Android Security Research Articles

Understanding of the Behaviour of Android Smartphone Users in Cameroon: Application of the Security

The popularity and adoption of smartphones has greatly attracted mobile attackers, especially for the popular platforms such as Android. In Sub-Saharan countries, the penetration of Android smartphones is considerable. Researchers tend to work mainly on technical aspects such as Android permissions to determine security risks that users face, ignoring other important aspects. This paper studies the behaviour of smartphone users in Cameroon towards security aspects on Android platform, particularly the basic practices for the security of Android recommended by Google. For this, a survey has been conducted through series of interviews with 2.500 Android Smartphones users across five regions of Cameroon: Centre, Adamawa, North, North-West, and Littoral. The research targeted different regions because of local diversity, and to cover a large area of the country to enrich the results. This research reveals that Cameroonian Android users are not aware of the security risks and therefore are directly exposed to attackers because they do not take measures. Alarmingly, it finds that users detain obsolete versions of Android or do not perform updates regularly. In sum, users are not currently (well) informed to apply basic privacy and security decisions on their devices. As it is not present in Cameroon, the present paper goes further on to propose a new web approach in Cameroon to inform and sensitise on security issues and practices in other to protect their information.

Security Protection Model of QR Code Scanning Software

A QR code is more and more widely used in recent years. The two-dimensional bar-code can be seen in business cards, advertising, or web page and everywhere. But there exist some potential security dangers behind scanning those codes. Hence it have being obstacles to the widely using of QR code scanning software in some degree. This article analyzes several kinds of known attacks tricks through the QR code, and puts forward that the most efficient technology in protect the QR code scanning software is code encryption and white list . Finally An Android security protection model is given.

Security in the Firefox OS and Tizen Mobile Platforms

Emerging mobile platforms Firefox OS and Tizen are learning from Android's security successes and trying to avoid its limitations. Although these platforms offer largely novel solutions, they can still learn from one another. The Web extra at http://youtu.be/yZjVsWz_DAY is a video discussion in which authors Fabio Massacci and Yury Zhauniarovich discuss Android's successes and limitations and what developers can learn from them.

Security in Android

New technologies have always created new areas of concern for information security teams. Usually it provides time for the development of effective security controls. The rapid growth of the smartphone in market and the use of these devices for so many sensitive data have led to the emergence of security threat. A malicious user or malware on a device can create a number of risks for an organization, and so the fact that these devices are not necessarily connected does not translate to a lack of security risks. This paper will discuss why it is important to secure an Android device, what some of the potential vulnerabilities are, and security measures that can be introduced to provide a baseline of security of data on Google’s mobile OS

A Novel Strategy to Enhance the Android Security Framework

the widespread use of the Smartphone, the security of data stored in a Smartphone has reached to an utmost importance to all of us. Installation of every Android app asks for some critical permission to access our critical files and we have to accept the permissions in order to install that application. We propose a novel approach of enhanced security framework which can be integrated with the existing Android Security Framework to make Android more secure and to keep track of the files accessed by any of the vulnerable apps downloaded from different sources on the web. The proposed enhanced security framework enhances the security of Android File System by restricting the apps whose behavior matches with the malware. A novel approach to secure the data on Smartphone's using cryptographic Algorithms is also discussed in this paper.

Security threats to mobile multimedia applications: Camera-based attacks on mobile phones

Today's mobile smartphones are very powerful, and many smartphone applications use wireless multimedia communications. Mobile phone security has become an important aspect of security issues in wireless multimedia communications. As the most popular mobile operating system, Android security has been extensively studied by researchers. However, few works have studied mobile phone multimedia security. In this article, we focus on security issues related to mobile phone cameras. Specifically, we discover several new attacks that are based on the use of phone cameras. We implement the attacks on real phones, and demonstrate the feasibility and effectiveness of the attacks. Furthermore, we propose a lightweight defense scheme that can effectively detect these attacks.

A Study on Applied Technology in Safety and Protection of the Android OS

As the world’s most widely used phone operating system, Android has been chosen to get our lives convenient. However, as the importance of the services our cell phones support increases, so too do the opportunities for invasion. More attention should be paid to the risks of Android OS. In this paper, we analyze the Android security and then give methods based on Android privilege to prevent invasion while using or developing. The method can make users avoid most of the hacking.

다중 지문 시퀀스를 이용한 스마트폰 보안

최근 모바일 디바이스와 휴대기기의 발달로 원격접속이 늘어남에 따라 보안의 중요성도 점차 증가되었다. 그러나 기존 패스워드나 패턴과 같은 보안 프로그램은 지나치게 단순할 뿐 아니라 다른 사용자가 쉽게 취득하여 악용할 수 있다는 단점이 있다. 생체인식을 활용한 보안 시스템은 보안성이 강화 되었지만 위조 및 변조가 가능하기 때문에 완전한 해결책을 제시하지 못한다. 본 논문에서는 이러한 문제점을 해결하기 위해 지문인식과 패스워드를 결합하여 보안성을 향상시킬 수 있는 방안을 연구하였다. 제안한 시스템은 하나의 지문이 아니라 다수의 지문을 이용하는 방법으로, 사용자가 패스워드를 입력할 때 여러 지문 중에서 정확한 지문의 순서를 제공하도록 한다. 오늘날 스마트폰은 패스워드나 패턴, 지문을 이용할 수 있지만 패스워드의 강도가 낮거나 패턴이 쉽게 노출되는 등의 문제가 있다. 반면에 제안한 시스템은 다양한 지문의 이용과 패스워드의 연계, 또는 다른 생체인식 시스템과 연결함으로써 매우 강력한 보안장치가 될 수 있다. Thereby using smartphone and mobile device be more popular the more people utilize mobile device in many area such as education, news, financial. In January, 2007 Apple release i-phone it touch off rapid increasing in user of smartphone and it create new market and these broaden its utilization area. Smartphone use WiFi or 3G mobile radio communication network and it has a feature that can access to internet whenever and anywhere. Also using smartphone application people can search arrival time of public transportation in real time and application is used in mobile banking and stock trading. Computer's function is replaced by smartphone so it involves important user's information such as financial and personal pictures, videos. Present smartphone security systems are not only too simple but the unlocking methods are spreading out covertly. I-phone is secured by using combination of number and character but USA's IT magazine Engadget reveal that it is easily unlocked by using combination with some part of number pad and buttons Android operation system is using pattern system and it is known as using 9 point dot so user can utilize various variable but according to Jonathan smith professor of University of Pennsylvania Android security system is easily unlocked by tracing fingerprint which remains on the smartphone screen. So both of Android and I-phone OS are vulnerable at security threat. Compared with problem of password and pattern finger recognition has advantage in security and possibility of loss. The reason why current using finger recognition smart phone, and device are not so popular is that there are many problem: not providing reasonable price, breaching human rights. In addition, finger recognition sensor is not providing reasonable price to customers but through continuous development of the smartphone and device, it will be more miniaturized and its price will fall. So once utilization of finger recognition is actively used in smartphone and if its utilization area broaden to financial transaction. Utilization of biometrics in smart device will be debated briskly. So in this thesis we will propose fingerprint numbering system which is combined fingerprint and password to fortify existing fingerprint recognition. Consisted by 4 number of password has this kind of problem so we will replace existing 4number password and pattern system and consolidate with fingerprint recognition and password reinforce security. In original fingerprint recognition system there is only 10 numbers of cases but if numbering to fingerprint we can consist of a password as a new method. Using proposed method user enter fingerprint as invested number to the finger. So attacker will have difficulty to collect all kind of fingerprint to forge and infer user's password. After fingerprint numbering, system can use the method of recognization of entering several fingerprint at the same time or enter fingerprint in regular sequence. In this thesis we adapt entering fingerprint in regular sequence and if in this system allow duplication when entering fingerprint. In case of allowing duplication a number of possible combinations is <TEX>$\sum_{I=1}^{10}\;{_{10}P_i}$</TEX> and its total cases of number is 9,864,100. So by this method user retain security the other hand attacker will have a number of difficulties to conjecture and it is needed to obtain user's fingerprint thus this system will enhance user's security. This system is method not accept only one fingerprint but accept multiple finger in regular sequence. In this thesis we introduce the method in the environment of smartphone by using multiple numbered fingerprint enter to authorize user. Present smartphone authorization using pattern and password and fingerprint are exposed to high risk so if proposed system overcome delay time when user enter their finger to recognition device and relate to other biometric method it will have more concrete security. The problem should be solved after this research is reducing fingerprint's numbering time and hardware development should be preceded. If in the future using fingerprint public certification becomes popular. The fingerprint recognition in the smartphone will become important security issue so this thesis will utilize to fortify fingerprint recognition research.

개인정보 유출 탐지 및 차단에 관한 연구 : 안드로이드 플랫폼 환경

The Malicious code that targets Android is growing dramatically as the number of Android users are increasing. Most of the malicious code have an intention of leaking personal information. Recently in Korea, a malicious code `chest` has appeared and generated monetary damages by using malicious code to leak personal information and try to make small purchases. A variety of techniques to detect personal information leaks have been proposed on Android platform. However, the existing techniques are hard to apply to the user`s smart-phone due to the characteristics of Android security model. This paper proposed a technique that detects and blocks file approaches and internet connections that are not allowed access to personal information by using the system call hooking in the kernel and white-list based approach policy. In addition, this paper proved the possibility of a real application on smart-phone through the implementation.

Identifying android malicious repackaged applications by thread-grained system call sequences

Android security has become highly desirable since adversaries can easily repackage malicious codes into various benign applications and spread these malicious repackaged applications (MRAs). Most MRA detection mechanisms on Android focus on detecting a specific family of MRAs or requiring the original benign application to compare with the malicious ones. This work proposes a new mechanism, SCSdroid (System Call Sequence Droid), which adopts the thread-grained system call sequences activated by applications. The concept is that even if MRAs can be camouflaged as benign applications, their malicious behavior would still appear in the system call sequences. SCSdroid extracts the truly malicious common subsequences from the system call sequences of MRAs belonging to the same family. Therefore, these extracted common subsequences can be used to identify any evaluated application without requiring the original benign application. Experimental results show that SCSdroid falsely detected only two applications among 100 evaluated benign applications, and falsely detected only one application among 49 evaluated malicious applications. As a result, SCSdroid achieved up to 95.97% detection accuracy, i.e., 143 correct detections among 149 applications.

Unified security enhancement framework for the Android operating system

In these days there are many malicious applications that collect sensitive information owned by third-party applications by escalating their privileges to the higher level on the Android operating system. An attack of obtaining the root-level privilege in the Android operating system can be a serious threat to users because it can break down the whole system security. This paper proposes a new Android security framework that can meet the following three goals: (1) preventing privilege escalation attacks, (2) maintaining system integrity, and (3) protecting users' personal information. To achieve these goals, our proposed framework introduces three mechanisms: Root Privilege Protection (RPP), Resource Misuse Protection (RMP), and Private Data Protection (PDP). RPP keeps track of a list of trusted programs with root-level privileges and can detect and respond to malware that illegally tries to acquire root-level privileges by exploiting system-level vulnerabilities. RMP keeps track of a list of critical system resources and can protect system resources from illegal manipulation by malicious applications. PDP keeps personal information safe by enforcing strict access controls so that even privileged applications cannot access users' private data if the applications violate the least privilege rule. The framework is verified using experiments on the Android operating system, which shows that our framework achieved the goals with processing overheads of 25.33 % on average.

MobSafe: cloud computing based forensic analysis for massive mobile applications using data mining

With the explosive increase in mobile apps, more and more threats migrate from traditional PC client to mobile device. Compared with traditional Win+Intel alliance in PC, Android+ARM alliance dominates in Mobile Internet, the apps replace the PC client software as the major target of malicious usage. In this paper, to improve the security status of current mobile apps, we propose a methodology to evaluate mobile apps based on cloud computing platform and data mining. We also present a prototype system named MobSafe to identify the mobile app's virulence or benignancy. Compared with traditional method, such as permission pattern based method, MobSafe combines the dynamic and static analysis methods to comprehensively evaluate an Android app. In the implementation, we adopt Android Security Evaluation Framework (ASEF) and Static Android Analysis Framework (SAAF), the two representative dynamic and static analysis methods, to evaluate the Android apps and estimate the total time needed to evaluate all the apps stored in one mobile app market. Based on the real trace from a commercial mobile app market called AppChina, we can collect the statistics of the number of active Android apps, the average number apps installed in one Android device, and the expanding ratio of mobile apps. As mobile app market serves as the main line of defence against mobile malwares, our evaluation results show that it is practical to use cloud computing platform and data mining to verify all stored apps routinely to filter out malware apps from mobile app markets. As the future work, MobSafe can extensively use machine learning to conduct automotive forensic analysis of mobile apps based on the generated multifaceted data in this stage.

MASON: Mobile autonomic security for network access controls

Smartphones are on par with modern desktop environments in terms of operating system and hardware functionality. As a consequence, threats to desktop environments are also applicable to smartphones in addition to traditional threats to mobile phones. End-user management of security configurations that mitigate smartphone threats is complex and error-prone. As a consequence, misconfiguration of a security configuration may unnecessarily expose a smartphone to known threats. In this paper, a threat-based model for smartphone security configuration is presented. To evaluate the approach, a prototype Android security app, MASON, is developed to automatically manage firewall configurations on behalf of the end-user. A case study based on firewall access control demonstrates how automated firewall configuration recommendations can be made based on catalogues of countermeasures. These countermeasures are drawn from best-practice standards such as NIST 800-124, a guideline on cell phone and PDA security and NIST 800-41-rev1, a guideline on firewall security configuration.

FM 99.9, Radio Virus: Exploiting FM Radio Broadcasts for Malware Deployment

Many modern smartphones and car radios are shipped with embedded FM radio receiver chips. The number of devices with similar chips could grow very significantly if the U.S. Congress decides to make their inclusion mandatory in any portable device as suggested by organizations such as the RIAA. While the main goal of embedding these chips is to provide access to traditional FM radio stations, a side effect is the availability of a data channel, the FM Radio Data System (RDS), which connects all these devices. Different from other existing IP-based data channels among portable devices, this new one is open, broadcast in nature, and so far completely ignored by security providers. This paper illustrates for the first time how to exploit the FM RDS protocol as an attack vector to deploy malware that, when executed, gains full control of the victim's device. We show how this attack vector allows the adversary to deploy malware on different platforms. Furthermore, we have shown the infection is undetected on devices running the Android OS, since malware detection solutions are limited in their ability due to some features of the Android security model. We support our claims by implementing an attack using RDS on different devices available on the market (smartphones, car radios, and tablets) running three different versions of Android OS. We also provide suggestions on how to limit the threat posed by this new attack vector and explain what are the design choices that make Android vulnerable. However, there are no straightforward solutions. Therefore, we also wish to draw the attention of the security community towards these attacks and initiate more research into countermeasures.

Two Trends in Mobile Malware: Financial Motives and Transitioning from Static to Dynamic Analysis

The goal of this paper is to analyze the behavior and intent of recent types of privacy-invasive Android adware. There are two recent trends in this area: more financial (rather than ego) motives, and the development of more dynamic analysis tools. This paper starts with a review of Android mobile operating system security, and also addresses the pros and cons of open source operating system security. Static analysis of malware provides high quality results and leads to a good understanding as shown in this paper. However, as malware grows in number and complexity, there have been recent efforts to automate the detection mechanisms and many of the static tasks. As Android’s market share is rapidly growing around the world, Android security will be a crucial area of research for IT security professionals and their academic counterparts. The upside of the current situation is that malware is being quickly exposed, thanks to open-source software development tools. This cooperation is important in curbing the widespread theft of personal information with monetary value. KeywordsSecurity for Mobile Computing; Privacy Protection; Malware Analysis

Android open-source operating System for mobile devices.

The number of Android based smart phones is growing rapidly. They are increasingly used for security critical private and business applications, such as online banking or to access corporate networks. This makes them a very valuable target for an adversary. Up to date, significant or large scale attacks have failed, but attacks are becoming more sophisticated and successful. Thus, security is of paramount importance for both private and corporate users. In this paper, we give an overview of the current state of the art of Android security and present our extensible automated exploit execution framework. First, we provide a summary of the Android platform, current attack techniques, and publicly known exploits. Then, we introduce our extensible exploit execution framework which is capable of performing automated vulnerability tests of Android smart phones. It incorporates currently known exploits, but can be easily extended to integrate future exploits. Finally, we discuss how malware can propagate to Android smart phones today and in the future, and which possible threats arise. For example, Device to device infections are possible if physical access is given.

Latest Android problems and fixes

After the final part of our series of articles on Android security (see pg. 12) went to press, more information has emerged about problems, solutions and tools for the platform.

Android architecture: attacking the weak points

It may not just be its popularity that has made Android a target for attackers and cyber-criminals. It's arguable that the very nature of the platform lends itself to manipulation and subversion. There are technical issues and there are problems with the ecosystem. Much of this stems from Google's desire to create a platform without rigid controls, which is attractive to many developers, app vendors and users. But that openness has also introduced weak points that are being exploited. In this second article in our series of three on Android security, Steve Mansfield-Devine looks more closely at the platform. It may not just be its popularity that has made Android a target for attackers and cyber-criminals. It's arguable that the very nature of the platform lends itself to manipulation and subversion. There are purely technical issues, such as the way communications between apps are handled. And there are problems with the ecosystem — not least how the OS gets updated and potential issues in the future with advertising.

Semantically rich application‐centric security in Android

ABSTRACTSmartphones are now ubiquitous. However, the security requirements of these relatively new systems and the applications they support are still being understood. As a result, the security infrastructure available in current smartphone operating systems is largely underdeveloped. In this paper, we consider the security requirements of smartphone applications and augment the existing Android operating system with a framework to meet them. We present Secure Application INTeraction (Saint), a modified infrastructure that governs install‐time permission assignment and their run‐time use as dictated by application provider policy. An in‐depth description of the semantics of application policy is presented. The architecture and technical detail of Saint are given, and areas for extension, optimization, and improvement are explored. We demonstrate through a concrete example and study of real‐world applications that Saint provides necessary utility for applications to assert and control the security decisions on the platform. Copyright © 2011 John Wiley &amp; Sons, Ltd.

Google Android security exploit made public by researcher

Google Android security exploit made public by researcher