Boxify: Full-fledged App Sandboxing for Stock Android

Backes, Michael and Bugiel, Sven and Hammer, Christian and Schranz, Oliver and Styp-Rekowsky, Philipp von
(2015) Boxify: Full-fledged App Sandboxing for Stock Android.
In: Proceedings of the 24th USENIX Security Symposium (USENIX '15).
Conference: USENIX-Security Usenix Security Symposium

sec15-paper-backes.pdf - Published Version

Download (746kB) | Preview


We present the first concept for full-fledged app sandboxing on stock Android. Our approach is based on application virtualization and process-based privilege separation to securely encapsulate untrusted apps in an isolated environment. In contrast to all related work on stock Android, we eliminate the necessity to modify the code of monitored apps, and thereby overcome existing legal concerns and deployment problems that rewriting-based approaches have been facing. We realize our concept as a regular Android app called Boxify that can be deployed without firmware modifications or root privileges. A systematic evaluation of Boxify demonstrates its capability to enforce established security policies without incurring a significant runtime performance overhead.


Actions (login required)

View Item View Item