@inproceedings{	TUD-CS-2014-0922,
	author = {Steven Arzt and Stephan Huber and Siegfried Rasthofer and Eric Bodden},
	title = {Denial-of-App Attack: Inhibiting the Installation of Android Apps on Stock
Phones},
	month = nov,
	year = {2014},
	booktitle = {Proceedings of the Fourth ACM Workshop on Security and Privacy in
Smartphones and Mobile Devices},
	editor = {ACM},
	note = {https://github.com/secure-software-engineering/denial-of-app-attack},
	pubkey = {TUD-CS-2014-0922},
	research_area = {CASED, EC SPRIDE},
	research_sub_area = {Secure Software Engineering Group},
	abstract = {We describe a novel class of attacks called denial-of-app that allows
adversaries to inhibit the future installation of attacker-selected
applications on mobile phones. Adversaries can use such attacks to entrap
users into installing attacker-preferred applications, for instance to
generate additional revenue from advertisements on a competitive app market
or to increase the rate of malware installation. Another possibility is to
block anti-virus applications or security workarounds to complicate malware
detection and removal.
We demonstrate such an attack that works on arbitrary unmodified stock
Android phones. It is even possible to block many applications from a list
predefined by the attacker in- stead of just a single app. Even more, we
propose an attack for banning applications from Google Play Store
regardless of the user’s phone by exploiting similar vulnerabilities in
the market’s app vetting process. Unblocking an application blocked by
our attack requires either root privileges or a complete device reset. The
Android security team has confirmed and fixed the vulnerability in Android
4.4.3 and has given consent to this publication within a
responsible-disclosure process. To the best of our knowledge, the attack
applies to all versions prior to Android 4.4.3.},
	pdf = {media:21683},
}