Zero permission android applications - attacks and defenses

Moonsamy, Veelasha; Batten, Lynn

File(s) under permanent embargo

Zero permission android applications - attacks and defenses

conference contribution

posted on 2012-01-01, 00:00 authored by Veelasha Moonsamy, Lynn BattenLynn Batten

Google advertises the Android permission framework as one of the core security features present on its innovative and flexible mobile platform. The permissions are a means to control access to restricted AP/s and system resources. However, there are Android applications which do not request permissions at all.In this paper, we analyze the repercussions of installing an Android application that does not include any permission and the types of sensitive information that can be accessed by such an application. We found that even app/icaaons with no permissions are able to access sensitive information (such the device ID) and transmit it to third-parties.

History

Event

Applications and Technologies in Information Security. Workshop (3rd : 2012 : Melbourne, Vic.)

Pagination

5 - 9

Publisher

School of Information Systems, Deakin University

Location

Melbourne, Vic.

Place of publication

Melbourne, Vic.

Start date

2012-11-07

ISBN-13

9780987229823

Language

eng

Publication classification

E1 Full written paper - refereed

Copyright notice

2012, Deakin University, School of Information Systems

Editor/Contributor(s)

M Warren

Title of proceedings

ATIS 2012 : Proceedings of the 3rd Applications and Technologies in Information Security Workshop

Usage metrics

Keywords

android application permission

File(s) under permanent embargo

Zero permission android applications - attacks and defenses

History

Event

Pagination

Publisher

Location

Place of publication

Start date

ISBN-13

Language

Publication classification

Copyright notice

Editor/Contributor(s)

Title of proceedings

Usage metrics

Categories

Keywords

Licence

Exports