Lanlan Pan, Ruonan Qiu, Zhenming Chen, Gen Li, Dian Wen, and Minghui Yang, Guangdong OPPO Mobile Telecommunications Corp. Ltd., China

Custom permission is an important security feature of Android system. Permission resource app defines the custom permission. Resource provider app can share the app resources with the resource consumer apps which have gained the custom permission. However, evil app may potentially make permission squatting attacks, get ahead of legitimate permission source app to define the custom permission. If permission squatting attack is successful, then evil app can gain the access to the resource shared by resource provider app, and finally lead to security vulnerabilities and user data leakage. In this paper, we propose a scheme to provide permission source validation for the resource provider apps, which can enhance the calling context security for android custom permission, resistant to permission squatting attack, and suitable for app's self-protection.

Android, App, Custom, Permission, Squatting, Security