Abstract
Many Android applications access internet networks to query, retrieve or transmit digital resources. The current version of the Android Operating System (OS) fails to provide sufficient control to the user over the amount of internet access an application has. This raises concerns for data security. Significant user data vulnerability is introduced when applications can perform unsolicited data collection in the background without user knowledge. This paper analyzes the permissions of a cross-section of android applications. We focus on the INTERNET permission, and how its classification introduces significant vulnerability onto a user’s device. Subsequently, we create a proof of concept app that exploits private user data using social engineering. Our findings conclude that the INTERNET permission is a critical permission, prone to exploitation and lacks sufficient user control in the Android OS. We propose methods for the control and protection of data by the Android system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mobile operating system market share worldwide. http://gs.statcounter.com/os-market-share/mobile/worldwide. Accessed 06 Aug 2019
Global mobile OS market share in sales to end users from 1st quarter 2009 to 2nd quarter 2018. https://www.statista.com/statistics/266136/global-market-share-held-by-smartphone-operating-systems/. Accessed 06 Aug 2019
Number of available applications in the Google Play Store from December 2009 to December 2018. https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/. Accessed 06 Aug 2019
Demetriou, S., Merrill, W., Yang, W., Zhang, A., Gunter, C.A.: Free for all! Assessing user data exposure to advertising libraries on Android. In: NDSS (2016)
Yadav, S., Apurva, A., Ranakoti, P., Tomer, S., Roy, N.R.: Android vulnerabilities and security. In: 2017 International Conference on Computing and Communication Technologies for Smart Nation (IC3TSN), pp. 204–208. IEEE (2017)
Rangwala, M., Zhang, P., Zou, X., Li, F.: A taxonomy of privilege escalation attacks in Android applications. Int. J. Secur. Netw. 9(1), 40–55 (2014)
Armando, A., Merlo, A., Verderame, L.: An empirical evaluation of the android security framework. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IAICT, vol. 405, pp. 176–189. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39218-4_14
Permissions overview. https://developer.android.com/guide/topics/permissions/overview. Accessed 06 Aug 2019
Schlegel, R., Zhang, K., Zhou, X.-Y., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: a stealthy and context-aware sound trojan for smartphones. In: NDSS, vol. 11, pp. 17–33 (2011)
Runtime permissions. https://source.android.com/devices/tech/config/runtime_perms. Accessed 06 Aug 2019
Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential privacy leaks in Android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 291–307. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30921-2_17
Fang, Z., Han, W., Li, Y.: Permission based Android security: issues and countermeasures. Comput. Secur. 43, 205–218 (2014)
Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to Android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 73–84. ACM (2010)
Watanabe, T., et al.: Understanding the origins of mobile app vulnerabilities: a large-scale measurement study of free and paid apps. In: Proceedings of the 14th International Conference on Mining Software Repositories, pp. 14–24. IEEE Press (2017)
App manifest overview. https://developer.android.com/guide/topics/manifest/manifest-intro. Accessed 06 Aug 2019
Alshehri, A., Hewins, A., McCulley, M., Alshahrani, H., Fu, H., Zhu, Y.: Risks behind device information permissions in Android OS. Commun. Netw. 9, 219–234 (2017)
AdMob. https://en.wikipedia.org/wiki/AdMob. Accessed 06 Aug 2019
Acknowledgement
This study was funded by the National Natural Science Foundation of China (NSFC grant number: U1836116).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Andah, J.M., Chen, J. (2019). Malicious Intentions: Android Internet Permission Security Risks. In: Vaidya, J., Zhang, X., Li, J. (eds) Cyberspace Safety and Security. CSS 2019. Lecture Notes in Computer Science(), vol 11983. Springer, Cham. https://doi.org/10.1007/978-3-030-37352-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-37352-8_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37351-1
Online ISBN: 978-3-030-37352-8
eBook Packages: Computer ScienceComputer Science (R0)