Life after App Uninstallation: Are the Data Still Alive? Data Residue Attacks on Android

Xiao Zhang, Kailiang Ying, Yousra Aafer, Zhenshen Qiu, Wenliang Du

Research output: Chapter in Book/Entry/PoemConference contribution

18 Scopus citations

Abstract

Uninstalling apps from mobile devices is among the most common user practices on smartphones. It may sound trivial, but the entire process involves multiple system components coordinating to remove the data belonging to the uninstalled app. Despite its frequency and complexity, little has been done to understand the security risks in the app’s uninstallation process. In this project, we have conducted the first systematic analysis of Android’s data cleanup mechanism during the app’s uninstallation process. Our analysis reveals that data residues are pervasive in the system after apps are uninstalled. For each identified data residue instance, we have formulated hypotheses and designed experiments to see whether it can be exploited to compromise the system security. The results are surprising: we have found 12 instances of vulnerabilities caused by data residues. By exploiting them, adversaries can steal user’s online-account credentials, access other app’s private data, escalate privileges, eavesdrop on user’s keystrokes, etc. We call these attacks the data residue attacks. To evaluate the real-world impact of the attacks, we have conducted an analysis on the top 100 apps in each of the 27 categories from GooglePlay. The result shows that a large portion of the apps can be the target of the data residue attacks. We have further evaluated the effectiveness of popular app markets (GooglePlay, Amazon appstore and Samsung appstore) in preventing our attacking apps from reaching their markets. Moreover, we have studied the data residue attacks on 10 devices from different vendors to see how vendor customization can affect our attacks. Google has acknowledged all our findings, and is working with us to get the problems fixed.

Original languageEnglish (US)
Title of host publication23rd Annual Network and Distributed System Security Symposium, NDSS 2016
PublisherThe Internet Society
ISBN (Electronic)189156241X, 9781891562419
DOIs
StatePublished - 2016
Event23rd Annual Network and Distributed System Security Symposium, NDSS 2016 - San Diego, United States
Duration: Feb 21 2016Feb 24 2016

Publication series

Name23rd Annual Network and Distributed System Security Symposium, NDSS 2016

Conference

Conference23rd Annual Network and Distributed System Security Symposium, NDSS 2016
Country/TerritoryUnited States
CitySan Diego
Period2/21/162/24/16

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Control and Systems Engineering
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Life after App Uninstallation: Are the Data Still Alive? Data Residue Attacks on Android'. Together they form a unique fingerprint.

Cite this