A Context-Aware Kernel IPC Firewall for Android

Our phones go wherever we go. Ever present, and with ever more data and connections, smartphones hold as much sensitive data as traditional systems but do not have the same protections. Android’s recent 6.0 (Marshmallow) release introduced much needed dynamic permission checks for applications. However, this does not go far enough in adapting to mobile phone’s unique security needs. Smartphones encounter a wide variety of settings and situations that current security solutions fail to account for. We introduce a context-aware IPC firewall for Android that dynamically filters messages based on environmental data. Our BinderFilter can both block and modify Android IPC messages sent through Binder, which is in a position of complete mediation in Android. Our Binder hooking framework and message parser are unique in their scope and implementation— and mitigate broad classes of cross-app attacks, such as “collusion” and “UI-based activity hijacking” attacks. We also provide a policy application, Picky, with which users can set policy rules for any message and target applications. BinderFilter and Picky are free software, available at [1, 2].