The Perils of Android Security Configuration

Vecchiato, Daniel; Vieira, Marco; Martins, Eliane

doi:10.1109/mc.2016.184

Cited by 12 publications

(7 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To be on the safer side always make sure that only apps published in trusted and well-known market place like Google play are download and installed. Disabling application download from poorly trusted sharing channels can protect from accidental installation of poorly trusted or malicious packages (Vecchiato et al, 2016).…”

Section: Permission Systemmentioning

confidence: 99%

See 1 more Smart Citation

An Empirical Analysis of Android Permission System Based on User Activities

Khunt

Prabu

2018

Journal of Computer Science

View full text Add to dashboard Cite

In today's world there has been an exponential growth among smart-phone users which has led to the unbridled growth of smart-phone apps available in Google play store, app store etc., In case of android application, there are many free applications for which the user need not shell out a penny to use the services. Here the magic word is "free" which entices millions of pliant people into installing those apps and giving unnecessary access to their data and device control. Current studies have shown that over 70% of the apps in market, request to gather data digressive to the most functions of apps that might cause seeping of personal data or inefficient use of mobile resources. Of late, couple of malignant applications gather unobtrusive information of the user through third-party applications by increasing their permissions to high-level on the Android Operating System. Android permission system provides, the user access to the third party apps and in return based on the permissions granted by the user, an app can access the related resource from the user's mobile. A user is bound to grant or deny permits during the installation of the application. For the most part, users don't focus on the asked permissions, or sometimes users do not understand the meaning of the permission and install the app on their device. They allow a way for attackers to perform the malicious task by demanding for more than expected set of permissions. These extra permissions permit the attacker to exploit the device and also retrieve sensitive information from it. In this research paper we describe how permission system security can create an awareness among the users that would assist them in deciding on permission grants. This improved and responsible user activities in Android OS can help the users in utilizing their device securely.

show abstract

Section: Permission Systemmentioning

confidence: 99%

“…An individual smart-phone uses various technologies i.e. music player, telephone, advanced camera and much more, which may contain directions for serious roles to abuse different attack routes (Vecchiato et al, 2016).…”

Section: Permission Systemmentioning

confidence: 99%

An Empirical Analysis of Android Permission System Based on User Activities

Khunt

Prabu

2018

Journal of Computer Science

View full text Add to dashboard Cite

show abstract

“…This example illustrates the problem of platform fragmentation. Platform fragmentation occurs when the same operating system, software application and/or hardware component are bundled by multiple entities, with each bundler providing different customizations [35]. A real-world example that demonstrates how Linux platform fragmentation complicates SCAP checklist development is the SCAP Security Guide (SSG) Project [27].…”

Section: Scap Reuse In Manufacturing Environmentsmentioning

confidence: 99%

“…Vecchiato et al [35] have studied configuration assessment data from more than 500 Android smartphones and have found several recurring misconfigurations, the most common being weak passwords and overly-permissive network settings. Android device configuration compliance is an interesting SCAP use case because its platform fragmentation challenges parallel those encountered in manufacturing environments.…”

Section: Relevant Research and Standardsmentioning

confidence: 99%

“…Vecchiato et al [35] have also proposed an intriguing approach for reducing the fragmentation problem -that vendors and researchers work together to transition some Android device capabilities currently available only through vendors to services available through Google Play. The anticipated result of this approach is that vendors could leverage Google Play's automatic update mechanism, enabling third-party software developers and end users to receive new Android features and patches without having to wait for less-frequent Android updates from their carriers.…”

Section: Relevant Research and Standardsmentioning

confidence: 99%

See 1 more Smart Citation

Challenges to Automating Security Configuration Checklists in Manufacturing Environments

Lubell

Zimmerman

2017

Critical Infrastructure Protection XI

View full text Add to dashboard Cite

Information technology is essential to today's manufacturing systems, but it makes them more vulnerable to cyber security threats than ever before. This chapter discusses the challenges to developing automatable configuration checklists for manufacturing environments using the Security Content Automation Protocol (SCAP) family of standards. Increased use of SCAP in manufacturing environments could reduce security vulnerabilities and the likelihood of damaging cyber attacks on manufacturing systems. However, complex relationships and dependencies within and between checklist rules, checking instructions and software result in platform fragmentation. Platform fragmentation makes it difficult to reuse or repurpose existing SCAP-expressed checklist content. Recent research and technological developments can be leveraged to yield potentially promising approaches for mitigating platform fragmentation and improving reuse.

show abstract

A Participatory Privacy Protection Framework for Smart-Phone Application Default Settings

Elahi

Wang

2019

Communications in Computer and Information Science

View full text Add to dashboard Cite

The Perils of Android Security Configuration

Cited by 12 publications

References 6 publications

An Empirical Analysis of Android Permission System Based on User Activities

An Empirical Analysis of Android Permission System Based on User Activities

Challenges to Automating Security Configuration Checklists in Manufacturing Environments

A Participatory Privacy Protection Framework for Smart-Phone Application Default Settings

Contact Info

Product

Resources

About