Android is the most popular operating systems for smartphones and is also well-known for its flexibility and security. However, although it is overall considered very secure, there are still some vulnerabilities occasionally discovered that allow getting user sensitive information bypassing security controls and boundaries: among these, side-channel vulnerabilities are a significant concern these days. Although there are several types of side-channel vulnerabilities, ones focused on APIs still represent a great area to explore, which, until now, has often been analysed manually. Only in the latest years, there have been published some automatic solutions which focus on performing automatic scanning of side-channel flaws in Android, created due to the increasing codebase of the operating system; however, they present some limitations. This paper introduces a new approach to discover Android NDK side-channel leaks, which at the best of the author knowledge have never been investigated through the usage of automatic or semi-automatic solutions. The approach described in the work, allowed to identify more than 8 new side-channel leaks in several Android NDK functions,which permitted to infer with great accuracy application and websites launches on a victim device. The findings represents the first discovered side-channel leaks in Android NDK functions, and were responsibly disclosed to the Android Security Team of Google.
View on arXiv