Android Permission System Violation

2013 ◽  
Vol 4 (1) ◽  
pp. 16-27 ◽  
Author(s):  
Kyoung Soo Han ◽  
Yeoreum Lee ◽  
Biao Jiang ◽  
Eul Gyu Im
Keyword(s):  
Case Studies ◽  
Security Management ◽  
Application Development ◽  
Complex Tasks ◽  
Application Security ◽  
Permission System ◽  
Android Permission

Android uses permissions for application security management. Android also allows inter-application communication (IAC), which enables cooperation between different applications to perform complex tasks by using some components and Intents. In other words, Android provides more flexibility and places less restriction on application development. This is a major feature that differentiates Android from its competitors. However, IAC also facilitates malicious applications that can collude in attacks of privilege escalation. In this paper, the authors demonstrate with case studies that all IAC channels can potentially be utilized for privilege escalation attacks, and the authors propose a refinement to solve this problem by enforcing IAC permissions and exposing IAC to users.

Hybrid Method on Clickjacking Detection and Prevention in Modern Advertisements

2019 ◽  
Vol 9 (2) ◽  
Author(s):  
Kirit Shashank Dhurandhar ◽  
Maheyzah Md Siraj
Keyword(s):  
Case Studies ◽  
Hybrid Method ◽  
Web Application ◽  
Web Application Security ◽  
Application Security ◽  
Prevention Method

In modern advertisements, clickjacking attacks can be delivered through a vulnerability in web application. To overcome this, web application security is required that will prevent malvertisement. In this study, prevention of clickjacking in the modern web advertisements are implemented. Vulnerability checks on the potentially malicious website were conducted. Implementation of hybrid prevention method of clickjacking into new developed website were carried out. Among top 500 websites, 50 websites were chosen as a dataset in this study out of which 4 case studies were selected. Website with server privileges were required to implement the hybrid prevention method, consisting opacity, Z-Index and X-Frame option policy. A new website was developed to satisfy the requirements for the method implementation. The results show, among 50 selected websites, about 19 websites were vulnerable to clickjacking. When the hybrid prevention method were implemented in the developed website, it increases the security by mitigating the vulnerability of web application to clickjacking attack.

Computing Methods and Application Development of Longitudinal Strength of Damaged Ships

2010 ◽  
Author(s):  
Renjun Yan ◽  
Yao Qi ◽  
Bailu Luo ◽  
Jiajing Lei ◽  
Peng Li
Keyword(s):  
Computer Program ◽  
Case Studies ◽  
Computing Methods ◽  
Floating Body ◽  
Load Case ◽  
Improved Method ◽  
Application Development ◽  
Longitudinal Strength

In this paper, it starts by providing a description of the scenarios of damages that can be found in the various accidental events. Based on a traditional standardized approach for calculating longitudinal strength of ships, an improved method for longitudinal strength of damaged ships, which can be applied to any traditional type of ships, is presented in next section. The variation of loads in damaged ships is related to the effects of the ingress of water with the consequences of changing the ship displacement, a non-symmetric floating body, and the load case of compartments before damage, etc. The computing methods used in this paper allow for research on corresponding applications. Using this computer program, a few case studies are carried out and the results are discussed.

scholarly journals PerHelper: Helping Developers Make Better Decisions on Permission Uses in Android Apps

2019 ◽  
Vol 9 (18) ◽  
pp. 3699
Author(s):  
Guosheng Xu ◽  
Shengwei Xu ◽  
Chuan Gao ◽  
Bo Wang ◽  
Guoai Xu
Keyword(s):  
Empirical Study ◽  
Open Source ◽  
Case Studies ◽  
Research Community ◽  
Experimental Results ◽  
Development Phase ◽  
Application Development ◽  
Bug Detection ◽  
Android Apps ◽  
App Development

Permission-related issues in Android apps have been widely studied in our research community, while most of the previous studies considered these issues from the perspective of app users. In this paper, we take a different angle to revisit the permission-related issues from the perspective of app developers. First, we perform an empirical study on investigating how we can help developers make better decisions on permission uses during app development. With detailed experimental results, we show that many permission-related issues can be identified and fixed during the application development phase. In order to help developers to identify and fix these issues, we develop PerHelper, an IDEplugin to automatically infer candidate permission sets, which help guide developers to set permissions more effectively and accurately. We integrate permission-related bug detection into PerHelper and demonstrate its applicability and flexibility through case studies on a set of open-source Android apps.

Taxonomy of Login Attacks in Web Applications and Their Security Techniques Using Behavioral Biometrics

2020 ◽  
pp. 122-139
Author(s):  
Rizwan Ur Rahman ◽  
Deepak Singh Tomar
Keyword(s):  
Web Application ◽  
Initial Phase ◽  
Web Applications ◽  
Application Development ◽  
Web Application Security ◽  
Application Security ◽  
Security Issues ◽  
Large Numbers ◽  
Web Application Development ◽  
The Web

Research into web application security is still in its initial phase. In spite of enhancements in web application development, large numbers of security issues remain unresolved. Login attacks are the most malevolent threats to the web application. Authentication is the method of confirming the stated identity of a user. Conventional authentication systems suffer from a weakness that can compromise the defense of the system. An example of such vulnerabilities is login attack. An attacker may exploit a pre-saved password or an authentication credential to log into web applications. An added problem with current authentication systems is that the authentication process is done only at the start of a session. Once the user is authenticated in the web application, the user's identity is assumed to remain the same during the lifetime of the session. This chapter examines the level login attacks that could be a threat to websites. The chapter provides a review of vulnerabilities, threats of login attacks associated with websites, and effective measures to counter them.

Android Permissions

2017 ◽  
pp. 40-50
Author(s):  
Prachi ◽  
Arushi Jain
Keyword(s):  
Source Code ◽  
Malicious Code ◽  
Coarse Grained ◽  
Sensitive Data ◽  
Android Os ◽  
Engineering Technique ◽  
Permission System ◽  
International Data ◽  
Android Permission ◽  
Prime Target

In recent times, Android phones are the most popular among the users. According to a survey by International Data Corporation (IDC), it is reported that in 2015 Android dominates the smartphone market with 82.8% share, leaving its competitor iOS, Windows and others far behind. This popularity makes it prime target among the malware developers. According to a survey by the F-Secure it has been reported that 99% of new malwares are targeting the Android OS. This is majorly due to coarse grained permissions defined in the Android permission system. Additionally, some malicious applications ask for more than required permissions to exploit the personal and sensitive data of user. The objective of this chapter is twofold: getting familiar with Permission based attacks in Android, applying Reverse Engineering technique on the malicious apk file for controlling permission attacks and removing malicious code from the source code of Android apk file.

Sign in / Sign up

Export Citation Format

Share Document