Published at:  The 2010 International Workshop on Smartphone Applications and Services (Smartphone 2010) will be held in Gwangju, Korea, December 9-11, 2010.

Title: Android Runtime Security Policy Enforcement Framework

Authors: Hammad Banuri1 · Masoom Alam1 · Shahryar Khan1 · Jawad Manzoor1 · Bahar Ali1 · Yasar Khan1 · Mohsin Yaseen1 · Mir Nauman
Tahir1 · 1 Tamleek Ali · Xinwen Zhang2

Abstract: Today smart phone’s malwares are deceptive enough to spoof itself as a legal mobile application. The front end service of Trojans is attractive enough to deceive mobile users. Mobile users download similar malwares without knowing their illegitimate background threat. Unlike other vendors, Android is an open source mobile operating system and hence it lacks a dedicated team to analyze the application code and
decide its trustworthiness. We propose an augmented framework for Android that monitors the dynamic behavior of application during its execution. Our proposed architecture called Security Enhanced Android Framework (seaf) validates the behavior of an application through its permissions exercising patterns. Based on the exercised permissions’ combination, the mobile user is intimated about the dangerous behavior of an application. We have implemented the proposed framework within Android software stack and ported it to device. Our initial investigation shows that our solution is practical enough to be used in the consumer market.


Leave a Reply