A Novel Method to Avoid Malicious Applications on Android

Abstract

Security threats on modern smartphones are increased rapidly with the excessive numbers of the users. According to the reports, it is exposed that most security issues are introduced from usage of malicious applications. Operating systems with the permission model, such as Android, accept us to install third-party applications. This leads attackers enable to inject exploits into a clean application, so that an application apparently works as normal but executes malicious functions in the background. Therefore, we introduce with analysis of the method to prevent an installation of malicious applications using permissions using Maximum Severity Rating (MSR) classification. Then, the method to enhance an ability to perceive warning signs in the procedure of an application installation and comparison of its effectiveness with existing method is introduced. Overall, the processes assist the users to make a better decision with detailed information. Smartphone OS accepts the users to install third party applications. Based on unexpected population of third party application usage, Smartphone users are rapidly growing. According to the report by Gartner in 3rd quarter in 2013(15), the users of Android are 72.4%, and thus dominate Smartphone market. While Android is widely spreading among Smartphone users, its security threats are also increasing immensely. The report created by McAfee claims that latest exploits are mostly distributed via malicious applications which pretend to be safe (16). Malicious applications can only execute malfunctions with previously granted permissions. For this reason, attackers require more permissions than what the normal applications need. Serious problems, such as accessing call log, SMS and contact information can be caused if an infected application is running. Therefore, in this paper, the proposed methods focus especially on the procedure of permission agreement, and concentrate to help the users verifying an application properly with rejection of a malicious application as an extensive work from the previous paper (17). To implement this, this paper obtains the process to examine an application with proposed method with analysis of permission-grant model (4, 6, 7) which Android employees. Also, enhanced visualization of permission set is proposed to display information effectively with comparison of previous user interface to provide the better attractions. Throughout this, we expect to replace the previous permission-grant model which includes lower reliability with text format (9) to the proposed model with guarantee of an integrity and better user interface. To achieve this, relative works are mentioned to claim the differences with previous works. Then, calculate a Maximum Severity Rating (MSR) to judge if an application is malicious using a proposed method. Enhanced visualization of permission set is provided to improve a visual accessibility with increment of the right