Security source code analysis of applications in Android OS

Sami Azam; Rajvinder Singh Sumra; Bharanidharan Shanmugam; Kheng Cher Yeo; Mirjam Jonkman; Ganthan Narayana Samy

doi:10.14419/ijet.v7i4.15.21366

Security source code analysis of applications in Android OS

Sami Azam, Rajvinder Singh Sumra, Bharanidharan Shanmugam, Kheng Cher Yeo, Mirjam Jonkman, Ganthan Narayana Samy

Research output: Contribution to journal › Article › peer-review

105 Downloads (Pure)

Abstract

It is a known fact that Android mobile phones’ security has room for improvement. Many malicious app developers have targeted android mobile phones, mainly because android as an open operating system provides great flexibility to developers and there are many android phones which do not have the latest security updates. With the update of marshmallow in android, applications request permission only during runtime, but not all users have this update. This is important because user permission is required to perform certain actions. The permissions may be irrelevant to the features provided by an application. The purpose of this research is to investigate the use and security risk of seeming irrelevant permissions in applications available from Google store. Two different applications which seem to ask irrelevant permissions during installation were selected from Google store. To test these applications, static analysis, dynamic analysis and reverse engineering tools were used. Findings show potentially malicious behavior, demonstrating that downloading apps from Google play store do not guarantee security.

Original language	English
Pages (from-to)	30-34
Number of pages	5
Journal	International Journal of Engineering and Technology(UAE)
Volume	7
Issue number	4.15
DOIs	https://doi.org/10.14419/ijet.v7i4.15.21366
Publication status	Published - 2018

Access to Document

10.14419/ijet.v7i4.15.21366

21366-Article Text-45253-1-10-20181009Final published version, 500 KBLicence: CC BY

https://www.sciencepubco.com/index.php/ijet/article/view/21366Licence: CC BY

Cite this

@article{0594759bcb1243ef8b6b1631a5edde29,

title = "Security source code analysis of applications in Android OS",

abstract = "It is a known fact that Android mobile phones{\textquoteright} security has room for improvement. Many malicious app developers have targeted android mobile phones, mainly because android as an open operating system provides great flexibility to developers and there are many android phones which do not have the latest security updates. With the update of marshmallow in android, applications request permission only during runtime, but not all users have this update. This is important because user permission is required to perform certain actions. The permissions may be irrelevant to the features provided by an application. The purpose of this research is to investigate the use and security risk of seeming irrelevant permissions in applications available from Google store. Two different applications which seem to ask irrelevant permissions during installation were selected from Google store. To test these applications, static analysis, dynamic analysis and reverse engineering tools were used. Findings show potentially malicious behavior, demonstrating that downloading apps from Google play store do not guarantee security.",

keywords = "Android security, Android testing tools, Dynamic analysis, Information leakage detection, Static analysis",

author = "Sami Azam and Sumra, {Rajvinder Singh} and Bharanidharan Shanmugam and Yeo, {Kheng Cher} and Mirjam Jonkman and Samy, {Ganthan Narayana}",

year = "2018",

doi = "10.14419/ijet.v7i4.15.21366",

language = "English",

volume = "7",

pages = "30--34",

journal = "International Journal of Engineering and Technology(UAE)",

issn = "2227-524X",

publisher = "Science Publishing Corporation Inc",

number = "4.15",

}

TY - JOUR

T1 - Security source code analysis of applications in Android OS

AU - Azam, Sami

AU - Sumra, Rajvinder Singh

AU - Shanmugam, Bharanidharan

AU - Yeo, Kheng Cher

AU - Jonkman, Mirjam

AU - Samy, Ganthan Narayana

PY - 2018

Y1 - 2018

N2 - It is a known fact that Android mobile phones’ security has room for improvement. Many malicious app developers have targeted android mobile phones, mainly because android as an open operating system provides great flexibility to developers and there are many android phones which do not have the latest security updates. With the update of marshmallow in android, applications request permission only during runtime, but not all users have this update. This is important because user permission is required to perform certain actions. The permissions may be irrelevant to the features provided by an application. The purpose of this research is to investigate the use and security risk of seeming irrelevant permissions in applications available from Google store. Two different applications which seem to ask irrelevant permissions during installation were selected from Google store. To test these applications, static analysis, dynamic analysis and reverse engineering tools were used. Findings show potentially malicious behavior, demonstrating that downloading apps from Google play store do not guarantee security.

AB - It is a known fact that Android mobile phones’ security has room for improvement. Many malicious app developers have targeted android mobile phones, mainly because android as an open operating system provides great flexibility to developers and there are many android phones which do not have the latest security updates. With the update of marshmallow in android, applications request permission only during runtime, but not all users have this update. This is important because user permission is required to perform certain actions. The permissions may be irrelevant to the features provided by an application. The purpose of this research is to investigate the use and security risk of seeming irrelevant permissions in applications available from Google store. Two different applications which seem to ask irrelevant permissions during installation were selected from Google store. To test these applications, static analysis, dynamic analysis and reverse engineering tools were used. Findings show potentially malicious behavior, demonstrating that downloading apps from Google play store do not guarantee security.

KW - Android security

KW - Android testing tools

KW - Dynamic analysis

KW - Information leakage detection

KW - Static analysis

UR - http://www.scopus.com/inward/record.url?scp=85054686516&partnerID=8YFLogxK

U2 - 10.14419/ijet.v7i4.15.21366

DO - 10.14419/ijet.v7i4.15.21366

M3 - Article

AN - SCOPUS:85054686516

SN - 2227-524X

VL - 7

SP - 30

EP - 34

JO - International Journal of Engineering and Technology(UAE)

JF - International Journal of Engineering and Technology(UAE)

IS - 4.15

ER -

Security source code analysis of applications in Android OS

Abstract

Access to Document

Other files and links

Fingerprint

Cite this