The Vertex Vortex: Visualizing Android's Permissions

The Android platform offers a set of security mechanisms to protect apps from one-another. Since apps can communicate with each-other and access each-others' data, there needs to be a way to protect that data from apps that shouldn't have access to it. The "permissions" system is one way this is accomplished.

The user sees this when they download an app and it warns them that the app wants to access the Internet, or read their contacts, or dial 911 or what-have-you. That's a pretty nice feature.

Android is made up of a number of communicating components. I wanted to visualize all of the applications on the system and how they interact via permissions. Let's look at the permissions system from this global point of view. Read on, or just view the big pretty picture.

I wrote a little app that allows a user to browse through the packages and permissions on an Android device, and as part of the process, it can generate a system map (using GraphViz) of all of the app and how they inter-relate.

I can run this app on the Android emulator, but when I run it on a real phone like my G1, the resulting image is very big, and I can't render an image with labels for the entire system.

Read on for the whole article and several pictures :)

OI Safe and OI Notepad

Here's a small portion of the permission visualization showing the relationship between OI Safe and OI Notepad.

  • Red circles are packages
  • Blue circles are permissions
  • Green circles are activities
  • Turquoise circles are services
  • Yellow circles are receivers
  • We omit providers for now

When a package utilizes a permission to protect an activity, there's a line from the package or activity to the permission labeled "offers".

When a package requests the use of a permission, there's a line from the package to the permission labeled "granted to".

OI Safe is a password "safe" that allows you to safely store a password keyring and allows other apps to store encrypted passwords locked by a master key. It also allows the encryption and decryption of simple text, hence the relationship with OI Notepad: OI Safe can encrypt notes for OI Notepad using the same master password for encrypting the keyring. (Pretty sweet, right?)

But if an app is going to decrypt text, the app has to get the user's permission to do so, hence OI Safe comes protected with a permission. When you install OI Notepad, you'll be prompted to answer whether you want to allow it to encrypt and decrypt text. If you say "no", then the app won't be installed.

Here's a picture these OpenIntents permissions.

The Vertex Vortex

There's a central focal point to this whole thing which I call The Vertex Vortex since it's where all the lines end up. It's primarily focused on the activities and permissions of the base operating system. This picture shows several of the core components of Android.

  • the "Android" base system itself, which offers permissions like access to the Internet,
  • the Contact system
  • the Phone system
  • the Launcher
  • Setting

Big Pictures

If that's fun for you, go ahead and download the big picture. You can also look at a version with no labels which makes it considerably smaller. In e.g. Firefox, you'll have to click to magnify or it won't look like anything.

Limitations

Unfortunately, it's not possible to tell from a static analysis of the system state which packages access other packages if there are no permissions involved. That's because intent dependencies don't need to be statically declared in the AndroidManifest.xml file. That's kinda too bad because it doesn't allow the obvious dependency analysis that would be so very useful on Android, and it doesn't allow me to visualize apps that are communicating without the use of permissions.

Right now, I'm not showing "providers" and their permissions.

p.s. If you'd like a user-friendly view of which apps use which permissions on an Android device, there's a really nice app for this called aSpotCat.

p.p.s. If you'd like to try running my app, you can download it from this page. You'll need to install graphviz to interpret the file it generates on the sd card.

AttachmentSize
securityAnalysis.ps471.99 KB
SecurityAnalysis.apk123.68 KB