Skip to main content
SpringerLink
Log in
Book cover

International Conference on e-Infrastructure and e-Services for Developing Countries

AFRICOMM 2019: e-Infrastructure and e-Services for Developing Countries pp 3–14Cite as

Analysis of the Impact of Permissions on the Vulnerability of Mobile Applications

  • Conference paper
  • First Online:

Abstract

In this paper, we explored the potential risks of authorizations unexplained by benign apps in order to maintain the confidentiality and availability of personal data. More precisely, we focused on the mechanisms for managing risk permissions under Android to limit the impact of these permissions on vulnerability vectors. We analyzed a sample of forty (40) apps developed in Burkina Faso and identified abuses of dangerous authorizations in several apps in relation to their functional needs. We also discovered combinations of dangerous permissions because it exposes the confidentiality of the data. This analysis allowed us to establish a link between permissions and vulnerabilities, as a source of risk of data security. These risks facilitate exploits of privileges that should be reduced. We have therefore proposed the need to coordinate resolution mechanisms to the administrators, developers, users to better guide the required permissions by benign apps on Android.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. He, D., Chan, S., Guizani, M.: Mobile application security: malware threats and defenses. IEEE Wirel. Commun. 22, 138–144 (2015)

    Article  Google Scholar 

  2. Thanh, H.L.: Analysis of malware families on android mobiles: detection characteristics recognizable by ordinary phone users and how to fix it. J. Inf. Secur. 4, 213–224 (2013)

    Google Scholar 

  3. Wang, Y., Alshboul, Y.: Mobile security testing approaches and challenges. In: Conference Paper, February 2015

    Google Scholar 

  4. Sawadogo, S.: Partitionnement de Graphes: Application à l’identification de malwares, master 2, mai 2015

    Google Scholar 

  5. Mishra, R.: Mobile application security: building security into the development process (2015)

    Google Scholar 

  6. Gilbert, P., Chun, B.-G.: Vision: automated security validation of mobile apps at app markets (2011)

    Google Scholar 

  7. Friedman, J., Hoffman, D.V.: Protecting data on mobile devices: a taxonomy of security threats to mobile computing and review of applicable defenses. Inf. Knowl. Syst. Manag. 7, 159–180 (2008)

    Article  Google Scholar 

  8. Rezaie, S.: Mobile security education with android labs. Ph.D. thesis, The Faculty of California Polytechnic State University, March 2018

    Google Scholar 

  9. Zonouz, S., Houmansadr, A., Berthier, R., Borisov, N., Sanders, W.: Secloud: a cloud-based comprehensive and lightweight security solution for smartphones. Comput. Secur. 37, 215–227 (2013)

    Article  Google Scholar 

  10. Lindorfer, M., Neugschwandtner, M., Platzer, C.: MARVIN: efficient and comprehensive mobile app classification through static and dynamic analysis. In: 2015 IEEE 39th Annual Computer Software and Applications Conference, vol. 2, pp. 422–433 (2015)

    Google Scholar 

  11. Shewale, H., Patil, S., Deshmukh, V., Singh, P.: Analysis of android vulnerabilities and modern exploitation techniques, March 2014

    Google Scholar 

  12. Jimenez, M., Papadakis, M., Bissyandé, T.F., Klein, J.: Profiling android vulnerabilities (2014)

    Google Scholar 

  13. Mobile Threats Report, Juniper Networks Third Annual, March 2012 through March 2013

    Google Scholar 

  14. Li, L., et al.: Understanding android app piggybacking: a systematic study of malicious code grafting (2016)

    Google Scholar 

  15. Li, L., et al.: On locating malicious code in piggybacked android apps. October 2017

    Google Scholar 

  16. Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2014, New York, pp. 259–269 (2014)

    Google Scholar 

  17. Avdiienko, V., et al.: Mining apps for abnormal usage of sensitive data. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, May 2015, vol. 1, pp. 426–436 (2015)

    Google Scholar 

  18. Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services - MobiSys 2011, pp. 239–252. ACM (2011)

    Google Scholar 

  19. Ratsisahanana, R.A.: Caractérisation et détection de malware Android basées sur les flux d’information. Autre, Supélec (2014)

    Google Scholar 

  20. Calvet, J.: Analyse Dynamique de Logiciels Malveillants. Cryptographie et sécurité [cs.CR]. Université de Lorraine (2013)

    Google Scholar 

  21. Sang, F.L.: Protection des systèmes informatiques contre les attaques par entrées-sorties. Cryptographie et sécurité [cs.CR]. INSA de Toulouse, pp. 9–10 (2012)

    Google Scholar 

  22. Grace, M., Zhou, W., Sadeghi, A-R., Jiang, X.: Unsafe exposure analysis of mobile in-app advertisements (2012)

    Google Scholar 

  23. Dinh, H.T., Lee, C., Niyato, D., Wang, P.: A survey of mobile cloud computing: architecture, applications, and approaches, October 2011

    Google Scholar 

  24. Symantec, 19 August 2013. https://www.symantec.com/security-center/writeup/2013-081914-5637-99. Accessed 18 Dec 2018

  25. Vulnerabilities of Android. https://www.cvedetails.com/product/19997/Google-Android.html?vendor_id=1224. Accessed 18 Jan 2019

  26. Gartner: Preliminary Worldwide PC Vendor Unit Shipment Estimates for 2018, January 2019. https://www.gartner.com/en/newsroom/press-releases/2019-01-10-gartner-says-worldwide-pc-shipments-declined-4-3-perc. Accessed 22 Apr 2019

  27. Gartner: Worldwide Smartphone Sales to End Users by Vendor in 2018, February 2019. https://www.gartner.com/en/newsroom/press-releases/2019-02-21-gartner-says-global-smartphone-sales-stalled-in-the-fourth-quart. Accessed 28 Apr 2019

Download references

Author information

Authors and Affiliations

  1. Laboratoire de Mathématiques et d’Informatique, Université Joseph Ki-Zerbo, Ouagadougou, Burkina Faso

    Gouayon Koala, Didier Bassolé, Aminata Zerbo/Sabané, Tegawendé F. Bissyandé & Oumarou Sié

Authors
  1. Gouayon Koala
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Didier Bassolé
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aminata Zerbo/Sabané
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tegawendé F. Bissyandé
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Oumarou Sié
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gouayon Koala .

Editor information

Editors and Affiliations

  1. ECE Paris Graduate School of Engineering, Paris, France

    Rafik Zitouni

  2. EFREI Paris, Paris, France

    Max Agueh

  3. Institut de Mathématiques et de Sciences Physiques (IMSP), Porto-Novo, Benin

    Pélagie Houngue

  4. Institut de Mathématiques et de Sciences Physiques (IMSP), Porto-Novo, Benin

    Hénoc Soude

Rights and permissions

Reprints and permissions

Copyright information

© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Koala, G., Bassolé, D., Zerbo/Sabané, A., Bissyandé, T.F., Sié, O. (2020). Analysis of the Impact of Permissions on the Vulnerability of Mobile Applications. In: Zitouni, R., Agueh, M., Houngue, P., Soude, H. (eds) e-Infrastructure and e-Services for Developing Countries. AFRICOMM 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 311. Springer, Cham. https://doi.org/10.1007/978-3-030-41593-8_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-41593-8_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-41592-1

  • Online ISBN: 978-3-030-41593-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation