Вы находитесь на странице: 1из 4

A Review on Android Security Threats

Abhishek Tiwari1, Mansi Mishra2, Pragya Kamal3

Student1, Student2, Department of Information Technology, Buddha Institute Of Technology
13it001@bit.ac.in1, 13it015@bit.ac.in2, pragyakamal379@bit.ac.in3
Assistant Professor3, Department of Information Technology, Buddha Institute of Technology

Abstract Android is currently the worlds most popular and widely decide for themselves whether an app is safe to use. According
used operating system in smartphones. It has gained huge market to the annual Mobile Threat Report (2013) by Juniper Networks
share due to its open architecture and the popularity of its application release, Mobile malware grew at a rate of 614 percent during the
programming interface in the developer community. While the power past year (Kerr 2013), of which 92 percent are targeted
of Android comes in the form of its openness and easy to learn and
specifically at Android. This paper aims at complementing the
implement nature. it obviously exposes the group of interconnected
system to certain level of security risks to the end users. Increased former reviews by expanding the coverage of various Android
popularity of the Android devices and associated monetary benefits threats. In this survey, we will cover about Android OS security
attracted the malware developers, resulting in big rise of the Android threats. The rest of this paper is organized as follows: We first
malware apps. These issues could range from the client side injection, describe the Android OS and application and their architectures
improper session handling, broken cryptography, insufficient in Section II and then some basic Android security threats and
transport layer protection to insecure data storage. This survey issues in Section III and Finally, conclusion in Section IV.
extensively covers various android OS specific threats and
vulnerabilities. II. Android OS and Applications Architecture
Keywords- Android, Security, Threats, Vulnerabilities, Malware,
In this section we describe the architecture of the Android OS
Smartphones, Risks, Application, Developer. and its applications. Android is being developed and maintained
by Google and promoted by the Open Handset Alliance (OHA).
I. INTRODUCTION Android OS is placed on top of the Linux kernel and it includes
With the recent rapid development of mobile technologies, the middleware, libraries and APIs written in c language, and
Android has gained a tremendous number of users over the last application software running on an application framework
few years as smartphone [1] . Android developed in Linux kernel which includes Java-compatible libraries. Androids source code
has become the world most popular mobile operating system is released by Google under open source licenses.
due to its features such as open source and easy application
development. However, threats also soar in the meanwhile [3].
Android OS allows developer freedom access and modify the
source code of apps running on it. So Android is providing a
free platform to the developers with numerous facilities to
generate new applications in a rapid rate. Various apps running
on this platform, providing customized services for both
individuals and enterprises. Mobile phones also cause security
vulnerabilities and threats due to its huge storage of personal
information and business privacy. Security of Android OS has
been a great concern in the worldwide [5][2]. Due to the large user
base, smart devices are used to store sensitive personal
information more frequently than laptops and desktops. As a
consequence, Android malware can not only steal private
information, such as the contact list, text messages, and location
from its user, but can also gain control of device, cause financial
loss of the users by making secretive premium rate phone calls,
text messages and stealing money from bank accounts[4]. There
are a large variety of Android vulnerabilities and they can occur
in any layers of Android OS stack, such as application layer or
framework layer. Various security issues such as unauthorized
access from one app to the others [5] (information leakage),
permission escalation, repackaging apps to inject malicious
1. Linux kernel
code, colluding, and Denial of Service (DoS) attacks. At the
The basic layer is the Linux Kernel. The whole Android OS is
same time, the rapid growth of the number of applications on
built on top of the Linux Kernel with some further architectural
Android markets makes it hard for app market places, such as
changes [6]. Please dont get confused by the terms Linux and
Google App Store for example, to thoroughly verify if an app is
Linux Kernel. The term Kernel means the core of any
legitimate or malicious. As a result, mobile users are left to
Operating System. By saying Android is based upon Linux
Kernel, it doesnt mean that it is another Linux distribution. It is (Ahead of Time) compilation and improved garbage collection
not like that. It simply means, Android at its core is Linux. But which boost the performance of apps significantly.
you cant run any Linux packages on Android. It is a totally Core Java Libraries:
different OS. It is this Linux kernel that interacts with the These are different from Java SE and Java ME libraries.
hardware and it contains all the essential hardware However these libraries provide most of the functionalities
drivers. Drivers are programs that control and communicate defined in the Java SE libraries.
with the hardware. For example, consider the Bluetooth 4. Application Framework
function. All devices have Bluetooth hardware in it. Therefore These are the blocks that our applications directly interact with.
the kernel must include a Bluetooth driver to communicate with These programs manage the basic functions of phone like
the Bluetooth hardware. The Linux kernel also acts as an resource management, voice call management etc. As a
abstraction layer between the hardware and other software developer, you just consider these are some basic tools with
layers. Android is built on a most popular and proven which we are building our applications.
foundation, the porting of Android to variety of hardware Important blocks of Application framework are:
became a relatively painless task. Activity Manager: Manages the activity life cycle of
2. Libraries applications
The next layer is the Androids native libraries. It is this layer Content Providers: Manage the data sharing between
that enables the device to handle different types of data. These applications
libraries are written in c or c++ language and are specific for a Telephony Manager: Manages all voice calls. We use
particular hardware. telephony manager if we want to access voice calls in our
Some of the important native libraries include the following: application.
Surface Manager: It is used for compositing window manager Location Manager: Location management, using GPS or cell
with off-screen buffering. Off-screen buffering means the apps tower
cant directly draw into the screen; instead the drawings go to Resource Manager: Manage the various types of resources we
the off-screen buffer. There it is combined with other drawings use in our Application
and form the final screen the user will see. This off screen buffer Notications Manager: Notications Manager allows
is the reason behind the transparency of windows. applications to display alerts and notications to the user. With
Media framework: Media framework provides different media this service, apps can notify the user of events that happen in the
codecs allowing the recording and playback of different media background.
formats 5. Applications
SQLite: SQLite is the database engine used in android for data Applications are the top layer in the Android architecture and
storage purposes this is where our applications are going to fit into. Several
WebKit: It is the browser engine used to display HTML content standard applications come pre-installed with every device, such
OpenGL: Used to render 2D or 3D graphics content to the as:
screen. SMS client app
3. Android Runtime Dialer
Android Runtime consists of Dalvik Virtual machine and Core Web browser
Java libraries. Contact manager
Dalvik Virtual Machine: As a developer we are able to write an app which replaces any
It is a type of JVM used in android devices to run apps and is existing system app. That is, you are not limited in accessing
optimized for low processing power and low memory any particular feature. You are practically limitless and can
environments. Unlike the JVM, the Dalvik Virtual Machine whatever you want to do with the android (as long as the users
doesnt run .class files, instead it runs .dex files. .dex files are of your app permit it). Thus Android is opening endless
built from .class file at the time of compilation and provide opportunities to the developer.
higher efficiency in low resource environments. The Dalvik VM III. Android Security Issues and Threats
allows multiple instance of Virtual machine to be created The Android ecosystem has two main security risks, according
simultaneously providing security, isolation, memory to mobile security experts:
management and threading support. The Google Play Store
ART: The fragmentation of devices and OS versions
Google has introduced a new virtual machine known as ART
(Android Runtime) in their newer releases of Android. In The Google Play Store's risks: Android is a truly open OS, and
Lollipop, the Dalvik Virtual Machine is completely replaced by that makes it risky and leads to potential security vulnerabilities
ART. ART has many advantages over Dalvik VM such as AOT when not managed coherently. Google Play (formerly called the
Android Market), the digital distribution platform for
applications for Android devices, is itself a source of potential since they tend to rush through prompted permission request
security risks. "With Google Play, there is a higher percentage screens to get to use the application. Only a small portion (3%)
of apps that contain malware, or social engineering to connect to of users is cautious and makes correct answers to permission
malware, than any other app store by an order of magnitude, granting questions [7]. the reasons for the ineffectiveness of the
"It's not a well-policed environment, and these factors continue current permission control system include: (1) inexperienced
to create friction or resistance toward greater adoption of users do not realize resource requests are irrelevant and will
Android in the enterprise." When users download apps from compromise their privacy, (2) users have the urge to use the app
Google Play, they often don't pay attention to the extent of and may be obliged to exchange their privacy for using the app
permissions an app can have on their device, "They usually just .
accept the permission during installation, and more often than 2. Email Links and Downloads
not, apps ask for more permissions than they really need." In this threat, you have been sent a message that suggests going
Android security is built upon a permission-based mechanism to a suspicious-sounding website or there is an unsolicited
which regulates the access of third-party Android applications to attachment, it is best to delete the email. The easiest way to stay
critical resources on an Android device. Such permission-based away from this type of threat is to tell anyone that may
mechanism is widely criticized for its coarse-grained control of potentially email you to put a subject title that clearly identifies
application permissions and the inefcient permission the subject matter, so you know the content is safe.
management, by developers, marketers, and end-users. For 3. Repackaging Apps
example, users can either accept all permission requests from an Repackaging is one of the most important and common security
app to install it, or not to install the app. This type of permission issues of the Android OS. Repackaging is the process of
management is proved to be undesirable for the devices security. disassembling/decompiling of .apk les using reverse-
In this section, we discuss the main security issues of the engineering techniques and adding (injecting) malicious code
Android, which leads to user information leakage and puts the into the main source code. Repackaging techniques that can be
users privacy in jeopardy [11]. used on the Android platform allow malicious code to be
The fragmentation of devices and OS versions disguised as a normal app. It is difcult to distinguish between a
The Android platform also suffers the issue of fragmentation; repackaged malicious code and a normal app because the
there are multiple versions of Android in the market, even on repackaged app usually appears to function in the same way as
current devices. Manufacturers often make their own changes to the legitimate one. The repackaging steps are as follows [8][9]:
Android, so they could be behind Google's current reference Unpacking: unpacking APK les using available tools such as
release. In addition, carriers and manufacturers may not update apktool, which is a tool based on reverse-engineering.
their devices' Android version when Google does, or they take Decompiling: decompiling the Java source code using JAD and
months or even years to do so. As a result, many people within extracting the source code of Java classes.
the same organization might be using outdated versions that Code injection: injecting Code and adding resources into the
could be riddled with security vulnerabilities. Research shows main source code using Java developing environments.
that a majority of Android device users worldwide have devices Repacking: rebuilding the les using apktool and signing the
with noncurrent versions of the OS, If users have older versions generated les using jarsigner. Geimini and KungFu are
of Android, that could mean vulnerabilities are left unpatched examples of trojans which are based on APK repackaging.
and new features of the OS won't reach them. The fragmentation These trojans can be bundled into many valid Android apps.
issue multiplies the attack surface; thus, there's no single 4: Denial of Service (DoS) attack
security solution that will fit all of Android's variations. The increasing number of smart phone users and prevalence of
mobile devices (phones, tablets) which are connected to the
There are some other threats stated Internet can be a platform for growth of DoS attacks. Since the
majority of smartphones are not equipped with the same
1. Information leakage: protections (i.e. anti-virus programs) as PCs, malicious apps nd
In current Android architecture design, apps are restricted from it as a proper platform for DoS attacks. Overusing limited CPU,
accessing resources or other apps unless it is authorized by the memory, network bandwidth and battery power are the main
users. Users have to grant all resource access requests before goals of DoS attacks [10].
installing and using an app. Information leakage occurs when 5. Colluding
users grant resources without any restriction from OS [24][25]. Colluding threat is a client-side attack. In this attack, users
This is done by privilege escalation attack. With more than 1.4 install a set of apps developed by the same developer and same
million available apps in Google Play, a signicant number of certicate and grant different types of permissions including
malicious apps have been exposed to Android users for sensitive and non-sensitive. After installing apps, these apps can
installation. However, when installing a new app, only a small take advantage of a shared UID and get access to all their
portion of users pay attention to the resource being requested, permissions and resources [12].
6. Bots, Trojans and malwares [10] E. Kovacs, Wi- direct aw exposes android devices to dos attacks,
Online; accessed at July 8, 2015, http://www.securityweek.com/wi--
These are malicious software which when downloaded by user
may harm their system by various ways. Bots are sometimes [11] P. Faruki, A. Bharmal, V. Laxmi, V. Ganmoor, M. Gaur, M. Conti, and
hard to recognize and may come in various forms. They also R. Muttukrishnan, Android security: A survey of issues, malware
may cause numerous issues to your Android security. Bots are penetration and defenses, 2015. [Online]. Available:
sometimes able to act as a key logger, which means they can
[12] C. Marforio,A. Francillon, and S. Capkun, Application Collusion Attack
give your login information to cyber-criminals that will use it on the Permission-Based Security Model and Its Implications for Modern
for spam or to steal your identity, gain access of your device. Smartphone Systems. Department of Computer Science, ETH
This threat is best put to rest by staying away from third-party Zurich,2010[Online].
apps that appear suspicious and to avoid downloading untrusted
IV. Conclusion
Along with the increasing prevalence of Android smartphones,
the number of Android apps including malware is increasing
daily. Despite deployed Android security mechanisms, malware
take advantage of the Android security loopholes to misuse the
granted resources. There by, many efforts have been proposed to
restrict the outreach of vulnerabilities in Android devices. In this
survey we investigated about many obvious types of threats
concerning the security of android and stated about android


[1] Gartner, Gartner: 1.1 billion android smartphones,

Tablets expected to ship in 2014 Online; accessed at
June 5, 2015, http://tinyurl.com/n8t3h9y.
[2] Parvez Faruki, Ammar Bharmal, Vijay Laxmi: "Android Security:
A Survey of Issues, Malware Penetration, and Defenses" Authors,
Computer Eng. Dept., Malaviya Nat. Inst. of Technol. (MNIT),
Jaipur, India.
[3] Maya Krishnan: "Survey on Security Risks in Android OS and an
Introduction to Samsung KNOX" Author,
Department of Computer Science, CMRIT, India.
[4] A clear-eyed A clear-eyed guide to Android's actual security
Risks>BY>Bob Violino
[6] Android Operating System Architecture
[7] A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner,
Android permissions: User attention, comprehension, and behavior, in
Proc. of the 8th Symposium on Usable Privacy and Security (SOUPS12),
Pittsburgh, PA, USA. ACM, July 2012, pp. 3:13:14.[Online].Available:
[8] H. Huang, S. Zhu, P. Liu, and D. Wu, A framework for evaluating
mobile app repackaging detection algorithms, in Proc. of the 6th
International Conference on Trust and Trustworthy Computing
(TRUST13), London, UK, LNCS, M. Huth, N. Asokan, S. Capkun, I.
Flechais, and L. ColesKemp, Eds., vol. 7904. Springer Berlin Heidelberg,
June 2013, pp. 169186. [Online]. Available:
http://dx.doi.org/10.1007/978-3-642-38908-5 13
[9] W. Zhou, Y. Zhou, X. Jiang, and P. Ning, Detecting repackaged
smartphone applications in third-party android marketplaces, in Proc. of
the 2nd ACM Conference on Data and Application Security and Privacy
(CODASPY12), San Antonio, Texas, USA. ACM,March2012,pp.317
326.[Online].Available: http://doi.acm.org/10.1145/2133601.2133640