Target Fragmentation in Android Apps

Target Fragmentation in Android Apps
Slide Note
Embed
Share

Android apps often rely on outdated OS behaviors, posing security risks due to pervasive outdated security code. This article delves into the consequences of target fragmentation and highlights the prevalence of risky app behaviors.

  • Android
  • Target Fragmentation
  • Security Risks
  • Outdated OS
  • App Ecosystem
car_mom
car_mom Follow

Uploaded on Mar 09, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Target Fragmentation in Android Apps Patrick Mutchler John Mitchell Yeganeh Safaei Adam Doupe

  2. Takeaways Android apps can run using outdated OS behavior - The large majority of Android apps do this - Including popular and well maintained apps Outdated security code invisibly permeates the app ecosystem - Patched security vulnerabilities still exist in the wild - Risky by default behavior is widespread

  3. Roadmap What is target fragmentation? Target fragmentation statistics Security consequences

  4. Roadmap What is target fragmentation? Target fragmentation statistics Security consequences

  5. If the device is running Android 6.0 or higher [the app] must request each dangerous permission that it needs while the app is running. - Android Developer Reference

  6. If the device is running Android 6.0 or higher and your app's target SDK is 6.0 or higher [the app] must request each dangerous permission that it needs while the app is running. - Android Developer Reference

  7. If the [operating system version of the device] is higher than the version declared by your app s targetSdkVersion, the system may enable compatibility behaviors to ensure that your app continues to work the way you expect. - Android Developer Reference

  8. Roadmap What is target fragmentation? Target fragmentation statistics Security consequences

  9. Dataset 1,232,696 Android Apps Popularity, Category, Update, and Developer metadata Collected between May 2012 and Dec 2015 Broken into five datasets by collection date

  10. How do we measure outdatedness?

  11. Outdatedness Android 5.0 Released Android 5.1 Released Android 6.0 Released App Collected

  12. What causes outdatedness?

  13. Negligent Outdatedness Outdatedness Android 5.0 Released Android 5.1 Released App Updated Android 6.0 Released App Collected

  14. Silver Lining

  15. A small silver lining

  16. Roadmap What is target fragmentation? Target fragmentation statistics Security consequences

  17. Fragment Injection Vulnerable App Malicious Intent PreferenceActivity Extra.SHOW_FRAGMENT Attacked Fragment Extra.SHOW_FRAG_ARG Attacked Fragment Other Extras Data securityintelligence.com/new-vulnerability-android-framework-fragment-injection/

  18. Fragment Injection Fixed in Android 4.4 Developers implement isValidFragment to authorize fragments // Put this in your app protected boolean isValidFragment(String fName){ return MyFrag.class.getName().equals(fName); }

  19. Fragment Injection Vulnerable if: - Targets 4.3 or lower (31%) - Some class inherits from PreferenceActivity (4.8%) - That class is exported (1.1%) - That class does not override isValidFragment (0.55%) 4.2% of apps vulnerable if no fix was ever implemented

  20. Mixed Content in WebView

  21. Mixed Content in WebView Major web browsers block Mixed Content In Android 5.0, WebViews block Mixed Content by default Can override default with setMixedContentMode()

  22. Recap Android apps can run using outdated OS behavior - The large majority of Android apps do this - Including popular and well maintained apps Outdated security code invisibly permeates the app ecosystem - Patched security vulnerabilities still exist in the wild - Risky by default behavior is widespread

  23. SOP for file: URLs in WebView In Android 4.1 separate file: URLs are treated as unique origins Can override with setAllowFileAccessFromFileURLs()

Related


Guide To Choosing The Right Android App Development Company

Guide To Choosing The Right Android App Development Company

Consagous
Android Studio Files

Android Studio Files

markus
Android Debug Bridge (ADB) Commands

Android Debug Bridge (ADB) Commands

ares
Year 9 App Programming with AppShed Lessons

Year 9 App Programming with AppShed Lessons

ivar
Distribution Design Issues in Databases

Distribution Design Issues in Databases

demi33
Real-time Monitoring and Detection of Android Privacy Leakage

Real-time Monitoring and Detection of Android Privacy Leakage

sam_pla
Introduction to Android App Development

Introduction to Android App Development

raal100
Mobile Device Management with Microsoft Intune and Android Enterprise

Mobile Device Management with Microsoft Intune and Android Enterprise

quno547
Ultimate Guide to Setting Up Android Studio and SDK

Ultimate Guide to Setting Up Android Studio and SDK

clayborne_a
Enhancing Android Development Lifecycle with VALERA Record-and-Replay Approach

Enhancing Android Development Lifecycle with VALERA Record-and-Replay Approach

alejand
Android Programming Overview and Setup

Android Programming Overview and Setup

hauf_a
Comprehensive Guide to Emergent Math Apps for iPad

Comprehensive Guide to Emergent Math Apps for iPad

maiz_73
Fragmentation in Air Traffic: Case Studies and Impact on ATM Performance

Fragmentation in Air Traffic: Case Studies and Impact on ATM Performance

rdeo
Vertical Fragmentation in Distributed Information Systems

Vertical Fragmentation in Distributed Information Systems

eld_bra
Event-Based Race Detection in Android Apps Using SIERRA

Event-Based Race Detection in Android Apps Using SIERRA

chibuik
Analyzing Android Applications for Malware Detection

Analyzing Android Applications for Malware Detection

mare117
OpenGL ES for Android Development

OpenGL ES for Android Development

ammy_13
Slot Games for Android Phones Experience Casino Fun on Mobile

Slot Games for Android Phones Experience Casino Fun on Mobile

ridh
Slot Machine Android Source Code_ Create Your Casino App Today

Slot Machine Android Source Code_ Create Your Casino App Today

ridh
Android Source Code for Slot Machines_ Build a Casino Game App in No Time

Android Source Code for Slot Machines_ Build a Casino Game App in No Time

ridh
Getting Started with MIT App Inventor: Build Apps for Android

Getting Started with MIT App Inventor: Build Apps for Android

cabelaoc
Unlock the Power of Slot Machine Android Source Code to Build Stunning Android Games

Unlock the Power of Slot Machine Android Source Code to Build Stunning Android Games

ridh

More Related Content