We use cookies on this site. By browsing our site you agree to our use of cookies. Close this message Find out more

Home > Information Security home > Events > ISG Research Seminar 31 (bis) October 2013
More in this section Events articles

ISG Research Seminar 31 (bis) October 2013

Date(s)
31/10/2013 (12:00-13:00)
Contact

Contact: Lorenzo Cavallaro

Description

Speaker: James Sellwood  (Royal Holloway University of London, UK)

James Sellwood was awarded his BSc in Combined Sciences from Southampton University and his MSc in Information Security from Royal Holloway. James works as an Information Security Consultant and is studying part-time for a PhD under the supervision of Dr Jason Crampton. James’ interests include the application of cryptography to real world security problems and the hardware and software components of the security of consumer mobile devices.

Title: Sleeping Android: The Danger of Dormant Permissions

Abstract:

An Android app must be authorized for permissions, defined by the Android platform, in order to access certain capabilities of an Android device. An app developer specifies which permissions an app will require and these permissions must be authorized by the user of the device when the app is installed. Permissions, and the tools that are used to manage them, form the basis of the Android permission architecture, which is an essential part of the access control services provided by the Android platform.

We have analyzed the evolution of the Android permission architecture across six versions of the Android platform, identifying various changes which have occurred during that period and a considerable amount of information about the permission architecture which is not included in the Android documentation. Using this information, we have identified a weakness in the way that the Android platform handles app permissions during platform upgrades. We explain how this weakness may be exploited by a developer to produce malicious software which the average user is unlikely to detect. We conclude with a discussion of potential mitigation techniques for this weakness, highlighting concerns drawn from other research in this area.


   
 
 
 

Comment on this page

Did you find the information you were looking for? Is there a broken link or content that needs updating? Let us know so we can improve the page.

Note: If you need further information or have a question that cannot be satisfied by this page, please call our switchboard on +44 (0)1784 434455.

This window will close when you submit your comment.

Add Your Feedback
Close