The Android operating system has been dominating the mobile device market in recent years. Although Android has actively strengthened its security mechanisms and fixed a great number of vulnerabilities as its version evolves, new vulnerabilities still keep emerging. Vulnerability exploitation is a common way to achieve privilege escalation on Android systems. In order to provide a holistic and comprehensive understanding of the exploits, we conduct a survey of publicly available 63 exploits for Android devices in this paper. Based on the analysis of the collected real-world exploits, we construct a taxonomy on Android exploitation and present the similarities/differences and strength/weakness of different types of exploits. On the other hand, we conduct an evaluation on a group of selected exploits on our test devices. Based on both the theoretical analysis and the experimental results of the evaluation, we present our insight into the Android exploitation. The growth of exploit categories along the timeline reflects three trends: (1) the individual exploits are more device specific and operating system version specific; (2) exploits targeting vendors’ customization grow steadily where the increase of other types of exploits slows down; and (3) memory corruption gradually becomes the primary approach to initiate exploitation.

Introduction

Smart mobile devices are indispensable in people’s lives nowadays. Along with the development of mobile technology and the prevalence of Internet services, smart mobile devices become the principal digital assistant that people use for information acquiring, instant messaging, online socialization, Internet financing and other Internet services.The market share of devices with Android operating system keeps growing since its release in 2008 and has been dominating the mobile system market for a long time. According to the latest market statistics done by IDC, Android managed to capture 85.0% of the worldwide smartphone market share by the 1st quarter of 2017 (IDC, 2017). In the meantime, the global shipment of new Android devices is experiencing an average of 10% growth each year since 2015 (Linda, 2016). Due to people’s heavy reliance on mobile devices and the popularity of Android mobile systems, the privacy concern and security issues on Android systems catch great attention from mobile users, industry players and academic researchers. At the same time, it also makes Android the prominent target of attackers. Unfortunately, Android vulnerabilities keep emerging and have successfully been turned into their exploitation even though Android has strengthened its security mechanisms and fixed a great number of vulnerabilities as its version evolves. Vulnerability exploitation is a common way to achieve higher privilege on Android systems. Exploiting Android devices has been a popular topic since Android was firstly introduced in 2008. There are numerous exploits being implemented in the Android history. From the users’ perspective, an exploit program can help them to bypass the security mechanism of their Android devices to achieve better control of their devices by obtaining a higher privilege, e.g., rooting their devices. On the other hand, the exploitation could also be misused to gain the control of victims’ devices where the attacker can obtain financial profit from selling users’ privacy (e.g., account information). We intend to provide a holistic and comprehensive understanding of the exploits that can be used to attain higher privileges in Android system. It would be helpful in terms of understanding how individual exploits work and how the trend of the exploits on Android would be. In this paper, we are going to present a survey on all the publicly available Android exploits gathered on the Internet. We provide a taxonomy of the Android exploits and analyze the similarities/differences and strengths/weaknesses.We demonstrate the trend of Android exploits by analyzing the development of each exploit category.