Privacy issues of android application permissions: A literature review (original) (raw)
Related papers
An Overview of Security Challenges of Android Apps Permissions
2014
In the last five years there has been observed a drastic shift from PC, laptops to smart phones for accessing internet services. The increased dependence on mobile apps brings into light the security risks associated with these apps. The large number of freely available apps in market days sometimes request more permissions than they use, and this fact is usually unknown to the user. Open source platform android makes it easier to introduce such flaws intentionally and steal the confidential information such as personal contacts, passwords etc. The paper presents the analysis of the survey work of vulnerabilities in android apps. The vulnerability analysis of a sample designed android app with over privileged permissions, and content leaks associated with such apps. The security measures practices that should be followed while setting the permissions have also been discussed.
Permission-based Privacy Analysis for Android Applications
While Information and Communication Technology (ICT) trends are moving towards the Internet of Things (IoT), mobile applications are becoming more and more popular. Mostly due to their pervasiveness and the level of interaction with the users, along with the great number of advantages, the mobile applications bring up a great number of privacy related issues as well. These platforms can gather our very sensitive private data by only granting them a list of permissions during the installation process. Additionally, most of the users can find it difficult, or even useless, to analyze system permissions. Thus, their guess of app's safety mostly relies on the features like rating and popularity, rather than in understanding context of listed permissions. In this paper we investigate the relationship between the features collected from Android Market API 23 (such as Popularity, Total Number of Permissions, Number of Dangerous Permissions, Rating and Package Size) to app's privacy violation. To show the influence of each feature we use linear regression and R squared statistics. The conducted research can contribute to the classification of mobile applications with regards to the threat on user's privacy.
A Comprehensive Analysis of the Android Permissions System
IEEE Access, 2020
Android is one of the most essential and highly used operating systems. Android permissions system is a core security component that offers an access-control mechanism to protect system resources and users' privacy. As such, it has experienced continuous change over each Android release. However, previous research on the permissions system has employed static analysis techniques. Furthermore, most of these studies are outdated, covering older versions of Android. This paper aims to discuss the permissions system intensively to provide a nutshell overview of the Android platform's access-control mechanism. The paper presents a comprehensive analysis of the Android permissions system since it was introduced in 2008 until now, accompanied by a formal model of its components. The results of the analysis reveal a continuous growth in the number of permissions since the original release-a growth of seven times in some permission categories. A case study has been conducted for the last five years' versions of the top Android apps to examine the permissions system's evolution and its attendant security issues from the applications' perspective. Some apps showed an increase in permissions usage of 73.33% by the 2020 release. Additionally, the results of the case study contribute to the understanding of permissions deployment by both vendors and developers. Finally, a discussion of the permission-based security enhancements discloses that the Android permissions system faces various security issues. In general, this paper provides researchers and academics an up-to-date, comprehensive, self-contained reference study of the Android permissions system.
Analysis of Android Applications' Permissions
2012 IEEE Sixth International Conference on Software Security and Reliability Companion, 2012
We developed an architecture that automatically searches for and downloads Android applications from the Android Market. Furthermore, we created a detailed mapping of Android application programming interface (API) calls to the required permission(s), if any, for each call. We then performed an analysis of 141,372 Android applications to determine if they have the appropriate set of permissions based on the static analysis of the APK bytecode of each application. Our findings indicate that the majority of mobile software developers are not using the correct permission set and that they either over-specify or under-specify their security requirements.
Abusing Android permissions: A security perspective
2017 IEEE Jordan Conference on Applied Electrical Engineering and Computing Technologies (AEECT), 2017
The drastic increase of mobile apps and its direct impact on the security of user's device and data cannot be neglected. Such data nowadays is related to (almost) all life aspects. Even with the growing awareness to develop more secure apps, but still existed mobile apps found on app stores cannot be considered fully benign. This paper is giving a special attention to Android permissions and how they can be abused by security attacks. Most rated education apps have been selected to perform deep permissions analysis and categorization in terms of protection level and mostly abused ones. Moreover, the apps have been examined to check if they support advertisements or not. The results reveal that 80.3% of the apps are requesting permissions more than what they need and actually used. Consequently, such over-privileged apps would be exposed to serious malicious behaviors. The paper discusses possible solutions to overcome this issue and suggests possible ways to select the required ...
May 2018 Permission-based Privacy Analysis for Android Applications
2019
While Information and Communication Technology (ICT) trends are moving towards the Internet of Things (IoT), mobile applications are becoming more and more popular. Mostly due to their pervasiveness and the level of interaction with the users, along with the great number of advantages, the mobile applications bring up a great number of privacy related issues as well. These platforms can gather our very sensitive private data by only granting them a list of permissions during the installation process. Additionally, most of the users can find it difficult, or even useless, to analyze system permissions. Thus, their guess of app’s safety mostly relies on the features like rating and popularity, rather than in understanding context of listed permissions. In this paper we investigate the relationship between the features collected from Android Market API 23 (such as Popularity, Total Number of Permissions, Number of Dangerous Permissions, Rating and Package Size) to app’s privacy violati...
Privacy Analysis of Android Applications: State-of-art and Literary Assessment
Scalable Computing: Practice and Experience, 2017
In todays world, Android has revolutionized every facet of our lives. Almost all the important services such as banking, transportation, stock trade, medicine, education, etc. are extended to Android these days. Everything is available in the application market of android. Unfortunately, at the same time, the prosperity of these applications also attracts abusers and malicious attackers to perform different types of attacks. An appropriate action needs to be taken to protect Android device from these attacks. Android applications privacy analysis is an extension to the android privacy model, which traditionally emphasizes on prevention, and detection of attacks. It also deals with capturing, recording and analysis of Android applications to detect and investigate Android device intrusions. In this paper, we explore the comprehensive study about different techniques proposed to perform Android applications analytics. In addition to this, various aspects of android applications analytics have been reviewed along with related technologies and their limitations. This gives enhanced recognition of the problem, existing explanation space, and potential research scope to analyze and investigate various Android device intrusions against such attacks efficiently.
An Investigation into Android Run-time Permissions from the End Users' Perspective
To protect the privacy of end users from intended or unintended malicious behaviour, the Android operating system provides a permissions-based security model that restricts access to privacyrelevant parts of the platform. Starting with Android 6, the permission system has been revamped, moving to a run-time model. Users are now prompted for confirmation when an app attempts to access a restricted part of the platform.
Proceedings of the 17th ACM symposium on Access Control Models and Technologies, 2012
The phenomenal growth of the Android platform in the past few years has made it a lucrative target of malicious application (app) developers. There are numerous instances of malware apps that send premium rate SMS messages, track users' private data, or apps that, even if not characterized as malware, conduct questionable actions affecting the user's privacy or costing them money. In this paper, we investigate the feasibility of using both the permissions an app requests, the category of the app, and what permissions are requested by other apps in the same category to better inform users whether the risks of installing an app is commensurate with its expected benefit. Existing approaches consider only the risks of the permissions requested by an app and ignore both the benefits and what permissions are requested by other apps, thus having a limited effect. We propose several risk signals that and evaluate them using two datasets, one consists of 158,062 Android apps from the Android Market, and another consists of 121 malicious apps. We demonstrate the effectiveness of our proposal through extensive data analysis.