Abstract
In this paper, we explored the potential risks of authorizations unexplained by benign apps in order to maintain the confidentiality and availability of personal data. More precisely, we focused on the mechanisms for managing risk permissions under Android to limit the impact of these permissions on vulnerability vectors. We analyzed a sample of forty (40) apps developed in Burkina Faso and identified abuses of dangerous authorizations in several apps in relation to their functional needs. We also discovered combinations of dangerous permissions because it exposes the confidentiality of the data. This analysis allowed us to establish a link between permissions and vulnerabilities, as a source of risk of data security. These risks facilitate exploits of privileges that should be reduced. We have therefore proposed the need to coordinate resolution mechanisms to the administrators, developers, users to better guide the required permissions by benign apps on Android.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
He, D., Chan, S., Guizani, M.: Mobile application security: malware threats and defenses. IEEE Wirel. Commun. 22, 138–144 (2015)
Thanh, H.L.: Analysis of malware families on android mobiles: detection characteristics recognizable by ordinary phone users and how to fix it. J. Inf. Secur. 4, 213–224 (2013)
Wang, Y., Alshboul, Y.: Mobile security testing approaches and challenges. In: Conference Paper, February 2015
Sawadogo, S.: Partitionnement de Graphes: Application à l’identification de malwares, master 2, mai 2015
Mishra, R.: Mobile application security: building security into the development process (2015)
Gilbert, P., Chun, B.-G.: Vision: automated security validation of mobile apps at app markets (2011)
Friedman, J., Hoffman, D.V.: Protecting data on mobile devices: a taxonomy of security threats to mobile computing and review of applicable defenses. Inf. Knowl. Syst. Manag. 7, 159–180 (2008)
Rezaie, S.: Mobile security education with android labs. Ph.D. thesis, The Faculty of California Polytechnic State University, March 2018
Zonouz, S., Houmansadr, A., Berthier, R., Borisov, N., Sanders, W.: Secloud: a cloud-based comprehensive and lightweight security solution for smartphones. Comput. Secur. 37, 215–227 (2013)
Lindorfer, M., Neugschwandtner, M., Platzer, C.: MARVIN: efficient and comprehensive mobile app classification through static and dynamic analysis. In: 2015 IEEE 39th Annual Computer Software and Applications Conference, vol. 2, pp. 422–433 (2015)
Shewale, H., Patil, S., Deshmukh, V., Singh, P.: Analysis of android vulnerabilities and modern exploitation techniques, March 2014
Jimenez, M., Papadakis, M., Bissyandé, T.F., Klein, J.: Profiling android vulnerabilities (2014)
Mobile Threats Report, Juniper Networks Third Annual, March 2012 through March 2013
Li, L., et al.: Understanding android app piggybacking: a systematic study of malicious code grafting (2016)
Li, L., et al.: On locating malicious code in piggybacked android apps. October 2017
Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2014, New York, pp. 259–269 (2014)
Avdiienko, V., et al.: Mining apps for abnormal usage of sensitive data. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, May 2015, vol. 1, pp. 426–436 (2015)
Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services - MobiSys 2011, pp. 239–252. ACM (2011)
Ratsisahanana, R.A.: Caractérisation et détection de malware Android basées sur les flux d’information. Autre, Supélec (2014)
Calvet, J.: Analyse Dynamique de Logiciels Malveillants. Cryptographie et sécurité [cs.CR]. Université de Lorraine (2013)
Sang, F.L.: Protection des systèmes informatiques contre les attaques par entrées-sorties. Cryptographie et sécurité [cs.CR]. INSA de Toulouse, pp. 9–10 (2012)
Grace, M., Zhou, W., Sadeghi, A-R., Jiang, X.: Unsafe exposure analysis of mobile in-app advertisements (2012)
Dinh, H.T., Lee, C., Niyato, D., Wang, P.: A survey of mobile cloud computing: architecture, applications, and approaches, October 2011
Symantec, 19 August 2013. https://www.symantec.com/security-center/writeup/2013-081914-5637-99. Accessed 18 Dec 2018
Vulnerabilities of Android. https://www.cvedetails.com/product/19997/Google-Android.html?vendor_id=1224. Accessed 18 Jan 2019
Gartner: Preliminary Worldwide PC Vendor Unit Shipment Estimates for 2018, January 2019. https://www.gartner.com/en/newsroom/press-releases/2019-01-10-gartner-says-worldwide-pc-shipments-declined-4-3-perc. Accessed 22 Apr 2019
Gartner: Worldwide Smartphone Sales to End Users by Vendor in 2018, February 2019. https://www.gartner.com/en/newsroom/press-releases/2019-02-21-gartner-says-global-smartphone-sales-stalled-in-the-fourth-quart. Accessed 28 Apr 2019
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Koala, G., Bassolé, D., Zerbo/Sabané, A., Bissyandé, T.F., Sié, O. (2020). Analysis of the Impact of Permissions on the Vulnerability of Mobile Applications. In: Zitouni, R., Agueh, M., Houngue, P., Soude, H. (eds) e-Infrastructure and e-Services for Developing Countries. AFRICOMM 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 311. Springer, Cham. https://doi.org/10.1007/978-3-030-41593-8_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-41593-8_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41592-1
Online ISBN: 978-3-030-41593-8
eBook Packages: Computer ScienceComputer Science (R0)