Security Architecture for a Secure Database on Android

Abstract

As mobile devices are increasingly used in various daily activities, they have become a movable storage that stores various personal/business information of users. Most mobile OSes, including Android, store personal data in databases and provide APIs for apps, which can be used to access a database managed by the system or to manage its own database. However, Android, which is our main focus here, stores data as plaintext in its database; as a result, the database content can be leaked unintentionally through several vulnerabilities. Additionally, the responsibility for the security of the database content created by an app lies with the developer of the app, while the mobile OS only provides minimal security features, such as isolation and access control. In this paper, we propose a security architecture to construct a secure database environment on Android. To this end, we entirely separate the database system from the app domain-to the best of our knowledge, this is the first such design for localized mobile databases. The separated database system manages a database with encryption; hence, data are no longer stored as plaintext. By delivering the responsibility over the system, this separation enables app developers to be free from the difficult task of managing the security of the database. The proposed system also provides tight access control over a database by using a runtime information of an app. Note that the current access control of Android is based on the Linux uid of an app. Thus, access is granted to a database if the app has the correct uid, regardless of the identity of the app. That is, our method creates a one-to-one pairing between the app and its database, and ensures that database access is granted only to the owner app. Additionally, we propose a similarity comparison method that helps to determine whether a new app is an updated of a previous version; this improves upon the current method, which relies only on a signature check and the package name of the app. To evaluate the feasibility of the proposed architecture, we conduct a series of experiments on our prototype implementation. The results show that the proposed secure database architecture is feasible with acceptable overhead.