Abstract
The increase in popularity and users of the Android platform in recent years has led to a lot of innovative and smart Android applications (apps). Many of these apps are highly interactive, customizable, and require user data to provide services. While being convenient, user privacy is the primary concern. It is not guaranteed that these apps are not storing user data for their need or scrapping algorithms through them. Android uses the system of permissions to provide security and protect user data. The user can grant permission for requested resources either at runtime or during the installation process. However, this system is often misused in practice by demanding extra permissions that are not required to provide services. These kinds of apps stop functioning if all permissions are not granted to them. Therefore, in this paper, a privacy preserved secure framework is proposed to prevent an app from stealing user data by restricting all unnecessary permissions. Unnecessary permissions are recognized by predicting the permissions required by a given app by using collaborative filtering and frequent permission set mining algorithms. Thus, the proposed model interacts with the target application and modifies the permission data inside. Experimental results reveal that the proposed model not only protects the user data but also ensures the proper functioning of the given application.
Highlights
Android is the most popular operating system (OS) when it comes to mobile platforms
Various research approaches were presented to identify the malicious behavior of Android applications
A privacy-preserving secure framework was proposed to prevent the applications from stealing user data by restricting all unnecessary permissions using instrumentation and repackaging of the application
Summary
Android is the most popular operating system (OS) when it comes to mobile platforms. According to Global Stats [1], Android OS enjoys almost 75% of the market share in the Mobile OS Industry, followed by iOS with a 25% share in June 2020. Due to a lack of protection in dangerous permissions associated with sensitive APIs, user privacy is exploited by malicious apps by manipulating users and application services. This situation motivated us to make a system that would improve the app’s functioning while securing sensitive data. B. APPLICATION SECURITY Android uses the permission model to prevent an app from using sensitive data and resources that are not required during runtime. To prevent misuse of the ANDROID_ID value, Android 8.0 provides a mechanism that does not allow the change in ANDROID_ID when the application is re-installed until the package name and key are identical Another feature, Build.getSerial() returns the actual serial number of the device till the caller holds the PHONE permission. The results that are obtained from the server during analysis are processed and stored for all new applications
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
