Appwrapping Providing Fine-Grained Security Policy Enforcement Per Method Unit in Android

摘要

Enterprise mobility management (EMM) solution is widely used to securely protect confidential information stored on an individual's smartphone, while increasing the efficiency because of BYOD policy. The application wrapping (Appwrapping) technology is one way to be applied EMM solutions, by modifying binary applications without the original source code. In the past, Appwrapping was performed to control permissions or APIs to protect privacy on Android. This method is applied collectively to the whole section, not a specific section of the app, so it is difficult to control the section (flow) desired by the user or the manager. In addition, system overhead can occur because the control is applied to the whole section of the app. In this paper, we propose a method to insert an additional security policy code at a certain interval position in the intermediate code of a binary app, so that it can be controlled at a specific interval rather than the whole interval of the app. The proposed method extracts and saves the security policy intermediate code and the related file in advance and then adds the security policy code to the specific method on the intermediate code of the specific activity acquired by decompiling the target app. Finally, the additional security policy code is modified to avoid errors caused by the additional code. We create an automation tool for performance verification, experiment with five commercial office apps, and confirm that the apps work properly with the added EMM security functions.