JOURNAL BROWSE
Search
Advanced SearchSearch Tips
A Study of Security Checks for Android Least Privilege - focusing on mobile financial services -
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
A Study of Security Checks for Android Least Privilege - focusing on mobile financial services -
Cho, Byung-chul; Choi, Jin-young;
  PDF(new window)
 Abstract
A security system in Android OS adopts sandbox and an permission model. In particular, the permission model operates the confirmation of installation time and all-or-nothing policy. Accordingly, the Android OS requires a user agreement for permission when installing an application, however there is very low level of user awareness for the permission. In this paper, the current status of permission requirement within mobile apps will be discovered, and the key inspection list with an appropriate method, when a mobile service provider autonomously inspects the violation of least privilege around financial companies, and its usefulness will be explored.
 Keywords
mobile security;android security;permissions;least privilege;
 Language
Korean
 Cited by
 References
1.
IDC, "Smartphone OS Market Share, 2015 Q2", "http://www.idc.com/prodserv/smartphone-os-market-share.jsp," 2015.

2.
Q1 2014 MobileThreatReport, "http://www.f-secure.com/weblog/archives/00002699.html," 2014

3.
KISA, "Analysis of Android Mobile Platform Security Model", Aug. 2010.

4.
Adrienne Porter Felt, Elizabeth Hay, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner. "Android permissions: User attention, comprehension, and behavior," In Proceedings of Symposium on Usable Privacy and Security, 2012.

5.
Korea Communication Commission, "Guidelines for privacy protection on smart phone application," Aug. 2015.

6.
Financial Supervisory Service, "Required implementation of privacy information leak prevention for smartphone app," Aug. 2015.

7.
Google Android Developers Official Site, "http://developer.android.com/reference/android/Manifest.permission.html," 2015.

8.
Android Full Source Android Manifest File, "https://android.googlesource.com/platform/frameworks/base/+/.../core/res/AndroidManifest.xml," 2015.

9.
Android-defined Permission Category, "http://developer.android.com/reference/android/Manifest.permission_group.html," 2015

10.
A tool for reverse engineering Android apk files, "http://ibotpeaches.github.io/Apktool"

11.
Reverse engineering, Malware and goodware analysis of Android applications, "https://code.google.com/p/androguard/wiki/RE#Permissions"

12.
Android Asset Packaging Tool, "http://elinux.org/Android_aapt"

13.
Tools to work with android .dex and java .class files, "http://sourceforge.net/projects/dex2jar"

14.
Jad Decompiler, "http://www.javadecompilers.com/jad"

15.
K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, "Pscout: analyzing the android permission specification," In Proceedings of the 2012 ACM conference on Computer and communications security, pp 217-228. Oct. 2012.

16.
A. P. Felt, K. Greenwood, and D. Wagner. "The effectiveness of application permissions," in Proceedings ofthe USENIX Conference on Web Application Development, 2011.

17.
A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. "Android permissions demystified," In Proceedings of the18th ACM conference on Computer andcommunications security, pages 627-638. ACM, 2011.

18.
W. Enck, M. Ongtang, and P. McDaniel. "On lightweight mobile phone application certification," in Proceedings of the 16th ACM conference on Computer and communications security, 2009.

19.
T. Vidas, N. Christin, and L. Cranor. "Curbing androidpermission creep," In Proceedings of the Web, volume 2, 2011.

20.
Xuetao Wei, Lorenzo Gomez, Lulian Neamtiu, Michalis Faloutsos, "Permission Evolution in the Android Ecosystem," Dec, 2012.