Risks behind Device Information Permissions in Android OS

... IEEE Conference on Communications and Network Security. IEEE Conference on Communications and Network Security Pub Date : 2017-11-10 DOI:10.4236/CN.2017.94016

A. Alshehri, A. Hewins, M. McCulley, Hani Alshahrani, Huirong Fu, Ye Zhu

{"title":"Risks behind Device Information Permissions in Android OS","authors":"A. Alshehri, A. Hewins, M. McCulley, Hani Alshahrani, Huirong Fu, Ye Zhu","doi":"10.4236/CN.2017.94016","DOIUrl":null,"url":null,"abstract":"In the age of smartphones, people do most of their daily work using their smartphones due to significant improvement in smartphone technology. When comparing different platforms such as Windows, iOS, Android, and Blackberry, Android has captured the highest percentage of total market share [1]. Due to this tremendous growth, cybercriminals are encouraged to penetrate various mobile marketplaces with malicious applications. Most of these applications require device information permissions aiming to collect sensitive data without user’s consent. This paper investigates each element of system information permissions and illustrates how cybercriminals can harm users’ privacy. It presents some attack scenarios using \nREAD_PHONE_STATE permission and the risks behind it. In addition, this paper refers to possible attacks that can be performed when additional permissions are combined with READ_PHONE_STATE permission. It also discusses a proposed solution to defeat these types of attacks.","PeriodicalId":91826,"journal":{"name":"... IEEE Conference on Communications and Network Security. IEEE Conference on Communications and Network Security","volume":"76 1","pages":"219-234"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"... IEEE Conference on Communications and Network Security. IEEE Conference on Communications and Network Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4236/CN.2017.94016","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

In the age of smartphones, people do most of their daily work using their smartphones due to significant improvement in smartphone technology. When comparing different platforms such as Windows, iOS, Android, and Blackberry, Android has captured the highest percentage of total market share [1]. Due to this tremendous growth, cybercriminals are encouraged to penetrate various mobile marketplaces with malicious applications. Most of these applications require device information permissions aiming to collect sensitive data without user’s consent. This paper investigates each element of system information permissions and illustrates how cybercriminals can harm users’ privacy. It presents some attack scenarios using READ_PHONE_STATE permission and the risks behind it. In addition, this paper refers to possible attacks that can be performed when additional permissions are combined with READ_PHONE_STATE permission. It also discusses a proposed solution to defeat these types of attacks.

查看原文本刊更多论文

Android操作系统设备信息权限背后的风险

在智能手机时代，由于智能手机技术的显著进步，人们使用智能手机完成大部分日常工作。在比较Windows、iOS、Android和黑莓等不同平台时，Android占据了最高的总市场份额。由于这种巨大的增长，网络犯罪分子被鼓励用恶意应用程序渗透到各种移动市场。这些应用程序大多需要设备信息权限，目的是在未经用户同意的情况下收集敏感数据。本文研究了系统信息权限的各个要素，并举例说明了网络罪犯是如何损害用户隐私的。本文介绍了一些使用READ_PHONE_STATE权限的攻击场景及其背后的风险。此外，本文还提到了当附加权限与READ_PHONE_STATE权限相结合时可能发生的攻击。它还讨论了一个建议的解决方案，以击败这些类型的攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

... IEEE Conference on Communications and Network Security. IEEE Conference on Communications and Network Security

自引率

0.00%

发文量