Are you an Android operating system (OS) developer, exploring application-independent ways to secure the audio channels in a device? Petracca et al. have implemented one such scheme: AuDroid for Android OS. As of now, mobile OSs do not enforce flow control through microphone and speaker devices and have only limited access control. Consequently, malicious applications could snoop information flowing through the audio channels of the device. The authors propose an extension to the Android OS to enforce security policies and then implement it.
The authors evaluate AuDroid using six types of attack scenarios described in detail in the paper. The workings of the audio channels are also described. The paper presents a good literature survey of existing solution approaches and related work. The paper addresses three challenges in securing communications via audio channels: the dynamic creation of audio channels, the special functional requirements of apps, and communication with external parties whose identity (and intentions) may not be established. The paper goes on to describe threat and trust models, followed by a detailed design of AuDroid.
The paper treats the Android OS architecture relevant to audio stream architecture in some detail (version 5.0.1_r1). The implementation is validated using 17 widely used apps. The validation procedure details are reported and performance overhead analyzed. I could not find the source code of AuDroid at the location mentioned in the paper; however, it can be found using GitHub search. The authors claim that “the customization needed to integrate AuDroid in a vanilla Android OS distribution is [low].” Documentation coming with the source base is minimal. Still, this is a well-written implementation paper regarding an important problem and its solution.