StoreDroid: Sensor-based data protection framework for Android

Android has become the most prevalent smartphone operating system. Despite its popularity, Android has a lot of flaws in security. In this research study we target a wide range of smartphone applications that share secret and local data with the service provider so that this data will not be leaked or accessed by other entities. The StoreDroid framework, described in this paper, addresses possible data violations that can occur in the current Android system by adding protection mechanisms in several layers as follows: (1) at the Linux level we use the security-enhanced Linux and security-enhanced Android plugins that prevent today´s privileged escalation data access; (2) StoreDroidApp is a generic sensor-based access control mechanism where the sensors (such as biometric sensors and GPS) and the rules to access the data are defined by the service provider for better protection - we took advantage of the fact that Android systems are usually integrated with various hardware sensors in order to protect the user as well as the service provider; and (3) a secured message passing protocol to ensure that sensitive data will not be compromised by unwanted applications. The StoreDroid framework makes the following contributions: (1) the generic StoreDroidApp stub that is installed when the ROM is built narrows possible illegal data access for assigned application by the set of semantic and limiting sensor-based access rules, and (2) on top of the regular Linux used in Android, the customized security-enhanced Linux ensures that the sensor-based application will keep the data isolated and secured.