Boxify: Full-fledged App Sandboxing for Stock Android


Michael Backes, Saarland University and Max Planck Institute for Software Systems (MPI-SWS); Sven Bugiel, Christian Hammer, Oliver Schranz, and  Philipp von Styp-Rekowsky, Saarland University


We present the first concept for full-fledged app sandboxing on stock Android. Our approach is based on application virtualization and process-based privilege separation to securely encapsulate untrusted apps in an isolated environment. In contrast to all related work on stock Android, we eliminate the necessity to modify the code of monitored apps, and thereby overcome existing legal concerns and deployment problems that rewriting-based approaches have been facing. We realize our concept as a regular Android app called Boxify that can be deployed without firmware modifications or root privileges. A systematic evaluation of Boxify demonstrates its capability to enforce established security policies without incurring a significant runtime performance overhead.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {190928,
author = {Michael Backes and Sven Bugiel and Christian Hammer and Oliver Schranz and Philipp von Styp-Rekowsky},
title = {Boxify: Full-fledged App Sandboxing for Stock Android},
booktitle = {24th USENIX Security Symposium (USENIX Security 15)},
year = {2015},
isbn = {978-1-939133-11-3},
address = {Washington, D.C.},
pages = {691--706},
url = {},
publisher = {USENIX Association},
month = aug

Presentation Video 

Presentation Audio


0 dislikes