Android Permissions: Attacks and Controls

Android Permissions: Attacks and Controls

Prachi (The NorthCap University, India) and Arushi Jain (The NorthCap University, India)
Copyright: © 2017 |Pages: 11
DOI: 10.4018/978-1-5225-2154-9.ch004


In recent times, Android phones are the most popular among the users. According to a survey by International Data Corporation (IDC), it is reported that in 2015 Android dominates the smartphone market with 82.8% share, leaving its competitor iOS, Windows and others far behind. This popularity makes it prime target among the malware developers. According to a survey by the F-Secure it has been reported that 99% of new malwares are targeting the Android OS. This is majorly due to coarse grained permissions defined in the Android permission system. Additionally, some malicious applications ask for more than required permissions to exploit the personal and sensitive data of user. The objective of this chapter is twofold: getting familiar with Permission based attacks in Android, applying Reverse Engineering technique on the malicious apk file for controlling permission attacks and removing malicious code from the source code of Android apk file.
Chapter Preview


Android OS is leading the smartphone market with the share of 82.8% in 2015Q2 (2nd quadrant of year 2015) leaving its competitors iOS, Windows Blackberry, others far behind in the race. The report of four consecutive years (2012-2015) by International Data Corporation (IDC) (IDC Research, Inc., 2016) clearly states the fact that Android phones are the largest selling smartphones around the world. Android popularity has encouraged the developers to develop the android based applications, popularly known as “Apps”. Google Play Store is an official market of android based applications and is populated with millions of apps. These apps are used to perform a wide range of tasks like Internet browsing, email accessing, online banking, payment through net banking, credit/debit, storing personal data such as photos, videos, contacts etc. Growing popularity of Android made it a prime target among the malware developers. According to F-Secure (Team Snoop Wall, 2014) report 99% of all new mobile malware, that were discovered in 2014, targeted the android devices. Android is most popular among the malware developer due to 3 main issues:

Firstly, when Google Play Store was introduced in 2008 it allowed all the third party developers to launch their apps in Google Play Store without any security check. This facilitates the malware developers to design and launch their malicious apps in Google Play Store. Google rectified this issue in 2012, by introducing Google Bouncer (Lukas S., 2015). It is an anti-malware system that filters the malicious apps even before they showed up in the Android market. However, it runs an app for a very short interval of time before declaring it as safe. Malware authors can take advantage of this shortcoming and suspend the malicious behavior of an app shortly whenever bouncer is detected. Moreover, it is not able to scan already installed apps.Secondly, as Android is an open source OS (Andre et al., 2012), it allows the users to customize the existing applications; this functionality becomes an issue when the developers use it for fulfilling their malicious objective. They use the techniques (Roger, 2013) like Wrapping, Obfuscation, Repackaging, Packers, Anti-debugging, and Targeting etc to add the malicious code into existing applications and then re-launch it into the Android market. Most of the users are not able to differentiate between malicious and original application and end up installing the repackaged malicious application. The final issue is related to the permissions assigned to an app.

To restrict the app from accessing the sensitive functionality, android provides permission based security model. In this model the developer of an application defines the permissions corresponding to every resource that is needed by an application from the user’s device in the AndroidManifest.xml file of the application (Felt et al., 2013). To install an application, a user has to accept the permissions at the installation time. However in case of android, the permissions are coarse grained. At the time of installation, user is forced to accept all the permissions or deny app installation. Therefore dangerous permissions cannot be avoided at the time of installation. Malware authors take advantage of this loophole to design the malicious apps that ask for undue permissions. These over-privileged applications, i.e. applications with more than required permissions, when successfully enter into user devices, perform malicious task without the knowledge of the user. For example, suppose a user installs an application having an extra permission CAMERA then the application with this permission can freely access the camera of the user’s device, take pictures, and can also send pictures to remote location without the knowledge of the user.It is clear from ESET Latin America 2013 survey report (ESET Latin America’s Lab, 2012)that majority of users stores their personal data on mobile phones. Therefore, with the help of these undue permissions, malware authors can easily extract user’s personal data and later use it for social engineering attacks.

Complete Chapter List

Search this Book: