App-level virtualization is a technique that allows to execute apps in a virtual environment, without them being physically installed on the device. In the context of Android, VirtualApp is among the most known virtualization frameworks, as it gained popularity on the community mainly for its ability to set multiple social media accounts on the same device. VirtualApp, due to technical limitations and the lack of a proper secure architecture, proved to break the Android Sandbox model, which is among the security mechanisms that grant app isolation. This vulnerability might be exploited by a malicious entity to get the user's personal data without consent. The purpose of this work is to better understand which attacks can be performed on VirtualApp, develop a strategy to prevent them, and implement a working proof of concept on the framework. An evaluation of real-world virtualization frameworks downloaded from the Google Play Store reveals that some of them share the same security vulnerability, exposing millions of users. A final discussion stresses the importance of secure software development practices.
App-level virtualization is a technique that allows to execute apps in a virtual environment, without them being physically installed on the device. In the context of Android, VirtualApp is among the most known virtualization frameworks, as it gained popularity on the community mainly for its ability to set multiple social media accounts on the same device. VirtualApp, due to technical limitations and the lack of a proper secure architecture, proved to break the Android Sandbox model, which is among the security mechanisms that grant app isolation. This vulnerability might be exploited by a malicious entity to get the user's personal data without consent. The purpose of this work is to better understand which attacks can be performed on VirtualApp, develop a strategy to prevent them, and implement a working proof of concept on the framework. An evaluation of real-world virtualization frameworks downloaded from the Google Play Store reveals that some of them share the same security vulnerability, exposing millions of users. A final discussion stresses the importance of secure software development practices.
Towards Secure Virtual Apps: Bringing Application-Level Isolation to Android Virtualization
BOSCOLO MENEGUOLO, LUCA
2024/2025
Abstract
App-level virtualization is a technique that allows to execute apps in a virtual environment, without them being physically installed on the device. In the context of Android, VirtualApp is among the most known virtualization frameworks, as it gained popularity on the community mainly for its ability to set multiple social media accounts on the same device. VirtualApp, due to technical limitations and the lack of a proper secure architecture, proved to break the Android Sandbox model, which is among the security mechanisms that grant app isolation. This vulnerability might be exploited by a malicious entity to get the user's personal data without consent. The purpose of this work is to better understand which attacks can be performed on VirtualApp, develop a strategy to prevent them, and implement a working proof of concept on the framework. An evaluation of real-world virtualization frameworks downloaded from the Google Play Store reveals that some of them share the same security vulnerability, exposing millions of users. A final discussion stresses the importance of secure software development practices.| File | Dimensione | Formato | |
|---|---|---|---|
|
BoscoloMeneguolo_Luca.pdf
accesso aperto
Dimensione
979.7 kB
Formato
Adobe PDF
|
979.7 kB | Adobe PDF | Visualizza/Apri |
The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License
https://hdl.handle.net/20.500.12608/89883