How to Block the Malicious Access to Android External Storage

External storage (e.g., SD card) is an important component of the Android mobile terminals, commonly used for storing of the user information (including sensitive data such as photos). However, current protection mechanisms (e.g., the permission mechanism) on the external storage are somehow coarse-grained, where the external storage is controlled as a whole, which means all files on the external storage are accessible once the permission is assigned to an APP. This coarse-grained control weakness could be easily leveraged by the attackers. For example, the ransomware can obtain the access permission of the external storage and encrypt the files on external storage stealthily for ransom. In this paper, we introduce an Access Control List (ACL) mechanism to enforce the fine-grained control on the external storage. With ACL, the access control policy can be defined at the file granularity, and the access permissions will only be granted to legitimate APPs specified in a white list. First, we activate the Linux ACL mechanism on Android system and extend it to the Filesystem in Userspace (FUSE). Because the external storage is built on the FUSE filesystem, which is different from the traditional Linux filesystems (e.g., EXT4) and thus not supported by the traditional Linux ACL mechanism. Second, we introduce ACL-policy configuration interface in the Android framework, which enables the device owner and APP developers to set the fine-grained ACL access policies for their files on the external storage. Finally, we implement a prototype based on the Nexus 6 devices deployed Android 6.0.1 and Linux kernel 3.10.4, and evaluate it on the stability, effectiveness and performance. The results show our prototype system can effectively prevent illegal access to the files on the external storage with negligible performance overhead. As far as we know, this is the first work that can really enforce ACL access control on the external storage of Android.