Systematic Detection of Capability Leaks in Stock Android Smartphones
Recent years have witnessed a meteoric increase in the adoption of Smartphones. To manage information and features on such phones, Android provides a permission-based security model that requires each application to explicitly request permissions before it can be installed to run. In this paper, the authors analyze eight popular Android Smartphones and discover that the stock phone images do not properly enforce the permission model. Several privileged permissions are unsafely exposed to other applications which do not need to request them for the actual use. To identify these leaked permissions or capabilities, they have developed a tool called Woodpecker. Their results with eight phone images show that among 13 privileged permissions examined so far, 11 were leaked, with individual phones leaking up to eight permissions.