Regulating and Securing the Interfaces Across Mobile Apps, OS and Users

During the past decade, we are moving swiftly towards a mobile-centered world. This thriving

mobile ecosystem builds upon the interplay of three important parties: the mobile user, OS, and

app. These parties interact via designated interfaces many of which are newly invented for or

introduced to the mobile platform. Nevertheless, as these new ways of interactions arise in the

mobile ecosystem, what is enabled by these communication interfaces often violates the

expectations of the communicating parties. This shakes the foundation of the mobile ecosystem

and results in significant security and privacy hazards. In this proposal, we aim to fill this gap by:

1.) securing the conversations between trusted parties, 2.) regulating the interactions between

partially trusted parties, and 3.) defending the communications between untrusted parties.

First, we deal with the case of two opposing parties, mobile OS and app, and analyze the

Inter-Process Communication protocol (Binder) between them. We found that the OS is

frequently making unrealistic assumptions on the validity (sanity) of transactions from apps, thus

creating significant security hazards. We analyzed the root cause of this emerging attack

surface and secured this interface by developing effective precautionary testing framework and

runtime diagnostic tool. Then, we study the deficiency of how existing mobile user interact with

app, a party he can only partially trust. We found that in the current mobile ecosystem,

information about the same user in different apps can be easily shared and aggregated, which

clearly violates the conditional trust mobile user has on each app. We address this issue by

providing two complementary options: an OS-level extension that allows the user to track and

control, during runtime, the potential flow of his information across apps; and a user-level

solution that allows the users to maintain multiple isolated profiles for each app. Last, we

elaborate on how to secure the voice interaction channel between two trusted parties, mobile

user and OS. The open nature of the voice channel makes applications that depend on voice

interactions, such as voice assistants, difficult to secure and exposed to various attacks. We

solve this problem by proposing the first system that provides continuous and usable

authentication for voice commands. It takes advantage of the neck-surface acceleration to filter

only those commands that originate from the voice of the owner.