Permission Tracking Security Model in Android Application

Authors

  • T. Nandhini M.Phil, Scholar, Dept. of Computer Science, Bharathiyar University, Coimbatore, Tamil Nadu, India
  • V. Arulmozhi Associate Professor, Tiruppur Kumaran College For Women, Tirupur, Tamil Nadu, India

DOI:

https://doi.org/10.51983/ajcst-2015.4.2.1757

Keywords:

Android permissions, Tracking, Android Application

Abstract

Android permissions are rights given to applications to allow them to do things like take pictures, use the GPS or make phone calls. When installed, applications are given a unique UID, and the application will always run as that UID on that particular device. The UID of an application is used to protect its data and developers need to be explicit about sharing data with other applications. Android supports building applications that use phone features while protecting users by minimizing the consequences of bugs and malicious software. Android’s process isolation obviates the need for complicated policy configuration files for sandboxes. This gives applications the flexibility to use native code without compromising Android’s security or granting the application additional rights. Malicious software is an unfortunate reality on popular platforms, and through its features Android tries to minimize the impact of malware. However, even unprivileged malware that gets installed on an Android device (perhaps by pretending to be a useful application) can still temporarily wreck the user’s experience. Applications can entertain users with graphics, play music, and launch other programs without special permissions. In this paper we introduce tracking and monitoring of malicious activity of the apps that are installed by the user even from playstore using trusted permission based security model.

References

Google, "Android 4.1 Compatibility Definitions," Android Compatibility Program, 7 Sep 2012, Rev 2.

R. Xu, H. Sadi, and R. Anderson, "Aurasium: practical policy enforcement for Android applications," in Proceedings of the 21st USENIX Conference on Security (SEC '12).

L. Barkhuus and A. Dey, "Location-based services for mobile telephony: a study of users’ privacy concerns," in Proceedings of the International Conference on Human-Computer Interaction, 2003.

S. Consolvo et al., "Location disclosure to social relations: why, when, & what people want to share," in Proceedings of the ACM CHI Conference on Human Factors in Computing Systems, 2005.

J. Lindqvist et al., "I’m the mayor of my house: examining why people use Foursquare - a social-driven location sharing application," in Proceedings of the ACM CHI Conference on Human Factors in Computing Systems, 2011.

P. Kelley et al., "When are users comfortable sharing locations with advertisers?" in Proceedings of the ACM CHI Conference on Human Factors in Computing Systems, 2011.

F. Roesner et al., "User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems," in Proceedings of the IEEE Conference on Security and Privacy, 2012.

P. G. Kelley et al., "A Conundrum of Permissions: Installing Applications on an Android Smartphone," in Proceedings of the Workshop on Usable Security (USEC), 2012.

W. Enck, M. Ongtang, and P. D. McDaniel, "On Lightweight Mobile Phone Application Certification," in ACM Conference on Computer and Communications Security, pages 235–245, 2009.

M. Ongtang et al., "Semantically rich application-centric security in Android," in ACSAC, pages 340–349, 2009.

A. Felt et al., "Android permissions demystified," in 18th ACM Conference on Computer and Communications Security (CCS '11).

D. Barrera et al., "A methodology for empirical analysis of permission-based security models and its application to Android," in 17th ACM Conference on Computer and Communications Security (CCS '10).

P. H. Chia et al., "Is this app safe? A large scale study on application permissions and risk signals," in WWW '12.

L. Davi et al., "Privilege escalation attacks on Android," in 13th International Conference on Information Security (ISC '10).

A. Felt et al., "Permission re-delegation: attacks and defenses," in 20th USENIX Conference on Security (SEC'11).

P. Hornyack et al., "These aren't the droids you're looking for: retorting Android to protect data from imperious applications," in 18th ACM Conference on Computer and Communications Security (CCS '11).

W. Enck et al., "On lightweight mobile phone application certification," in 16th ACM Conference on Computer and Communications Security (CCS '09).

P. P. F. Chan et al., "Droidchecker: analyzing Android applications for capability leak," in ACM Conference on Security and Privacy in Wireless and Mobile Networks (WISEC '12).

A. Fuchs et al., "SCanDroid: Automated security certification of Android applications," Technical report, U of Maryland College Park, 2009.

R. Xu, H. Sadi, and R. Anderson, "Aurasium: practical policy enforcement for Android applications," in 21st USENIX Conference on Security (SEC '12).

M. Conti, V. Nguyen, and B. Crispo, "Crepe: context-related policy enforcement for Android," in 13th International Conference on Information Security (ISC '10).

M. Nauman, S. Khan, and X. Zhang, "Apex: extending Android permission model and enforcement with user-defined runtime constraints," in 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS '10).

A. Chaudhuri, "Language-based security on Android," in ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security (PLAS '09).

W. Enck et al., "TaintDroid: an information-flow tracking system for real-time privacy monitoring on smartphones," in 9th USENIX Conference on Operating Systems Design and Implementation (OSDI '10).

M. Nauman, S. Khan, and X. Zhang, "Apex: extending Android permission model and enforcement with user-defined runtime constraints," in 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS '10).

E. Fragkaki, L. Bauer, L. Jia, and D. Swasey, "Modeling and enhancing Android's permission system," in ESORICS 2012.

K. W. Y. Au et al., "Short paper: a look at smartphone permission models," in Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, ser. SPSM ’11, 2011, pp. 63–68.

"Androidmanifest.permission," http://developer.android.com/reference/android/Manifest.permission.html, 2012.

A. P. Felt et al., "Android permissions demystified," in Proceedings of the 18th ACM conference on Computer and communications security, ser.CCS ’11, 2011, pp. 627–638.

"Android developer: monkeyrunner," http://developer.android.com/guide/developing/tools/monkeyrunner_concepts.html, 2012.

W. Enck, M. Ongtang, and P. McDaniel, "On lightweight mobile phone application certification," in Proceedings of the 16th ACM conference on Computer and communications security, ser. CCS ’09, 2009, pp. 235–245.

D. Barrera et al., "A methodology for empirical analysis of permission-based security models and its application to Android," in Proceedings of the 17th ACM conference on Computer and communications security, ser. CCS ’10, 2010, pp. 73–84.

A. P. Felt et al., "The effectiveness of application permissions," in Proceedings of the 2nd USENIX conference on Web application development, ser. WebApps’11, 2011, pp. 7–7.

A. P. Felt et al., "Android permissions demystified," in Proceedings of the 18th ACM conference on Computer and communications security, ser. CCS ’11, 2011, pp. 627–638.

Y. Zhou et al., "Taming information-stealing smartphone applications (on Android)," in Proceedings of the 4th international conference on Trust and trustworthy computing, ser. TRUST’11, 2011, pp. 9.

J. Andrus et al., "Cells: a virtual mobile smartphone architecture," in Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, ser. SOSP ’11, 2011, pp. 173–187.

W. Enck et al., "Taintdroid: An information-flow tracking system for real-time privacy monitoring on smartphones," in Proceedings of the 9th USENIX Symposium on Operating System Design and Implementation (OSDI '10).

M. Egele et al., "Pios: Detecting privacy leaks in iOS applications," in 18th Annual Symposium on Network and Distributed System Security. San Diego, California: Internet Society, February 2011.

A. R. Yumerefendi et al., "Tightlip: Keeping applications from spilling the beans," in Proceedings of the 4th USENIX Symposium on Networked Systems Design and Implementation, ser. NSDI ’07. USENIX, April 2007.

A. P. Felt et al., "Permission re-delegation: Attacks and defenses," in Proceedings of the 20th USENIX Security Symposium, ser. USENIX’11, 2011.

M. Dietz et al., "Quire: Lightweight provenance for smart phone operating systems," in 20th USENIX Security Symposium, San Francisco, CA, Aug. 2011.

E. Chin et al., "Analyzing inter-application communication in Android," in Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, ser. MobiSys ’11, 2011, pp. 239–252.

S. Bugiel et al., "Xmandroid: A new Android evolution to mitigate privilege escalation attacks," Technische Universitat Darmstadt, Center for Advanced Security Research, Tech. Rep., 2011.

P. Gilbert et al., "Vision: Automated security validation of mobile apps at app markets," in Proceedings of the second international workshop on Mobile cloud computing and services, ser. MCS ’11, 2011, pp. 21–26.

Downloads

Published

10-08-2015

How to Cite

Nandhini, T., & Arulmozhi, V. (2015). Permission Tracking Security Model in Android Application. Asian Journal of Computer Science and Technology, 4(2), 6–12. https://doi.org/10.51983/ajcst-2015.4.2.1757

Issue

Vol. 4 No. 2 (2015): July-December 2015

Section

Articles

License

Copyright (c) 2015 The Research Publication

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.