I. J. Computer Network and Information Security, 2020, 1, 20-26 Published Online February 2020 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2020.01.03 Copyright © 2020 MECS I.J. Computer Network and Information Security, 2020, 1, 20-26 A Novel Android Security Framework to Prevent Privilege Escalation Attacks Ahamed K. H. Hussain 1 , Mohsen Kakavand 2 , Mira Silval 3 , and Lingges Arulsamy 4 Department of Computing, Sunway University, Bandar Sunway, 47500, Malaysia E-mail: 1 khalid.hh.hussain@gmail.com, 2 mohsenk@sunway.edu.my, 3 16095267@imail.sunway.edu.my, 4 linggest90@gmail.com Received: 10 November 2019; Accepted: 27 November 2019; Published: 08 February 2020 Abstract—Android is the most popular operating system in the world, with numerous applications having been developed for the platform since its inception, however, it has its fair share of security issues. Despite security precautions taken by developers and the system itself when it comes to permission delegation for applications, privilege escalation attacks are still possible up till Android API level 25. Unfortunately, many existing detection and prevention solutions fall short of the standard necessary or are taxing in resources not found on most Android devices. Proof is shown that a custom created malicious application can elevate its privileges, beyond the permissions it was given, in the existing Android system. In this paper, a modification to the existing Android framework is proposed, one that can detect inter-component communication messages between malicious apps attempting to elevate their privileges and benign applications. Part of this framework is the ability for the user to decide if permissions should be elevated, allowing them some measure of control. The results of the experimental evaluation demonstrate that the solution proposed is effective in preventing privilege escalation attacks on Android API level 24. Index Terms—Android Security, Privilege Escalation, Permission Escalation. I. INTRODUCTION Android is one of the most prevalent operating systems on the planet and sees the highest pervasiveness amongst mobile devices. With this widespread prevalence, however, comes an abundance of security issues, one being privilege escalation attacks. Privilege escalation attacks on Android are a form of attack whereby a nefarious application can utilize a legitimate, yet vulnerable, application’s privileged permissions to execute commands that it itself would be incapable of doing so. While there are three forms of privilege escalation attacks [1], there are only two real-world solutions, dynamic or static. Dynamic solutions often include adding to or modifying the existing Android security framework so as to constantly be able to detect privilege escalation attacks and block them as they are being executed such as [2-5]. Static solutions, like those employed in [6-7], meanwhile involve analysis of the applications and systems at certain times and not constantly; i.e it is not real-time protection. A. Problem Statement Unfortunately, while methods against privilege escalation have been implemented from API level 26 onwards, devices employing API level 25 and below compose the bulk of the Android market at 61.3 % and are still susceptible to privilege escalation attacks. Furthermore, due to the lack of knowledge about this threat, most consumers do not implement the available solutions; moreover, many of the solutions proposed so far require a certain level of technical skill and knowledge to implement, which are barriers that make it hard for these solutions to be adopted. B. Objectives The goal of this work is to modify the existing Android security framework to monitor situations where the Inter- Component Communication messages between applications are being exploited to achieve privilege escalation. This solution will maintain the state of applications as they run whilst overseeing ICCs in between different applications similar to [8], unlike existing static methods that cannot be run in real-time or other dynamic methods that are costly in terms of resources. The objectives shall be achieved by making modifications to the existing Android framework, specifically the Activity Manager as well as creating two new components, to inspect ICCs between applications. The rest of this paper is in the following order: we discuss related solutions proposed by other third parties in section II. Section III details the components Android applications and the requirements they need to function. Section IV demonstrates current privilege escalation vulnerabilities using modified applications. Section V goes into detail about the proposed modifications we make to the Android framework to prevent privilege escalation. Section VI describes the experimental evaluation of our modified Android framework. The main conclusions are briefed in section VII.