U.S. and German security researchers have proposed a new security framework for Android that would make it easier to install new security extensions – both enterprise and consumer — for specific purposes. A major aim is to make Android friendlier to corporate bring-your-own-device schemes.
The researchers, from North Carolina State University and Technische Universität Darmstadt, described the Android Security Modules (ASM) framework in a paper (PDF) that will be presented at the USENIX Security Symposium in San Diego on Friday. The framework (source code info here) can already be installed on a rooted Android phone, but the hope is for [company]Google[/company] or a big phone manufacturer to bake it into the operating system.
Senior author William Enck said in a statement that plenty of researchers are coming up with new security extensions to protect Android users, but “these new tools aren’t getting into the hands of users because every new extension requires users to change their device’s firmware, or operating system. The ASM framework allows users to implement these new extensions without overhauling their firmware.”
Here’s how the framework works: Any time an app wants to execute a sensitive operation that might affect security, it would need to get permission from an ASM module that may have been installed by the user or perhaps by an employer. For example, a company might install a “dual persona” module on its employees’ phones, to keep business and personal data separate (think [company]Samsung[/company]’s Knox system).
In this scenario, when WhatsApp asks for contacts, the module might filter out all contacts marked “business”. Or, a user-installed module might always make sure that WhatsApp only gets an empty contacts list – one way of dealing with the big security problems posed by apps demanding to get permanent access to everything if you want them to work at all.
“The idea of filtering contacts or changing permissions per application is not new. There have been proposals for this sort of functionality before,” Enck told me by email. “What is new in ASM is the ability to develop and install extensible security modules in a generic way. We are not just talking about contacts. ASM can enhance security protection of every security relevant operation in the Android OS.”
Indeed, the paper references many existing Android security enhancements that researchers have proposed. Enck himself co-authored two: Kirin, which constrains app permissions, and Aquifer, which provides a policy framework for information workflow between applications.
Enck said he and his fellow researchers have already shown the ASM framework to Google “as well as several phone manufacturers.” The biggest adoption boost would of course be the inclusion of the framework in the Android Open Source Project (AOSP) itself, which would allow ASM modules to be deployed on Google-Android as well as forked-Android devices.