Appguard is exactly what you looking for. http://www.backes-srt.de/produkte/srt-appguard/ Am 09.11.2012 07:21 schrieb "abhinav bansal" <[email protected]>:
> Hi nick, > > so the apps not written by me, I have the apk files which I cannot tamper > or decompile but i want to make a container which should protect any data > leakage from that original app to outside that container. So the crux > lies in the ability to wrap an existing application with custom defined > restrictions. This shall facilitate multiple apps in one container > completed isolated from rest of the apps. > > I have recently seen few descriptions around this concept: > http://www.mobileiron.com/en/smartphone-management-products/appconnectapptunnel > > > On Fri, Nov 9, 2012 at 11:31 AM, Nick Kralevich <[email protected]> wrote: > >> >> >> >> On Thu, Nov 8, 2012 at 9:36 PM, abhinav bansal <[email protected] >> > wrote: >> >>> >>> Hi Nick, >>> >>> The idea is to make an app that contains an app. For example lets say i >>> make a secure pdf viewer application with some confidential files, i do not >>> want the user to copy anything from the pdf file and paste it anywhere >>> outside the container in any third party apps except the apps inside the >>> container. >>> >> >> Are these apps written by you or not? >> >> If all the apps are written by you, this is doable with the existing >> Android security model. Implement your cut and paste as a read / write to >> a file within the app's home directory. An app outside the sandbox will be >> unable to access the file containing this data, whereas apps inside >> Android's sandbox can access the file freely. >> >> Alternatively, you could implement your cut and paste functionality using >> Android content >> providers<http://developer.android.com/guide/topics/providers/content-providers.html>protected >> by a signature >> permission<http://developer.android.com/guide/topics/manifest/permission-element.html#plevel>, >> which would allow any application signed by your key to access the data, >> but other apps could not access the data. >> >> Since you control the application, you can entirely determine what other >> applications have access to your data using the existing Android sandbox. >> >> >>> To combat this scenaro, is it possible to implement a container outside >>> the app that has custom restrictions which prevents unauthorized access, >>> data leakage etc.? >>> >> >> Can you define who the attacker is in your scenario? Other applications >> on the device? The user of the device? >> >> If the attacker is other apps on the device, Android already provides a >> sandbox isolating one application from another application. >> >> If you're trying to protect against an attacker who has physical >> possession of the device, then the scenario you're talking about is >> impossible to defend against generally. In your example, someone who is >> viewing a PDF can always take a picture of their phone if they're >> determined to exfiltrate the data. Of course, you can custom write your >> application to make such sharing more difficult using the techniques I >> described above. >> >> >>> Regards >>> Abhinav >>> >>> >>> On Thu, Nov 8, 2012 at 10:17 PM, Nick Kralevich <[email protected]> wrote: >>> >>>> >>>> Hi Abhi, >>>> >>>> Can you clarify exactly what your threat model is? Against what attack >>>> is your app trying to defend against? >>>> >>>> All Android applications run in an Android sandbox. Android sandboxes >>>> are implemented as separate Linux UIDs. All files / directories created by >>>> your app are isolated from other apps unless you explicitly share them. >>>> Other apps cannot access your confidential data absent a compromise of the >>>> Android security model (for example, rooting). >>>> >>>> It's not clear from your brief e-mail below why the default sandbox is >>>> insufficient to address your attack scenario. >>>> >>>> -- Nick >>>> >>>> On Thu, Nov 8, 2012 at 6:57 AM, Abhi <[email protected]> wrote: >>>> >>>>> Is containerization of android apps possible such that they run under >>>>> restricted sandboxes? I have seen some discussions over these but I could >>>>> not actually find any true solution. >>>>> If its possible then How may we accomplish containerization/sandboxing >>>>> over apps? Any help would be appreciable >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Android Security Discussions" group. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msg/android-security-discuss/-/ZnP7STMclm4J >>>>> . >>>>> To post to this group, send email to >>>>> [email protected]. >>>>> To unsubscribe from this group, send email to >>>>> [email protected]. >>>>> For more options, visit this group at >>>>> http://groups.google.com/group/android-security-discuss?hl=en. >>>>> >>>> >>>> >>>> >>>> -- >>>> Nick Kralevich | Android Security | [email protected] | 650.214.4037 >>>> >>>> >>> >> >> >> -- >> Nick Kralevich | Android Security | [email protected] | 650.214.4037 >> >> > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
