Introduction

The influence of smartphones increases day by day. However its security is still a big issue. The increasing capabilities and computational power of smartphones increased the interest of developers towards the development of applications for this next generation platforms. Smartphones brings the mobility of traditional cell phones and the power of desktop computers in a single unit. Weather updates, e-ticketing, shopping, mobile health and social networking, all on single platform with the additional facility of mobility. Whenever mobility is provided, so security and privacy risks become a major issue at the instance. In this emerging environment, applications are not stand alone. Applications expose its specific features to rest of applications installed on the same platform. And also use features of its neighbour applications for proper functionality. On one side the feature of exposing application components to other applications increases the functionality of any application, so on other side it also welcomes some security threats. These threats cannot be ignore in order to achieve a secure platform.

In the current environment of mobile platforms, Android is quite popular and developer’s focused open source and well customizable software package for cell phone devices. Android is a Google operating system for mobile platforms with the basic functionality of system utilities, middleware in form of VM and some core application like browser, dialler, calculator and some others as well.

The default applications are not quite enough to fully utilise the resources of Android in proper way. Due to the reason the interest of third party developers escalates and creates new applications and launches it to the applications of Android Market. Users are able to download and install the launched applications. This is a sign of high availability of applications for users. But in synchronous the user needs trust full applications, which do not harm their privacy and security issues. Keeping this issue in mind, every application asks for permissions from the user during the time of installation. The permissions required by the applications is mentioned in the applications mainifest.xml file User has only two choices, either to grant all the required permissions and the application will be install. And once the permissions are granted, Android does not provide any facility to revoke those permissions, unless the user uninstalls the application.  If user denies the permissions so the application will fail installation. There is no mechanism to allow a set of permission and deny the rest. Neither Android provides any check on the run time of an application.

The framework provided in this paper keeps check on applications at run time, and helps user to customize permissions after installation, as currently user do not have any control on the permissions after installation. Then only choice user has to deny permissions is at run time, but then the application will not be able to install on the specific system. In this paper the target work is the sequence of permissions of a single application in multiple sessions and multiple applications in single session and multiple sessions. The framework will look after the application sequences to avoid some harmful pattern. Trojans are quite smart enough to double cross the user in one way or another. An application having only the permission of SEND_MESSAGE can grab the location of a user from its neighbour application and can bring its own SEND_MESSAGE permission in use to leak the location of the user. The provided framework abort such sequences and makes the user aware of any act that could be harmful for the security and privacy of the user.

Leave a Reply


(Required)

(Required)