SCRUTINIZING PERMISSION BASED ATTACK ON ANDROID OS PLATFORM DEVICES

Article Sidebar

PDF
Published: Aug 28, 2017
DOI: https://doi.org/10.26483/ijarcs.v8i7.4212
Keywords:
Android Security, Permission Level, Attacks, Privileges and Smartphone

Main Article Content

Faiz Mohammad Faqiry
Department of Computer Science and Engineering, Maulana Azad National Institute of Technology, Bhopal (462003) M.P India.
Rizwanur Rahman
Deepak Singh Tomar
Deepak Singh Tomar

Abstract

The smart phones usage has been increased rapidly over the last decade. Because of their mobility and connectivity, smart phones are growing thrice as compared to Personnel Computers. Android is a mobile device operating system platform for smart phones, which is growing very fast. There are many security concerns in the Android smart phones related to permissions in Apps. Android is having some negative gaps regarding security. One of the main security related gap is its Permission level through which Apps are gaining access to the devices hardware and software. The Apps access can sometimes make a security issue, which is not acceptable for the end-users and this security issue tends users’ information leakage. Most of the time users are granting permissions while installing Apps but do not know about the permission requested by the Apps, which is a gap itself and this may lead for misusing user’s personal information. In this paper, a number of vulnerabilities are explored in Android permission level and provide an approach for better security in Android Platform. An Attack Scenario is developed successfully for permission-based attacks in the android platform and provides the countermeasures for it.

Downloads

Download data is not yet available.

Article Details

Issue
Vol. 8 No. 7 (2017): July-August 2017
Section
Articles

COPYRIGHT

Submission of a manuscript implies: that the work described has not been published before, that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication, the authors agree to automatic transfer of the copyright to the publisher.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
  • The journal allows the author(s) to retain publishing rights without restrictions.
  • The journal allows the author(s) to hold the copyright without restrictions.
Author Biography

Faiz Mohammad Faqiry, Department of Computer Science and Engineering, Maulana Azad National Institute of Technology, Bhopal (462003) M.P India.

Department of Computer Science and Engineering, (MANIT) Bhopal,M.P

References

Alexandre Bartel, Jacques Klein, Martin Monperrus, Yves Le Traon, “Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Androidâ€, in IEEE/ACM International Conference on Automated Software Engineering (ASE), Essen, Germany, 2012.

Khodor Hamandi, et.al “Android SMS Malware: Vulnerability and Mitigation†2013 27th International Conference on Advanced Information Networking and Applications Workshops 2013.

Lucas Davi, et .al “Privilege escalation attacks on android†In Proceedings of the 13th International Conference on Information Security, Boca Raton, FL, USA ,October 25 - 28, 2010.

Yuan Zhang, et .al “Vetting Undesirable Behaviors in Android Apps with Permission Use Analysisâ€, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, Berlin, Germany, November 04 - 08, 2013

Zarni Aung and Win Zaw, “Permission-Based Android Malware Detection†international journal of scientific & technology research volume 2, issue 3, march 2013 issn 2277-8616, 2013.

David Barrera et .al “A Methodology for Empirical Analysis of Permission-Based Security Models and its Application to Androidâ€, Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, October 4-8, 2010.

Zheran Fang, Weili Han and Yingjiu Li, “Permission based Android security: Issues and countermeasures†computers & security 43 (2014) 205-218.

Wook Shin, Sanghoon Kwak, Shinsaku Kiyomoto and Toshiaki Tabaka, “A Small but Non-negligible Flaw in the Android Permission Scheme†2010 IEEE International Symposium on Policies for Distributed Systems and Networks, Fairfax, VA, USA, 21-23 July 2010.

I. Rassameeroj and Y. Tanahashi, "Various approaches in analyzing Android applications with its permission-based security models," 2011 IEEE International Conference on Electro/Information Technology, Mankato, MN, 2011, pp. 1-6.

Ryan Johnson, Zhaohui Wang, Corey Gagnon, Angelos Stavrou, “Analysis of Android Applications’ Permissions†2012 IEEE Sixth International Conference on Software Security and Reliability Companion 2012.

Eric Cole et .al “Constructing Attack Scenarios for Attacker Profiling and Identificationâ€, [Online]. Available: “http://www.securityhaven. com /docs/ Constructing Attack Scenarios for Attacker Profiling and Identificationv6. pdf, Jun 2010.

Android Developer (2017, April 10) [Online] Available: https:// developer. android. com/guide /index.html.

Android Market Share (2017, May 15) [Online] Available: https://qz.com /826672/android-goog-

just-hit-a-record-88-market-share-of-all-smartphones/.

Global Market Share of Smartphones (2017, April 05) [Online] Available: https://www. statista.com/statistics/266136/global-market-share-held-by-smartphone-operating-systems/.