A Distributed Android Security Framework

The current security models on mobile devices do not provide the level of protection required to handle sensitive data, such as protected healthcare information. In this paper, we introduce a Distributed Android Security Framework (DASF). DASF is a custom security framework for Android-based mobile devices that allows the enforcement of dynamic security policies on an application's privileges and sensitive data. DASF allows servers to dynamically impose security policies by using an application-layer message protocol implemented in the system. The security policies enforced by DASF enables system-wide privilege restrictions on untrustworthy applications and sensitive data. Ultimately, DASF allows organizations (i.e., data owners) to dynamically dictate the security policies enforced by the system, and retain control of the sensitive data they send to the device. We implement a prototype of DASF on Android Jellybean, and perform a security and performance evaluation. We show the DASF can defeat a number of security threats associated with using mobile devices in the healthcare industry, and imposes a reasonable performance overhead.