《“Jekyll and Hyde” is Risky: Shared-Everything Threat Mitigation in Dual-Instance Apps》
Publication:Mobisys 2019
Notes:“Jekyll and Hyde” is a metaphorical term to describe someone with two-sided personalities - one good and one evil. Here we use this term to indicate that the popular dual-instance apps have posed significant security risks.
Abstract:
Recent developed application-level virtualization brings a groundbreaking innovation to Android ecosystem: a host app is able to load and launch arbitrary guest APK files without the hassle of installation. Powered by this technology, the so-called “dual-instance apps” are becoming increasingly popular as they can run dual copies of the same app on a single device (e.g., login Facebook simultaneously with two different accounts). Given the large demand from smartphone users, it is imperative to understand how secure dualinstance apps are. However, little work investigates their potential security risks. Even worse, new Android malware variants have been accused of skimming the cream off application-level virtualization. They abuse legitimate virtualization engines to launch phishing attacks or even thwart static detection.
We first demonstrate that, current dual-instance apps design introduces serious “shared-everything” threats to users, and severe attacks such as permission escalation and privacy leak have become tremendously easier. Unfortunately, we find that most critical apps cannot discriminate between host app and Android system. In addition, traditional fingerprinting features targeting Android sandboxes are futile as well. To inform users that an app is running in an untrusted environment, we study the inherent features of dual-instance app environment and propose six robust fingerprinting features to detect whether an app is being launched by the host app. We test our approach, called DiPrint, with a set of dual-instance apps collected from popular app stores, Android systems, and virtualization-based malware. Our evaluation shows that DiPrint is able to accurately identify dual-instance apps with negligible overhead.
If you are interested in my paper, you can find it here
And welcome to contact me if you have any questions. skylinelulu[at]163[dot]com
Attach some photos of Mobisys2019 Conference and Seoul.
