Analysis and Enhancement of the Android Permission System
نویسنده
چکیده
With the increasing popularity of mobile operating systems in general and the Android operating system specifically, new threats developed targeting mobile devices and said operating systems. Android has become one of the most important mobile operating systems within the last years and, hence, an often targeted system. In this thesis, the Android permission system is analyzed with regard to the level of security it provides to its users and an Android application is developed increasing that level. The permission system is taken into focus, because it is seen as a fatal flaw within the Android security architecture. Using recent papers, weak spots are revealed and goals are developed from them. To achieve these goals, certain enhancements need to be added to the Android system. These enhancements are presented and function as a foundation for the developed application, while keeping the system as simple as possible. The developed application, PermissionControl, is a tool inheriting most of these goals. In a subsequent evaluation it can be shown that the tool manages to highly decrease the security risks of the Android system.
منابع مشابه
ریسک سنج: ابزاری برای سنجش دقیق میزان ریسک امنیتی برنامهها در دستگاههای همراه
Nowadays smartphones and tablets are widely used due to their various capabilities and features for end users. In these devices, accessing a wide range of services and sensitive information including private personal data, contact list, geolocation, sending and receiving messages, accessing social networks and etc. are provided via numerous application programs. These types of accessibilities, ...
متن کاملPScout : Analyzing the Android Permission Specification by Kathy Wain Yee Au
PScout: Analyzing the Android Permission Specification Kathy Wain Yee Au Master of Applied Science Graduate Department of Electrical and Computer Engineering University of Toronto 2012 Modern smartphone operating systems (OSs) have been developed with a greater emphasis on security and protecting privacy. One of the security mechanisms these systems use is permission system. We perform an analy...
متن کاملAppGuard — Real-time policy en- forcement for third-party applications
Android has become the most popular operating system for mobile devices, which makes it a prominent target for malicious software. The security concept of Android is based on app isolation and access control for critical system resources. However, users can only review and accept permission requests at install time, or else they cannot install an app at all. Android neither supports permission ...
متن کاملDPerm: Assisting the Migration of Android Apps to Runtime Permissions
Android apps require permissions when accessing resources related to privacy or system integrity. Starting from Android 6, these permissions have to be asked at runtime. However, migrating to the new permission model poses multiple challenges for developers. First, developers have to discover where the app uses permissions, which requires a permission specification. To date several such specifi...
متن کاملA Temporal Permission Analysis and Enforcement Framework for Android
Permission-induced attacks, i.e., security breaches enabled by permission misuse, are among the most critical and frequent issues threatening the security of Android devices. By ignoring the temporal aspects of an attack during the analysis and enforcement, the state-of-the-art approaches aimed at protecting the users against such attacks are prone to have low-coverage in detection and highdisr...
متن کامل