Abstract
Android applications store large amounts of sensitive information that may be exposed and exploited. To prevent this security risk, some applications such as Syrup and KakaoTalk use physical device values to authenticate or encrypt application data. However, by manipulating these physical device values, an attacker can circumvent the authentication by executing a Same Identifier Attack and obtain the same application privileges as the user. In our work, WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup were subjected to the Same Identifier Attack, and it was found that an attacker could gain the same privileges as the user, in all five applications. To solve such a problem, we propose a technical scheme—User Authentication using Peripheral Devices. We applied the proposed scheme to a Nexus 5X smartphone running Android version 7.1 and confirmed that the average execution time was 0.005 s, which does not affect the other applications’ execution significantly. We also describe the security aspects of the proposed scheme and its compatibility with the Android platform and other applications. The proposed scheme is practical and efficient in terms of resource usage; therefore, it will be useful for Android users to improve Android application security.
Highlights
The number of Android application downloads is increasing every year [1]
We present the risk to Android, Android, at present, because it is possible to create a copy of an application with the same user at present, because it is possible to create a copy of an application with the same user privileges privileges by modifying the physical device values to duplicate the user’s application
Propose an improved defense of Android applications, which does not depend on the smartphone manufacturer
Summary
The number of Android application downloads is increasing every year [1]. Android applications, which are often called Android apps, offer various conveniences to users. If an attacker misuses them, he/she can analyze the application data in the backup files to obtain personal information for applications such as WhatsApp or Facebook [10,11]. Another form of attack hacks a user’s Android application using backup technology. This method uses the Android Debug Bridge (ADB) to acquire backup data from an unrooted terminal, and modifies the XML values of the application and restores the backup file [12]. Weagainst use nonrooted the target of use attack and for configured through WiFi, to defend
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
