Article Preview
TopIntroduction
Describe the general perspective of the article. End by specifically stating the objectives of the article.
In recent years, mobile devices with a touch screen, such as tablets and smartphones have experienced unplanned growth, thanks to their feature allowing access to information anytime and anywhere (Cai & Ryder, 2020). Nevertheless, Android has always been the first target of malware developers due to his popularity. Indeed, in 2011, a mobile virus called DroidDream attacked more than 260,000 Android devices within 48 hours (Wu et al., 2014). Recent measures estimate that 96-97% of today's mobile malware targets Android (Tam et al., 2017), and 73% of them are specifically designed to satisfy profit motives. In addition, as the system becomes more popular and scrutinized, the vulnerabilities number identified exploded. For the years 2008-2016, the National Vulnerability Database (NVD) maintained by the National Institute of Technology (NIST) has published a total of 43 Common Vulnerabilities & Exposures (CVE) reports for Android (Park et al., 2018). In 2015, this number rise to 125, and to 346 in August 2016 (Kuhn et al., 2017). In fact, users are become progressively concerned about their personal information confidentiality and safety. Unfortunately, most of them have difficulty using the available security indicators to discern the applications reliability (Nguyen et al., 2019). Although they may determine that they need to be more careful about a particular application, many users have lack of specialized technical expertise to understand the relevant security controls. Finally, safe modes can degrade performance or complicate the application use. Face to this lack of information, complexity and unattractive exchanges, many users become complacent, careless or make mistakes by performing critical administration tasks. Security researchers and developers are also working hard to solve those problems. Although successive releases continue to enforce and improve security and user controls in Android (Zhauniarovich & Gadyatskaya, 2016). For example, when the flaws proof in the Android permission system published for the first time, no real control of over privileges provided until the appearance of the hidden function Ops in July 2013. This selective grant mechanism was removed less than six months later due to usability issues (Qamar et al., 2019). Since developers could not anticipate endless security configurations that Ops made possible, many applications did not work or simply crashed when the user selectively revoked their permissions.
This article offers the following contributions:
- •
We present our tool PerUpSecure, a tool analyzes Android apps and calculates security risk rates related to permissions requested during installation time.
- •
We evaluate PerUpSecure performance and efficiency using two different sets of applications. The first set consists of 23,345 normal popular apps collected from Google Play. The second set contains 3,746 of Android malware samples from the Android Malware Genome project (Zhou & Jiang, 2012).
- •
We show that a reliable risk rate can alert potential malicious activities performed by malware.
A version of PerUpSecure is available to the users to help them to distingue between dangerous Android permissions and applications can be.
TopAndroid users have only two choices in front of them, whether they accept the permissions requested by the application they want to install to start its installation, or deny the requested permissions and completely cancel installation process. The results obtained by these researches show that most users accept these permissions without paying attention to their impact on their personal data, which can be very dangerous if they fall in a hacker’s hands. Of course, researchers have tried to find effective solutions to solve this problem by proposing to improve the already existing Android security architecture (Rahimi et al., 2019)(Park et al., 2018)(Kumar et al., 2020). Indeed, (Chin et al., 2012) proposed to change Android permissions categorizations by highlighting the security risk, instead of focusing on the requested permissions. Therefore, they proposed a new method to accept the permissions.