Google advertises the Android permission framework as one of the core security features present on its innovative and flexible mobile platform. The permissions are a means to control access to restricted AP/s and system resources. However, there are Android applications which do not request permissions at all.In this paper, we analyze the repercussions of installing an Android application that does not include any permission and the types of sensitive information that can be accessed by such an application. We found that even app/icaaons with no permissions are able to access sensitive information (such the device ID) and transmit it to third-parties.
History
Event
Applications and Technologies in Information Security. Workshop (3rd : 2012 : Melbourne, Vic.)
Pagination
5 - 9
Publisher
School of Information Systems, Deakin University
Location
Melbourne, Vic.
Place of publication
Melbourne, Vic.
Start date
2012-11-07
ISBN-13
9780987229823
Language
eng
Publication classification
E1 Full written paper - refereed
Copyright notice
2012, Deakin University, School of Information Systems
Editor/Contributor(s)
M Warren
Title of proceedings
ATIS 2012 : Proceedings of the 3rd Applications and Technologies in Information Security Workshop