SEPAL: Towards a Large-scale Analysis of SEAndroid Policy Customization

TL;DR

SEPAL is a scalable NLP-based tool that automatically analyzes SEAndroid policy customizations, outperforming previous methods and revealing increasing unregulated rules in newer Android versions, which may compromise device security.

Contribution

This paper introduces SEPAL, a novel tool leveraging NLP and deep learning to accurately identify unregulated SEAndroid policy rules at scale, improving over prior approaches.

Findings

SEPAL outperforms EASEAndroid by 15% accuracy.

It identifies 7,111 unregulated rules from 595,236 policies.

Unregulated rules are increasing in newer Android versions.

Abstract

To investigate the status quo of SEAndroid policy customization, we propose SEPAL, a universal tool to automatically retrieve and examine the customized policy rules. SEPAL applies the NLP technique and employs and trains a wide&deep model to quickly and precisely predict whether one rule is unregulated or not.Our evaluation shows SEPAL is effective, practical and scalable. We verify SEPAL outperforms the state of the art approach (i.e., EASEAndroid) by 15% accuracy rate on average. In our experiments, SEPAL successfully identifies 7,111 unregulated policy rules with a low false positive rate from 595,236 customized rules (extracted from 774 Android firmware images of 72 manufacturers). We further discover the policy customization problem is getting worse in newer Android versions (e.g., around 8% for Android 7 and nearly 20% for Android 9), even though more and more efforts are made. Then, we conduct a deep study and discuss why the unregulated rules are introduced and how they can compromise user devices. Last, we report some unregulated rules to seven vendors and so far four of them confirm our findings.