TY - JOUR
T1 - Security source code analysis of applications in Android OS
AU - Azam, Sami
AU - Sumra, Rajvinder Singh
AU - Shanmugam, Bharanidharan
AU - Yeo, Kheng Cher
AU - Jonkman, Mirjam
AU - Samy, Ganthan Narayana
PY - 2018
Y1 - 2018
N2 - It is a known fact that Android mobile phones’ security has room for improvement. Many malicious app developers have targeted android mobile phones, mainly because android as an open operating system provides great flexibility to developers and there are many android phones which do not have the latest security updates. With the update of marshmallow in android, applications request permission only during runtime, but not all users have this update. This is important because user permission is required to perform certain actions. The permissions may be irrelevant to the features provided by an application. The purpose of this research is to investigate the use and security risk of seeming irrelevant permissions in applications available from Google store. Two different applications which seem to ask irrelevant permissions during installation were selected from Google store. To test these applications, static analysis, dynamic analysis and reverse engineering tools were used. Findings show potentially malicious behavior, demonstrating that downloading apps from Google play store do not guarantee security.
AB - It is a known fact that Android mobile phones’ security has room for improvement. Many malicious app developers have targeted android mobile phones, mainly because android as an open operating system provides great flexibility to developers and there are many android phones which do not have the latest security updates. With the update of marshmallow in android, applications request permission only during runtime, but not all users have this update. This is important because user permission is required to perform certain actions. The permissions may be irrelevant to the features provided by an application. The purpose of this research is to investigate the use and security risk of seeming irrelevant permissions in applications available from Google store. Two different applications which seem to ask irrelevant permissions during installation were selected from Google store. To test these applications, static analysis, dynamic analysis and reverse engineering tools were used. Findings show potentially malicious behavior, demonstrating that downloading apps from Google play store do not guarantee security.
KW - Android security
KW - Android testing tools
KW - Dynamic analysis
KW - Information leakage detection
KW - Static analysis
UR - http://www.scopus.com/inward/record.url?scp=85054686516&partnerID=8YFLogxK
U2 - 10.14419/ijet.v7i4.15.21366
DO - 10.14419/ijet.v7i4.15.21366
M3 - Article
AN - SCOPUS:85054686516
SN - 2227-524X
VL - 7
SP - 30
EP - 34
JO - International Journal of Engineering and Technology(UAE)
JF - International Journal of Engineering and Technology(UAE)
IS - 4.15
ER -