Android smartphone vulnerabilities: A survey

Joshi, Jignesh; Parekh, Chandresh

doi:10.1109/icacca.2016.7578857

Cited by 22 publications

(10 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It should be noted that system integrity is required for the validation of certificate trust chains to work. Android’s inconsistent history with system security in the past could make it more likely that an attacker might use unpatched issues to gain privileges on the system and install any certificates wanted or to do further harm [42,43]. A major issue with Android phones is the lack of willingness in phone manufacturers to ship security updates to their adoptions of Android, leading to a high degree of version fragmentation in the market [9,44].…”

Section: Methodsmentioning

confidence: 99%

Client-Focused Security Assessment of mHealth Apps and Recommended Practices to Prevent or Mitigate Transport Security Issues

Müthing¹,

Jäschke²,

Friedrich³

2017

JMIR Mhealth Uhealth

View full text Add to dashboard Cite

BackgroundMobile health (mHealth) apps show a growing importance for patients and health care professionals. Apps in this category are diverse. Some display important information (ie, drug interactions), whereas others help patients to keep track of their health. However, insufficient transport security can lead to confidentiality issues for patients and medical professionals, as well as safety issues regarding data integrity. mHealth apps should therefore deploy intensified vigilance to protect their data and integrity. This paper analyzes the state of security in mHealth apps.ObjectiveThe objectives of this study were as follows: (1) identification of relevant transport issues in mHealth apps, (2) development of a platform for test purposes, and (3) recommendation of practices to mitigate them.MethodsSecurity characteristics relevant to the transport security of mHealth apps were assessed, presented, and discussed. These characteristics were used in the development of a prototypical platform facilitating streamlined tests of apps. For the tests, six lists of the 10 most downloaded free apps from three countries and two stores were selected. As some apps were part of these top 10 lists in more than one country, 53 unique apps were tested.ResultsOut of the 53 apps tested from three European App Stores for Android and iOS, 21/53 (40%) showed critical results. All 21 apps failed to guarantee the integrity of data displayed. A total of 18 apps leaked private data or were observable in a way that compromised confidentiality between apps and their servers; 17 apps used unprotected connections; and two apps failed to validate certificates correctly. None of the apps tested utilized certificate pinning. Many apps employed analytics or ad providers, undermining user privacy.ConclusionsThe tests show that many mHealth apps do not apply sufficient transport security measures. The most common security issue was the use of any kind of unprotected connection. Some apps used secure connections only for selected tasks, leaving all other traffic vulnerable.

show abstract

Section: Methodsmentioning

confidence: 99%

Client-Focused Security Assessment of mHealth Apps and Recommended Practices to Prevent or Mitigate Transport Security Issues

Müthing¹,

Jäschke²,

Friedrich³

2017

JMIR Mhealth Uhealth

View full text Add to dashboard Cite

show abstract

“…Permissions from [1] through [3] in Figure 3 show the same permissions that exist in both versions of before and after application the update. [4] through [6] indicate permissions that existed in the version of before application the update but were deleted after the update. [7] - [14] shows newly added permissions that did not exist in the version of before application the update but were added in the update process.…”

Section: Analysis Resultsmentioning

confidence: 99%

“…The AndroidManifest.xml file contains information on the application including <activity>, <Intent-filter>, and <uses-permission> [4][5][6]. This paper analyzes permissions of the versions of before and after application the update by analyzing the AnadroidManifest.xml file.…”

Section: Androidmanifesxml Filementioning

confidence: 99%

Implementation of Permission Management Method for Before and After Applications the Update in Android-based IoT Platform Environment

Park¹,

Kwak²

2017

Preprint

View full text Add to dashboard Cite

Abstract:The Android-based IoT platform just like the existing Android provides an environment that makes it easy to utilize Google's infrastructure services including development tools and APIs through which it helps to control the sensors of IoT devices. Applications running on the Android-based IoT platform are often UI free and are used without the user's consent to registered permissions. It is difficult to respond to the misuse of permissions as well as to check them when they are registered indiscriminately while updating applications. This paper analyzes the versions of before and after an application the update running on the Android-based IoT platform and the collected permission lists. It aims to identify the same permissions before and after the update, and deleted and newly added permissions after the update were identified, and thereby respond to security threats that can arise from the permissions that is not needed for IoT devices to perform certain functions.

show abstract

“…In fact, anyone can develop an app and share it on the app stores to earn money or personal gain [12]. Commonly, all app stores check the apps by high-level anti-malware before releasing them.…”

Section: B Smartphone Os Featuresmentioning

confidence: 99%

A Survey on Smartphones Security: Software Vulnerabilities, Malware, and Attacks

Ahvanooey¹,

Li²,

Rabbani³

et al. 2017

ijacsa

View full text Add to dashboard Cite

Abstract-Nowadays, the usage of smartphones and their applications have become rapidly popular in people's daily life. Over the last decade, availability of mobile money services such as mobile-payment systems and app markets have significantly increased due to the different forms of apps and connectivity provided by mobile devices, such as 3G, 4G, GPRS, and Wi-Fi, etc. In the same trend, the number of vulnerabilities targeting these services and communication networks has raised as well. Therefore, smartphones have become ideal target devices for malicious programmers. With increasing the number of vulnerabilities and attacks, there has been a corresponding ascent of the security countermeasures presented by the researchers. Due to these reasons, security of the payment systems is one of the most important issues in mobile payment systems. In this survey, we aim to provide a comprehensive and structured overview of the research on security solutions for smartphone devices. This survey reviews the state of the art on security solutions, threats, and vulnerabilities during the period of 2011-2017, by focusing on software attacks, such those to smartphone applications. We outline some countermeasures aimed at protecting smartphones against these groups of attacks, based on the detection rules, data collections and operating systems, especially focusing on open source applications. With this categorization, we want to provide an easy understanding for users and researchers to improve their knowledge about the security and privacy of smartphones.

show abstract

Android smartphone vulnerabilities: A survey

Cited by 22 publications

References 5 publications

Client-Focused Security Assessment of mHealth Apps and Recommended Practices to Prevent or Mitigate Transport Security Issues

Client-Focused Security Assessment of mHealth Apps and Recommended Practices to Prevent or Mitigate Transport Security Issues

Implementation of Permission Management Method for Before and After Applications the Update in Android-based IoT Platform Environment

A Survey on Smartphones Security: Software Vulnerabilities, Malware, and Attacks

Contact Info

Product

Resources

About