The smart phones usage has been increased rapidly over the last decade. Because of their mobility and connectivity, smart phones are growing thrice as compared to Personnel Computers. Android is a mobile device operating system platform for smart phones, which is growing very fast. There are many security concerns in the Android smart phones related to permissions in Apps. Android is having some negative gaps regarding security. One of the main security related gap is its Permission level through which Apps are gaining access to the devices hardware and software. The Apps access can sometimes make a security issue, which is not acceptable for the end-users and this security issue tends users’ information leakage. Most of the time users are granting permissions while installing Apps but do not know about the permission requested by the Apps, which is a gap itself and this may lead for misusing user’s personal information. In this paper, a number of vulnerabilities are explored in Android permission level and provide an approach for better security in Android Platform. An Attack Scenario is developed successfully for permission-based attacks in the android platform and provides the countermeasures for it.

Android Security; Permission Level; Attacks; Privileges and Smartphone

Alexandre Bartel, Jacques Klein, Martin Monperrus, Yves Le Traon, “Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android”, in IEEE/ACM International Conference on Automated Software Engineering (ASE), Essen, Germany, 2012.

Khodor Hamandi, et.al “Android SMS Malware: Vulnerability and Mitigation” 2013 27th International Conference on Advanced Information Networking and Applications Workshops 2013.

Lucas Davi, et .al “Privilege escalation attacks on android” In Proceedings of the 13th International Conference on Information Security, Boca Raton, FL, USA ,October 25 - 28, 2010.

Yuan Zhang, et .al “Vetting Undesirable Behaviors in Android Apps with Permission Use Analysis”, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, Berlin, Germany, November 04 - 08, 2013

Zarni Aung and Win Zaw, “Permission-Based Android Malware Detection” international journal of scientific & technology research volume 2, issue 3, march 2013 issn 2277-8616, 2013.

David Barrera et .al “A Methodology for Empirical Analysis of Permission-Based Security Models and its Application to Android”, Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, October 4-8, 2010.

Zheran Fang, Weili Han and Yingjiu Li, “Permission based Android security: Issues and countermeasures” computers & security 43 (2014) 205-218.

Wook Shin, Sanghoon Kwak, Shinsaku Kiyomoto and Toshiaki Tabaka, “A Small but Non-negligible Flaw in the Android Permission Scheme” 2010 IEEE International Symposium on Policies for Distributed Systems and Networks, Fairfax, VA, USA, 21-23 July 2010.

I. Rassameeroj and Y. Tanahashi, "Various approaches in analyzing Android applications with its permission-based security models," 2011 IEEE International Conference on Electro/Information Technology, Mankato, MN, 2011, pp. 1-6.

Ryan Johnson, Zhaohui Wang, Corey Gagnon, Angelos Stavrou, “Analysis of Android Applications’ Permissions” 2012 IEEE Sixth International Conference on Software Security and Reliability Companion 2012.

Eric Cole et .al “Constructing Attack Scenarios for Attacker Profiling and Identification”, [Online]. Available: “http://www.securityhaven. com /docs/ Constructing Attack Scenarios for Attacker Profiling and Identificationv6. pdf, Jun 2010.

Android Developer (2017, April 10) [Online] Available: https:// developer. android. com/guide /index.html.

Android Market Share (2017, May 15) [Online] Available: https://qz.com /826672/android-goog-

just-hit-a-record-88-market-share-of-all-smartphones/.

Global Market Share of Smartphones (2017, April 05) [Online] Available: https://www. statista.com/statistics/266136/global-market-share-held-by-smartphone-operating-systems/.