Title :
Messing with Android´s Permission Model
Author :
Egners, André ; Meyer, Ulrike ; Marschollek, Björn
Author_Institution :
Res. Group IT Security, RWTH Aachen Univ., Aachen, Germany
Abstract :
Permission models have become very common on smartphone operating systems to control the rights granted to installed third party applications (apps). Prior to installing an app, the user is typically presented with a dialog box showing the permissions requested by the app. The user has to decide either to accept all of the requested permissions, or choose not to proceed with the installation. Most regular users are not able to fully grasp which set of permissions granted to the application is potentially harmful. In addition to the knowledge gap between user and application programmer, the missing granularity and alterability of most permission model implementations help an attacker to circumvent the permission model. In this paper we focus on the permission model of Google´s Android platform. We detail the permission model, and present a selection of attacks that can be composed to fully compromise a user´s device using inconspicuously looking applications requesting non-suspicious permissions.
Keywords :
operating systems (computers); security of data; smart phones; Android permission model; Google Android platform; alterability; attack selection; dialog box; missing granularity; nonsuspicious permissions; smartphone operating systems; third party applications; Androids; Humanoid robots; Internet; Libraries; Operating systems; Security; Smart phones; Android; Attack; Permission; Smartphone;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on
Conference_Location :
Liverpool
Print_ISBN :
978-1-4673-2172-3
DOI :
10.1109/TrustCom.2012.203
