Skip to content

Privilege escalation attacks on android

by Lucas Davi, Alexandra Dmitrienko, Ahmad Reza Sadeghi, Marcel Winandy
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) ()
Get full text at journal


Android is a modern and popular software platform for smartphones. Among its predominant features is an advanced security model which is based on application-oriented mandatory access control and sandboxing. This allows developers and users to restrict the execution of an application to the privileges it has (mandatorily) assigned at installation time. The exploitation of vulnerabilities in program code is hence believed to be confined within the privilege boundaries of an application’s sandbox. However, in this paper we show that a privilege escalation attack is possible. We show that a genuine application exploited at runtime or a malicious application can escalate granted permissions. Our results immediately imply that Android’s security model cannot deal with a transitive permission usage attack and Android’s sandbox model fails as a last resort against malware and sophisticated runtime attacks.

Cite this document (BETA)

Authors on Mendeley

Readership Statistics

161 Readers on Mendeley
by Discipline
95% Computer Science
3% Engineering
1% Business, Management and Accounting
by Academic Status
29% Student > Ph. D. Student
27% Student > Master
12% Student > Postgraduate
by Country
4% Germany
3% United States
1% France

Sign up today - FREE

Mendeley saves you time finding and organizing research. Learn more

  • All your research in one place
  • Add and import papers easily
  • Access it anywhere, anytime

Start using Mendeley in seconds!

Sign up & Download

Already have an account? Sign in