Abstract
This paper describes a study for assessing how many free Android games with in-app purchases were susceptible to data manipulation via the backup utility. To perform this study, a data set with more than 800 games available in the Google Play store was defined. The backup utility, provided by the Android Operating System (OS), was used to backup the app files into a Personal Computer (PC) in order to find and manipulate sensitive data. In the cases where sensitive data was found, the applications were restored and the games tested to assess if the manipulation was successful and if it could be used to the benefit of the user. The results included show that a significant percentage of the analyzed games save the user and app information in plaintext and do not include mechanisms to detect or prevent data from being modified.
Chapter PDF
References
Android Developers: Android Debug Bridge (2014). http://developer.android.com/tools/help/adb.html (accessed December 2014)
Android Developers: Dashboards — Android Developers (2014). https://developer.android.com/about/dashboards/index.html (accessed December 2014)
Apple: Official Apple Store (20). http://store.apple.com/us (accessed January 2015)
Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 73–84. ACM, New York (2010). http://doi.acm.org/10.1145/1866307.1866317
Håland, C.: An Application Security Assessment of Popular Free Android Applications. Master’s thesis, Norwegian University of Science and Technology (2013)
Xiao, C., Olson, R.: Insecure Internal Storage in Android - Palo Alto Networks BlogPalo Alto Networks Blog (2014). http://researchcenter.paloaltonetworks.com/2014/08/insecure-internal-storage-android/ (accessed December 2014)
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 235–245. ACM, New York (2009). http://doi.acm.org/10.1145/1653662.1653691
Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., Smith, M.: Why eve and mallory love android: An analysis of android ssl (in)security. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 50–61. ACM, New York (2012). http://doi.acm.org/10.1145/2382196.2382205
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 627–638. ACM, New York (2011). http://doi.acm.org/10.1145/2046707.2046779
Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. In: Proceedings of the 2nd USENIX Conference on Web Application Development, WebApps 2011, p. 7. USENIX Association, Berkeley (2011). http://dl.acm.org/citation.cfm?id=2002168.2002175
Forums, X.: GUIDE How to extract, create or edit android adb backups — Android Development and Hacking — XDA Forums (20). http://forum.xda-developers.com/showthread.php?t=2011811 (accessed January 2015)
Google: Google Play (2014). https://play.google.com/store (accessed December 2014)
King, J: Android Application Security with OWASP Mobile Top 10 2014. Master’s thesis, Luleå University of Technology (2014)
OWASP: Projects/OWASP Mobile Security Project - Top Ten Mobile Risks - OWASP (2014). https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks (accessed November 2014)
Pieterse, H., Olivier, M.: Android botnets on the rise: Trends and characteristics. In: Information Security for South Africa (ISSA 2012), pp. 1–5, August 2012
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 IFIP International Federation for Information Processing
About this paper
Cite this paper
Vigário, F., Neto, M., Fonseca, D., Freire, M.M., Inácio, P.R.M. (2015). Assessment of the Susceptibility to Data Manipulation of Android Games with In-app Purchases. In: Federrath, H., Gollmann, D. (eds) ICT Systems Security and Privacy Protection. SEC 2015. IFIP Advances in Information and Communication Technology, vol 455. Springer, Cham. https://doi.org/10.1007/978-3-319-18467-8_35
Download citation
DOI: https://doi.org/10.1007/978-3-319-18467-8_35
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-18466-1
Online ISBN: 978-3-319-18467-8
eBook Packages: Computer ScienceComputer Science (R0)