Safer Google smartphones thanks to YAASE
It took only one month of hard work and two brilliant Italian minds to design and implement an advanced security system which protects data stored in the latest generation of Android smartphones.
The innovative system is called YAASE (Yet Another Android Security Extention) and, by working at the Androidoperating system level, it guarantees the protection of data stored in the smartphone from undesirable access, without compromising performance or creating any compatibility conflicts with current Android apps.
Data security has become one of the major issues and requirements of new mobile phones. Thanks to their increaseing popularity, Google smartphones have been under attack from malevolent apps available through various marketplaces. In the first half of 2011 alone, the number of mobile users exposed to malware was between a half million to one million according to a study conducted by Lookout Mobile Security.
One of the threats currently affecting the Android system is that of Privilege Escalation, where colluding applications maliciously collaborate to share their granted permissions.
As an example, consider a weather app requiring Internet and GPS permissions and a contact management app requiring access to the phone contact provider. The two apps may contain malware and start exchanging information. The weather apps may expose a service to allow network access. The contact management app may use this service to forward the user’s contacts to any website. All this can happen without the Android standard security system blocking the communication flow.
To protect users of the Android platform, two researchers, Dr. Giovanni Russello from the Trentino-based research center CREATE-NET, directed by prof. Imrich Chlamtac, and Dr. Bruno Crispo, from the Department of Information Engineering and Computer Science of Trento, designed and developed YAASE, an advanced security extension to control the correct use of data for Android apps.
"YAASE - said Dr. Russello - works on several levels. First, it assigns a label to every piece of data and then it associates each app with the data label which can be allowed access. When the contact management app tries to send data through the hidden service of the weather app, YAASE will block this communication flow because the weather app is not associated with the label “contacts.”
It took just one month to design and develop the YAASE system: “Research and innovation – continued Russello – must be concrete. They must also provide an immediate answer to new needs”.
By the end of September YAASE will be available online for anyone who wants to protect their Android smartphone and their data from such risks.
"We hope – concluded Dr. Crispo - Google will also start to adopt more advanced security solutions than what is currently available in the Android platform”.