Android Application Security

Android is a free, open source platform that allows any developer to submit apps to the Android Market with no restrictions. This enables hackers to pass their malicious apps to the Android Market as legitimate apps. The central issue lies at the heart of the Android permission mechanism, which is not capable of blocking malicious apps from accessing sensitive phone resources (e.g., contact info and browsing history); it either allows or disallows apps from accessing the resources requested by the app at the installation time. This chapter investigated the scope of this issue and concluded that hackers use malicious apps as attack vectors to compromise Android smartphones and steal confidential data and that no security solutions exist to combat malicious apps. The researcher suggested designing a real time monitoring application to detect and deter malicious apps from compromising users' sensitive data; such application is necessary for Android users to protect their privacy and prevent financial loss.

Download Full-text

Factors that Influence the Android Apps Permissions

International Journal of Software Engineering and Technologies (IJSET) ◽

10.11591/ijset.v1i2.4569 ◽

2016 ◽

Vol 1 (2) ◽

pp. 59

Author(s):

Normi Sham Awang Abu Bakar ◽

Iqram Mahmud

Keyword(s):

Not Given ◽

Sensitive Data ◽

Security Issues ◽

Android Apps ◽

Android Applications ◽

Android Market ◽

Malicious Apps ◽

The Right ◽

User Ratings ◽

Average User

The Android Market is the official (and primary) storefor Android applications. The Market provides users with average user ratings, user reviews, descriptions, screenshots,and permissions to help them select applications. Generally, prior to installation of the apps, users need to agree on the permissions requested by the apps, they are not given any other option. Essentially, users may not aware on some security issues that may arise from the permissions. Some apps request the right to manipulate sensitive data, such as GPS location, photos, calendar, contact, email and files. In this paper, we explain the sources of sensitive data, what the malicious apps can do to the data, and apply the empirical software engineering analysis to find the factors that could potentially influence the permissions in Android apps. In addition, we also highlight top ten most implemented permissions in Android apps and also analyse the permissions for the apps categories in Android.

Download Full-text

Malicious Application Detection and Classification System for Android Mobiles

Cognitive Analytics ◽

10.4018/978-1-7998-2460-2.ch008 ◽

2020 ◽

pp. 122-142

Author(s):

Sapna Malik ◽

Kiran Khatter

Keyword(s):

Machine Learning ◽

Classification System ◽

Machine Learning Algorithms ◽

Machine Learning Techniques ◽

Learning Techniques ◽

Android Applications ◽

Android Market ◽

Malicious Apps ◽

Android Permission ◽

Google Play

The Android Mobiles constitute a large portion of mobile market which also attracts the malware developer for malicious gains. Every year hundreds of malwares are detected in the Android market. Unofficial and Official Android market such as Google Play Store are infested with fake and malicious apps which is a warning alarm for naive user. Guided by this insight, this paper presents the malicious application detection and classification system using machine learning techniques by extracting and analyzing the Android Permission Feature of the Android applications. For the feature extraction, the authors of this work have developed the AndroData tool written in shell script and analyzed the extracted features of 1060 Android applications with machine learning algorithms. They have achieved the malicious application detection and classification accuracy of 98.2% and 87.3%, respectively with machine learning techniques.

Download Full-text

Malicious Application Detection and Classification System for Android Mobiles

International Journal of Ambient Computing and Intelligence ◽

10.4018/ijaci.2018010106 ◽

2018 ◽

Vol 9 (1) ◽

pp. 95-114 ◽

Cited By ~ 5

Author(s):

Sapna Malik ◽

Kiran Khatter

Keyword(s):

Machine Learning ◽

Classification System ◽

Machine Learning Algorithms ◽

Machine Learning Techniques ◽

Learning Techniques ◽

Android Applications ◽

Android Market ◽

Malicious Apps ◽

Android Permission ◽

Google Play

The Android Mobiles constitute a large portion of mobile market which also attracts the malware developer for malicious gains. Every year hundreds of malwares are detected in the Android market. Unofficial and Official Android market such as Google Play Store are infested with fake and malicious apps which is a warning alarm for naive user. Guided by this insight, this paper presents the malicious application detection and classification system using machine learning techniques by extracting and analyzing the Android Permission Feature of the Android applications. For the feature extraction, the authors of this work have developed the AndroData tool written in shell script and analyzed the extracted features of 1060 Android applications with machine learning algorithms. They have achieved the malicious application detection and classification accuracy of 98.2% and 87.3%, respectively with machine learning techniques.

Download Full-text

Incident Preparedness and Response

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch157 ◽

2008 ◽

pp. 2366-2387

Author(s):

Warren Wylupski ◽

David R. Champion ◽

Zachary Grant

Keyword(s):

Network Security ◽

Public Relations ◽

Cyber Security ◽

Security Policy ◽

Digital Forensics ◽

Computer Network ◽

Financial Loss ◽

Intrusion Prevention ◽

Confidential Data ◽

Emerging Issues

One of the emerging issues in the field of digital crime and digital forensics is corporate preparedness in dealing with attacks on computer network security. Security attacks and breaches of an organization’s computer network can result in the compromise of confidential data, loss of customer confidence, poor public relations, disruption of business, and severe financial loss. Furthermore, loss of organizational data can present a number of criminal threats, including extortion, blackmail, identity theft, technology theft, and even hazards to national security. This chapter first examines the preparedness and response of three southwestern companies to their own specific threats to corporate cyber-security. Secondly, this chapter suggests that by developing an effective security policy focusing on incident detection and response, a company can minimize the damage caused by these attacks, while simultaneously strengthening the existing system and forensic processes against future attacks. Advances in digital forensics and its supporting technology, including intrusion detection, intrusion prevention, and application control, will be imperative to maintain network security in the future.

Download Full-text

Incident Preparedness and Response

Digital Crime and Forensic Science in Cyberspace ◽

10.4018/978-1-59140-872-7.ch010 ◽

2011 ◽

pp. 217-242

Author(s):

Warren Wylupski ◽

David R. Champion ◽

Zachary Grant

Keyword(s):

Network Security ◽

Public Relations ◽

Cyber Security ◽

Security Policy ◽

Digital Forensics ◽

Computer Network ◽

Financial Loss ◽

Intrusion Prevention ◽

Confidential Data ◽

Emerging Issues

One of the emerging issues in the field of digital crime and digital forensics is corporate preparedness in dealing with attacks on computer network security. Security attacks and breaches of an organization’s computer network can result in the compromise of confidential data, loss of customer confidence, poor public relations, disruption of business, and severe financial loss. Furthermore, loss of organizational data can present a number of criminal threats, including extortion, blackmail, identity theft, technology theft, and even hazards to national security. This chapter first examines the preparedness and response of three southwestern companies to their own specific threats to corporate cyber-security. Secondly, this chapter suggests that by developing an effective security policy focusing on incident detection and response, a company can minimize the damage caused by these attacks, while simultaneously strengthening the existing system and forensic processes against future attacks. Advances in digital forensics and its supporting technology, including intrusion detection, intrusion prevention, and application control, will be imperative to maintain network security in the future.

Download Full-text

Machine Learning Based Malicious Android Application Detection

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2020.9212 ◽

2020 ◽

Vol 17 (8) ◽

pp. 3468-3472

Author(s):

S. L. Jany Shabu ◽

Rohan Loganathan Reddy ◽

V. Maria Anu ◽

L. Mary Gladence ◽

J. Refonaa

Keyword(s):

Machine Learning ◽

Mobile Application ◽

Learning Algorithms ◽

Identity Theft ◽

Machine Learning Algorithms ◽

Android Application ◽

Sensitive Data ◽

Android Applications ◽

Malicious Apps

The ultimate aim of the project is to improve permission for detecting the malicious android mobile application using machine learning algorithms. In recent years, the usages of smartphones are increasing steadily and also growth of Android application users are increasing. Due to growth of Android application users, some intruders are creating malicious android applications as a tool to steal the sensitive data and identity theft/fraud mobile bank, mobile wallets. There are so many malicious applications detection tools and software are available. But an effectiveness of malicious applications detection tools is the need for the hour. They are needed to tackle and handle new complex malicious apps created by intruder or hackers.

Download Full-text

Hide text depending on the three channels of pixels in color images using the modified LSB algorithm

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v10i1.pp809-815 ◽

2020 ◽

Vol 10 (1) ◽

pp. 809

Author(s):

Rusul Mohammed Neamah ◽

Jinan Ali Abed ◽

Elaf Ali Abbood

Keyword(s):

Color Image ◽

Information And Communications Technology ◽

Secret Message ◽

Sensitive Data ◽

Hide Information ◽

Confidential Data ◽

Xnor Gate ◽

A New Technique ◽

The Moment

At the moment, with the great development of information and communications technology, the transfer of confidential and sensitive data through public communications such as the Internet is very difficult to keep them from hackers and attackers. Therefore, it is necessary to work on the development of new and innovative ways to transfer such information and protect it to ensure that it reaches the desired goal. The goal of a new technique to hide information design not only hides the secret message behind the center cover, but it also provides increased security. The most common way to transfer important and confidential data is through embedding it into cover medium files in a way that does not affect the accuracy of the carrier file, which is known as hiding. In this paper, encryption and concealment techniques were used to protect data transferred from attackers. The proposed method relied on encryption of confidential information using the encryption key and the Xnor gate, after which the encrypted information was hidden in a color image using the LSB algorithm. The method of concealment depends on the extraction of chromatic channels of three RGB for each pixel and specifying the channel in which the bit of the encryption message will be hidden. Some metrics have been adopted to measure the quality of the resulting picture after hiding as PSNR and MSE, and achieve good results.

Download Full-text

Blockchain Based Detection of Android Malware using Ranked Permissions

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.e2593.0610521 ◽

2021 ◽

Vol 10 (5) ◽

pp. 68-75

Author(s):

Siddhant Gupta ◽

Siddharth Sethi ◽

Srishti Chaudhary ◽

Anshul Arora

Keyword(s):

Mobile Devices ◽

Language Processing ◽

High Reliability ◽

Low Cost ◽

Information Value ◽

Third Party ◽

Detection Accuracy ◽

Financial Loss ◽

Android Malware ◽

Malicious Apps

Android mobile devices are a prime target for a huge number of cyber-criminals as they aim to create malware for disrupting and damaging the servers, clients, or networks. Android malware are in the form of malicious apps, that get downloaded on mobile devices via the Play Store or third-party app markets. Such malicious apps pose serious threats like system damage, information leakage, financial loss to user, etc. Thus, predicting which apps contain malicious behavior will help in preventing malware attacks on mobile devices. Identifying Android malware has become a major challenge because of the ever-increasing number of permissions that applications ask for, to enhance the experience of the users. And most of the times, permissions and other features defined in normal and malicious apps are generally the same. In this paper, we aim to detect Android malware using machine learning, deep learning, and natural language processing techniques. To delve into the problem, we use the Android manifest files which provide us with features like permissions which become the basis for detecting Android malware. We have used the concept of information value for ranking permissions. Further, we have proposed a consensus-based blockchain framework for making more concrete predictions as blockchain have high reliability and low cost. The experimental results demonstrate that the proposed model gives the detection accuracy of 95.44% with the Random Forest classifier. This accuracy is achieved with top 45 permissions ranked according to Information Value.

Download Full-text

Prediction of DDoS Attacksusing Machine Learning and Deep Learning Algorithms

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.d8162.118419 ◽

2019 ◽

Vol 8 (4) ◽

pp. 4860-4867

Keyword(s):

Computer Security ◽

Fog Computing ◽

The Internet ◽

Research Gaps ◽

Sensitive Data ◽

Security Breaches ◽

Ddos Attack ◽

Massive Growth ◽

Confidential Data ◽

Ubiquitous Network

With the emergence of network-based computing technologies like Cloud Computing, Fog Computing and IoT (Internet of Things), the context of digitizing the confidential data over the network is being adopted by various organizations where the security of that sensitive data is considered as a major concern. Over a decade there is a massive growth in the usage of internet along with the technological advancements that demand the need for the development of efficient security algorithms that could withstand various patterns of the security breaches. The DDoS attack is the most significant network-based attack in the domain of computer security that disrupts the internet traffic of the target server. This study mainly focuses to identify the advancements and research gaps in the development of efficient security algorithms addressing DDoS attacks in various ubiquitous network environments.

Download Full-text