer.android.com/guide/topics/security/permissions.html On Thursday, May 9, 2013 9:37:03 PM UTC+2, Keith Makan wrote: > > At the moment I'm writing a bunch of white papers on android security. > As a result I've been trying to hunt down some academic style papers on > Android's Application Signing mechanism, > I have some high level understanding of how things work---you know the > whole .jar signing, public key, cryptographic hash story---but I > need a good set of academic papers on the subject to reference. > > Please Help? > > Thanks ;) > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
