Advertisement

Assessment of the Susceptibility to Data Manipulation of Android Games with In-app Purchases

  • Francisco VigárioEmail author
  • Miguel Neto
  • Diogo Fonseca
  • Mário M. Freire
  • Pedro R. M. Inácio
Conference paper
First Online:
  • 1.2k Downloads
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 455)

Abstract

This paper describes a study for assessing how many free Android games with in-app purchases were susceptible to data manipulation via the backup utility. To perform this study, a data set with more than 800 games available in the Google Play store was defined. The backup utility, provided by the Android Operating System (OS), was used to backup the app files into a Personal Computer (PC) in order to find and manipulate sensitive data. In the cases where sensitive data was found, the applications were restored and the games tested to assess if the manipulation was successful and if it could be used to the benefit of the user. The results included show that a significant percentage of the analyzed games save the user and app information in plaintext and do not include mechanisms to detect or prevent data from being modified.

Keywords

Android Data manipulation Integrity Mobile operating system Security storage 
Download to read the full conference paper text

References

  1. 1.
    Android Developers: Android Debug Bridge (2014). http://developer.android.com/tools/help/adb.html (accessed December 2014)
  2. 2.
    Android Developers: Dashboards — Android Developers (2014). https://developer.android.com/about/dashboards/index.html (accessed December 2014)
  3. 3.
    Apple: Official Apple Store (20). http://store.apple.com/us (accessed January 2015)
  4. 4.
    Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 73–84. ACM, New York (2010). http://doi.acm.org/10.1145/1866307.1866317
  5. 5.
    Håland, C.: An Application Security Assessment of Popular Free Android Applications. Master’s thesis, Norwegian University of Science and Technology (2013)Google Scholar
  6. 6.
    Xiao, C., Olson, R.: Insecure Internal Storage in Android - Palo Alto Networks BlogPalo Alto Networks Blog (2014). http://researchcenter.paloaltonetworks.com/2014/08/insecure-internal-storage-android/ (accessed December 2014)
  7. 7.
    Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 235–245. ACM, New York (2009). http://doi.acm.org/10.1145/1653662.1653691
  8. 8.
    Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., Smith, M.: Why eve and mallory love android: An analysis of android ssl (in)security. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 50–61. ACM, New York (2012). http://doi.acm.org/10.1145/2382196.2382205
  9. 9.
    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 627–638. ACM, New York (2011). http://doi.acm.org/10.1145/2046707.2046779
  10. 10.
    Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. In: Proceedings of the 2nd USENIX Conference on Web Application Development, WebApps 2011, p. 7. USENIX Association, Berkeley (2011). http://dl.acm.org/citation.cfm?id=2002168.2002175
  11. 11.
    Forums, X.: GUIDE How to extract, create or edit android adb backups — Android Development and Hacking — XDA Forums (20). http://forum.xda-developers.com/showthread.php?t=2011811 (accessed January 2015)
  12. 12.
    Google: Google Play (2014). https://play.google.com/store (accessed December 2014)
  13. 13.
    King, J: Android Application Security with OWASP Mobile Top 10 2014. Master’s thesis, Luleå University of Technology (2014)Google Scholar
  14. 14.
    OWASP: Projects/OWASP Mobile Security Project - Top Ten Mobile Risks - OWASP (2014). https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks (accessed November 2014)
  15. 15.
    Pieterse, H., Olivier, M.: Android botnets on the rise: Trends and characteristics. In: Information Security for South Africa (ISSA 2012), pp. 1–5, August 2012Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2015

Authors and Affiliations

  • Francisco Vigário
    • 1
    Email author
  • Miguel Neto
    • 1
  • Diogo Fonseca
    • 1
  • Mário M. Freire
    • 1
  • Pedro R. M. Inácio
    • 1
  1. 1.Instituto de Telecomunicações, Department of Computer ScienceUniversity of Beira InteriorCovilhãPortugal

Personalised recommendations

Cite paper