File(s) under permanent embargo
Zero permission android applications - attacks and defenses
conference contributionposted on 2012-01-01, 00:00 authored by Veelasha Moonsamy, Lynn BattenLynn Batten
Google advertises the Android permission framework as one of the core security features present on its innovative and flexible mobile platform. The permissions are a means to control access to restricted AP/s and system resources. However, there are Android applications which do not request permissions at all.In this paper, we analyze the repercussions of installing an Android application that does not include any permission and the types of sensitive information that can be accessed by such an application. We found that even app/icaaons with no permissions are able to access sensitive information (such the device ID) and transmit it to third-parties.