On Thu, Nov 8, 2012 at 9:36 PM, abhinav bansal <[email protected]>wrote:
> > Hi Nick, > > The idea is to make an app that contains an app. For example lets say i > make a secure pdf viewer application with some confidential files, i do not > want the user to copy anything from the pdf file and paste it anywhere > outside the container in any third party apps except the apps inside the > container. > Are these apps written by you or not? If all the apps are written by you, this is doable with the existing Android security model. Implement your cut and paste as a read / write to a file within the app's home directory. An app outside the sandbox will be unable to access the file containing this data, whereas apps inside Android's sandbox can access the file freely. Alternatively, you could implement your cut and paste functionality using Android content providers<http://developer.android.com/guide/topics/providers/content-providers.html>protected by a signature permission<http://developer.android.com/guide/topics/manifest/permission-element.html#plevel>, which would allow any application signed by your key to access the data, but other apps could not access the data. Since you control the application, you can entirely determine what other applications have access to your data using the existing Android sandbox. > To combat this scenaro, is it possible to implement a container outside > the app that has custom restrictions which prevents unauthorized access, > data leakage etc.? > Can you define who the attacker is in your scenario? Other applications on the device? The user of the device? If the attacker is other apps on the device, Android already provides a sandbox isolating one application from another application. If you're trying to protect against an attacker who has physical possession of the device, then the scenario you're talking about is impossible to defend against generally. In your example, someone who is viewing a PDF can always take a picture of their phone if they're determined to exfiltrate the data. Of course, you can custom write your application to make such sharing more difficult using the techniques I described above. > Regards > Abhinav > > > On Thu, Nov 8, 2012 at 10:17 PM, Nick Kralevich <[email protected]> wrote: > >> >> Hi Abhi, >> >> Can you clarify exactly what your threat model is? Against what attack is >> your app trying to defend against? >> >> All Android applications run in an Android sandbox. Android sandboxes are >> implemented as separate Linux UIDs. All files / directories created by your >> app are isolated from other apps unless you explicitly share them. Other >> apps cannot access your confidential data absent a compromise of the >> Android security model (for example, rooting). >> >> It's not clear from your brief e-mail below why the default sandbox is >> insufficient to address your attack scenario. >> >> -- Nick >> >> On Thu, Nov 8, 2012 at 6:57 AM, Abhi <[email protected]> wrote: >> >>> Is containerization of android apps possible such that they run under >>> restricted sandboxes? I have seen some discussions over these but I could >>> not actually find any true solution. >>> If its possible then How may we accomplish containerization/sandboxing >>> over apps? Any help would be appreciable >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Android Security Discussions" group. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msg/android-security-discuss/-/ZnP7STMclm4J. >>> To post to this group, send email to >>> [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]. >>> For more options, visit this group at >>> http://groups.google.com/group/android-security-discuss?hl=en. >>> >> >> >> >> -- >> Nick Kralevich | Android Security | [email protected] | 650.214.4037 >> >> > -- Nick Kralevich | Android Security | [email protected] | 650.214.4037 -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
