Abusing Android permissions: A security perspective

2017 IEEE Jordan Conference on Applied Electrical Engineering and Computing Technologies (AEECT) Pub Date : 2017-10-01 DOI:10.1109/AEECT.2017.8257772

Mamdouh Alenezi, Iman M. Almomani

{"title":"Abusing Android permissions: A security perspective","authors":"Mamdouh Alenezi, Iman M. Almomani","doi":"10.1109/AEECT.2017.8257772","DOIUrl":null,"url":null,"abstract":"The drastic increase of mobile apps and its direct impact on the security of user's device and data cannot be neglected. Such data nowadays is related to (almost) all life aspects. Even with the growing awareness to develop more secure apps, but still existed mobile apps found on app stores cannot be considered fully benign. This paper is giving a special attention to Android permissions and how they can be abused by security attacks. Most rated education apps have been selected to perform deep permissions analysis and categorization in terms of protection level and mostly abused ones. Moreover, the apps have been examined to check if they support advertisements or not. The results reveal that 80.3% of the apps are requesting permissions more than what they need and actually used. Consequently, such over-privileged apps would be exposed to serious malicious behaviors. The paper discusses possible solutions to overcome this issue and suggests possible ways to select the required permissions throughout the app development process.","PeriodicalId":286127,"journal":{"name":"2017 IEEE Jordan Conference on Applied Electrical Engineering and Computing Technologies (AEECT)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE Jordan Conference on Applied Electrical Engineering and Computing Technologies (AEECT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AEECT.2017.8257772","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

Abstract

The drastic increase of mobile apps and its direct impact on the security of user's device and data cannot be neglected. Such data nowadays is related to (almost) all life aspects. Even with the growing awareness to develop more secure apps, but still existed mobile apps found on app stores cannot be considered fully benign. This paper is giving a special attention to Android permissions and how they can be abused by security attacks. Most rated education apps have been selected to perform deep permissions analysis and categorization in terms of protection level and mostly abused ones. Moreover, the apps have been examined to check if they support advertisements or not. The results reveal that 80.3% of the apps are requesting permissions more than what they need and actually used. Consequently, such over-privileged apps would be exposed to serious malicious behaviors. The paper discusses possible solutions to overcome this issue and suggests possible ways to select the required permissions throughout the app development process.

查看原文本刊更多论文

滥用Android权限:一个安全视角

移动应用的急剧增长及其对用户设备和数据安全的直接影响不容忽视。如今这样的数据与(几乎)生活的方方面面有关。尽管人们越来越意识到要开发更安全的应用程序，但应用商店中仍然存在的移动应用程序不能被认为是完全无害的。本文特别关注Android权限以及它们如何被安全攻击所滥用。大部分被评为教育类的应用程序都被选中进行了深度权限分析，并根据保护级别进行了分类，其中大部分被滥用。此外，这些应用程序已经被检查是否支持广告。结果显示，80.3%的应用程序请求的权限超过了它们需要和实际使用的权限。因此，这种过度特权的应用程序将暴露于严重的恶意行为。本文讨论了克服这个问题的可能解决方案，并提出了在整个应用程序开发过程中选择所需权限的可能方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 IEEE Jordan Conference on Applied Electrical Engineering and Computing Technologies (AEECT)

自引率

0.00%

发文量