Capstone Project Seminar

Capstone Project Seminar Presentation

The uploaded presentation is on YouTube.

How do Permissions Work?

  • The android OS is Linux.
  • Allows for sandboxing apps.
  • Apps can only gain access to other apps or system resourced with privileges.
  • Privileges are granted through the Permission API.
  • Permissions are grouped by safety and type.
  • Permission groups.
  • Normal permissions are automatically and silently granted by the system.
  • Dangerous permission can compromise user privacy.
  • Dangerous permissions require runtime user permission.
  • Signature permissions are particularly dangerous and insidious.
  • Researchers recommend investigation of weaknesses and hacks.

(Betarte, Campo, Luna, & Romano, 2016)

Permission Creep

  • Researcher hypothesised:
  • “Free apps are more likely to add new permissions than paid apps”
  • “Popular apps are more likely to add new permissions than unpopular apps”
  • A two year study of 35,000 Android apps proved this.
  • How does this affect users?

(Taylor & Martinovic, 2017)

Permission Abuses

  • An overprivileged app refers to permission abuse.
  • There is some discrepancy in the findings, but Researchers agree, a significant number of apps are over privileged.
  • The variation in research shows 2.2% of apps to 72.2% of apps abuse permissions.
  • Some permission abuse is due to poor programming.
  • What about intentional permission abuse?

(Chester, Jones, Mkaouer, & Krutz, 2017; Dennis, Krutz, & Mkaouer, 2017; Krutz, Munaiah, Peruma, & Mkaouer, 2017; Wu, Yang, & Luo, 2017)

Permissions and Malware

  • Malware has a strong link with permission abuse.
  • In fact there are patterns of permissions requests, by type, that are consistent with malware.
  • These patterns are useful in detecting malware.
  • Examining permissions and API calls within apps yields even greater malware detection.
  • How can malware detection be used to protect users?

(Ben Ayed, 2017; Faqiry, Rahman, & Tomar, 2017; Yusof, Saudi, & Ridzuan, 2017)

Innovations

  • The detection of malware is helpful in protecting users.
  • Researchers have created a system where all newly downloaded apps are run in a honeypot before being installed onto the main device.
  • The apps need to run to find the full extent of the potential security issues.
  • If the app fails to pass the benchmark created by healthy apps, it is not installed on the device.

(Lokesh Kumar Mishra, 2017)

Conclusion

  • The research has shown that there is scope to research the Android Permissions API.
  • There is concern among the research community that Android security has many weaknesses that are being exploited.
  • The research community concludes that ongoing research into this area is needed to secure this platform.

References

Ben Ayed, A. (2017). Permission Request Pattern Recognition in Android Malware Applications. International Journal of Strategic Information Technology and Applications, 8(1), 37-49. doi:10.4018/IJSITA.2017010103

Betarte, G., Campo, J., Luna, C., & Romano, A. (2016). Formal Analysis of Android’s Permission-Based Security Model. Scientific Annals of Computer Science, 16(1), 27-68. doi:10.7561/sacs.2016.1.27

Chester, P., Jones, C., Mkaouer, M. W., & Krutz, D. E. (2017). M-Perm: A Lightweight Detector for Android Permission Gaps. Paper presented at the Proceedings of the 4th International Conference on Mobile Software Engineering and Systems.

Dennis, C., Krutz, D. E., & Mkaouer, M. W. (2017). P-Lint: A Permission Smell Detector for Android Applications. Paper presented at the Proceedings of the 4th International Conference on Mobile Software Engineering and Systems.

Faqiry, F. M., Rahman, R., & Tomar, D. S. (2017). Scrutinizing Permission Based Attack on Android OS Platform Devices. International Journal of Advanced Research in Computer Science; Udaipur, 8(7).

Krutz, D. E., Munaiah, N., Peruma, A., & Mkaouer, M. W. (2017). Who Added that Permission to My App? An Analysis of Developer Permission Changes in Open Source Android Apps. Paper presented at the Proceedings of the 4th International Conference on Mobile Software Engineering and Systems.

Lokesh Kumar Mishra, R. D., Tushar Desale, Rahul Bidkar,  Jayant Waghale, Prof. S.R. Bhamare. (2017). Anti-Hijack: Real-Time Detection and Prevention of Attack on Android. International Research Journal of Engineering and Technology (IRJET), 04(04), 3389-3393.

Micinski, K., Votipka, D., Stevens, R., Kofinas, N., Mazurek, M. L., & Foster, J. S. (2017). User Interactions and Permission Use on Android. Paper presented at the Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems.

Moussa, M., Di Penta, M., Antoniol, G., & Beltrame, G. (2017). ACCUSE: Helping Users to Minimize Android App Privacy Concerns. Paper presented at the Proceedings of the 4th International Conference on Mobile Software Engineering and Systems.

Taylor, V. F., & Martinovic, I. (2017). To Update or Not to Update: Insights From a Two-Year Study of Android App Evolution. Paper presented at the Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security.

Wu, J., Yang, M., & Luo, T. (2017). PACS: Permission Abuse Checking System for Android Applications based on Review Mining. Paper presented at the Dependable and Secure Computing, 2017 IEEE Conference on.

Yusof, M., Saudi, M. M., & Ridzuan, F. (2017). A New Mobile Botnet Classification based on Permission and API Calls. Paper presented at the Emerging Security Technologies (EST), 2017 Seventh International Conference on.

 

 

Step 1 of 2
Please sign in first
You are on your way to create a site.

Log in

© Yvette Colomb 2018  |   About the Author