Permission Re-Delegation: Attacks and Defenses
Modern browsers and smartphone operating systems treat applications as mutually untrusting, potentially malicious principals. Applications are isolated except for explicit IPC or inter-application communication channels and unprivileged by default, requiring user permission for additional privileges. Although inter-application communication supports useful collaboration, it also introduces the risk of permission re-delegation. Permission re-delegation occurs when an application with permissions performs a privileged task for an application without permissions. This undermines the requirement that the user approve each application's access to privileged devices and data. The authors discuss permission re-delegation and demonstrate its risk by launching real-world attacks on Android system applications; several of the vulnerabilities have been confirmed as bugs.