Detecting applications with excessive privileges and applications vulnerable to privilege escalation attack in android

Abstract

The rapid growth of capabilities and various services provided by smartphones transformed this device to a repository of private data and important resources and consequently an attractive target for attackers. Among the leaders in the world of smartphones, Android is a novel platform with rapidly growing market share. Number of Android users grows tremendously and preliminary study has shown that there are a number of the users that have little or no knowledge about the security of android based platforms. This is a serious issue because Android has delegated security decisions to the users themselves and furthermore there is no effective auditing on application development in android market. This research focuses on the most important attacks in Android which are concerned with the applications try to acquire excessive privileges by user approval, colluding together or even misusing other applications. The detection mechanisms proposed in this study addressed the mentioned attacks by proposing a method for detecting applications which are able to collude together to acquire excessive privileges and also a method to improve the precision of the existing mechanism for detecting applications vulnerable to be misused by privilege escalation attack. Excessive privileges are detected primarily by checking the application ability to share their permissions and then by comparing the acquired permissions against a set of predefined rules. Proposed mechanisms are integrated and implemented in form of an Android application by using Java (Android) language. The functionality of the implemented application is tested and validated by applying it on a series of applications downloaded from “Google play” and comparing the results with the existing methods. Experiments showed that the mechanism is able to detect applications vulnerable to privilege escalation attack accurately and also applications which are able to collude to obtain excessive permissions and were ignored by the existing methods.