Abstract
Since its introduction in 2008, Google’s Android has been a blazing success, far outstripping the market share of all other mobile operating systems. Android ships more than one billion new devices each year, and more than 1.5 million new devices are activated every day. This growth was not without pain, however. Recent measures estimate that 96–97% of today’s mobile malware targets the Android operating system, and 73% of them are specifically designed to satisfy profit motives. In addition, as the system becomes more popular and scrutinized, the number of vulnerabilities identified has exploded. The security of Android is a key issue for Google, the mobile OS is - by far - the most popular in the world. The Android security mechanism is founded on an instrument that gives users all the information about the permissions requested by the application before installing it. The main benefit of this Android permission system is to provide users an overview of the application by showing them the requested permissions list, which can help raise awareness of its risks on their private data. However, we still do not have enough information to allow us to say that standard users are able to clearly understand the permissions requested and their implications for their security. In this article, we present a tool called “PerUpSecure” multiphases that combines dynamic and static analysis and contrary to what we know about the installation process of Android applications that puts in front of the user only two options, either he accepts all requested permissions or he cancels the installation, our proposed tool allows the user to install any application with only the necessary permissions. At the end of this article, we present the analysis results of a set of normal applications and malicious programs collected from different markets.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Deloitte: State of the smart Consumer and business usage patterns. Mobile, Glob. Surv. Consum. Cut, UK (2017)
IDC: Smartphone market shares (2017). https://www.idc.com/promo/smartphone-market-share/os
Suarez-tangil, G., Stringhini, G.: Eight Years of Rider Measurement in the Android Malware Ecosystem: Evolution and Lessons Learned, arXiv, pp. 1–18 (2017)
Rajesh, B., Reddy, P., Patil, M., Pareek, H.: Droidswan: detecting malicious android applications based on static. In: Conference on Communications Security & Information Assurance, May 2015
Ahvanooey, M.T., Li, P.Q., Rabbani, M., Rajput, A.R.: A survey on smartphones security: software vulnerabilities, malware, and attacks. Int. J. Adv. Comput. Sci. Appl. 8(10), 30–45 (2017)
Sarma, B., Li, N., Gates, C., Potharaju, R., Nita-rotaru, C., Lafayette, W.: Android Permissions: a perspective combining risks and benefits, pp. 13–22 (2012)
Reshetova, E., Karhunen, J., Nyman, T., Asokan, N.: Security of OS-level virtualization technologies. In: Conference Security, IT (2014)
Skillen, A., Van Oorschot, P.C.: Deadbolt: locking down android disk encryption∗. In: Proceedings of the Third ACM Workshop on Security and Privacy on Smartphones Mobile Devices, pp. 3–14. ACM (2013)
Wijesekera, P., Columbia, B., Baokar, A., Hosseini, A., Egelman, S., Wagner, D.: Android permissions remystified: a field study on contextual integrity T. In: USENIX Security Symposium, pp. 499–514 (2015)
Chen, K.Z., Johnson, N., Silva, S.D., Macnamara, K., Magrino, T., Wu, E., Rinard, M., Song, D.: Contextual policy enforcement in android applications with permission event graphs. In: NDSS (2013)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of 18th Conference on Computer & Communications Security - CCS ’11, p. 627 (2011)
Zhang, X., Breitinger, F., Baggili, I.: Rapid Android Parser for Investigating DEX Files (RAPID), vol. 17, pp. 28–39 (2016)
Barros, P., Millstein, S., Vines, P., Dietl, W., Amorim, M., Ernst, M.D.: Static analysis of implicit control flow: resolving Java reflection and android intents. In: 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE) (2015)
Ding, J.: PQEMU : A parallel system emulator based on QEMU. In: 2011 IEEE 17th International Conference Parallel Distributed Systems (2011)
A. Developers: UI/Application Exerciser Monkey. August, 2012. http://developer.android.com/%0Atools/help/monkey.html
G. Play: Android official market. https://play.google.com/store/apps
A. Market: AndroidBest. http://androidbest.ru/
A. Market: AndroidDrawer. http://www.androiddrawer.com/
A. Market: AndroidLife. http://androidlife.ru/
A. Market: Anruan. http://www.anruan.com/
A. Market: AppsApk. http://www.appsapk.com/
A. Market: PandaApp. http://android.pandaapp.com/
A. Market: SlideME
Barrera, D., Van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to android. Security 1, 73–84 (2010)
Enck, W., Ongtang, M., Mcdaniel, P.: Understanding android security. IEEE Secur. Priv. (1), 50–57 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Er-rajy, L., El Kiram, M.A., El Ghazouani, M. (2019). Android Applications Analysis Using PerUpSecure. In: Ezziyyani, M. (eds) Advanced Intelligent Systems for Sustainable Development (AI2SD’2018). AI2SD 2018. Advances in Intelligent Systems and Computing, vol 911. Springer, Cham. https://doi.org/10.1007/978-3-030-11878-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-11878-5_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-11877-8
Online ISBN: 978-3-030-11878-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)