Manifest Problems: Analyzing Code Transparency for Android Application Bundles

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

In 2018, Google introduced a new app distribution format called AAB (Android Application Bundle), which replaced APK (Android Package) as the required format for all new app submissions to Google Play in 2021. Apps are still delivered to end users as APK files, but they are now generated and signed on the app store operator's infrastructure. Most crucially, this change requires developers to hand over their APK signing key to the app store operator, enabling them to arbitrarily manipulate apps prior to delivery to end users. To address this, Google has introduced the Code Transparency scheme to verify the integrity of APKs generated from AAB files. However, due to the lack of independent studies, the exact security properties of Code Transparency remain unclear.

In this paper, we present the first comprehensive analysis of the security of Code Transparency and the AAB format. We thoroughly investigate the design and implementation of the Code Transparency scheme, discussing in detail the technical possibilities attackers have for manipulating apps that use it. Additionally, we conduct a large-scale study on AAB and Code Transparency in practice. To this end, we evaluate the prevalence of both technologies among 3.5 million real-world apps, analyze their susceptibility to our attacks, and carry out a case study that demonstrates the practical security implications of attacks on Code Transparency.

Our analyses indicate that Code Transparency suffers from severe design and implementation flaws that allow app store operators to execute code in the context of any app without disturbing its Code Transparency signature. We reported our findings to Google and are in the process of discussing potential mitigations.
Original languageEnglish
Title of host publicationAnnual Computer Security Applications Conference
PublisherAssociation of Computing Machinery
Publication statusAccepted/In press - 20 Aug 2024
EventAnnual Computer Security Applications Conference: ACSAC 2024 - Waikiki, United States
Duration: 9 Dec 202413 Dec 2024
Conference number: 40

Conference

ConferenceAnnual Computer Security Applications Conference
Abbreviated titleACSAC
Country/TerritoryUnited States
CityWaikiki
Period9/12/2413/12/24

Fingerprint

Dive into the research topics of 'Manifest Problems: Analyzing Code Transparency for Android Application Bundles'. Together they form a unique fingerprint.
  • A-SIT - Secure Information Technology Center Austria

    Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.

    21/05/9931/12/24

    Project: Research area

Cite this