The Transitivity of Trust Problem in the Interaction of Android Applications

Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may interact, restricting single applications may create a false sense of security for the end users while data may still leave the mobile phone through other applications. Instead, the information flow needs to be policed for the composite system of applications in a transparent and usable manner. In this paper, we propose to employ static analysis based on the software architecture and focused data flow analysis to scalably detect information flows between components. Specifically, we aim to reveal transitivity of trust problems in multi-component mobile platforms. We demonstrate the feasibility of our approach with Android applications, although the generalization of the analysis to similar composition-based architectures, such as Service-oriented Architecture, can also be explored in the future

Andro-Shield

Today Android has the biggest market share as compared to other operating system for smart phone. As users are continuously increasing day by day the Security is one of the main concerns for Smartphone users. As the features and power of Smartphone are increase, so that they have their vulnerability for attacks by Malwares. But the android is the operating system which is more secure than any other operating systems available for Smart phones. The Android operating system has very few restrictions for developers and it will increase the security risk for end users. I am proposing an android application which is able to perform dynamic analysis on android program. To perform this analysis,I have to deploy the android application, in this proposed system I am going to deploy android application on a local server. This application executes automatically without any human interaction. It automatically detects malware by using pattern matching algorithm. If malware get detected, then user get inform that particular application is malicious and restrict the user from installing application

Review of Malware Defense in Mobile Network using Dynamic Analysis of Android Application

Today Android has the biggest market share as compared to other operating system for smart phone. As users are continuously increasing day by day the Security is one of the main concerns for Smartphone users. As the features and power of Smartphone are increase, so that they has their vulnerability for attacks by Malwares. But the android is the operating system which is more secure than any other operating systems available for Smart phones. The Android operating system has very few restrictions for developers and it will increase the security risk for end users. In this paper we have reviewed android security model, application level security in android and its security issues

Review of Malware Detection in Android Applications using Dynamic Analysis

Today Android has the biggest market share as compared to other operating system for smart phone. As users are continuously increasing day by day the Security is one of the main concerns for Smartphone users. As the features and power of Smartphone are increase, so that they has their vulnerability for attacks by Malwares. But the android is the operating system which is more secure than any other operating systems available for Smart phones. The Android operating system has very few restrictions for developers and it will increase the security risk for end users. In this paper we have reviewed android security model, application level security in android and its security issues

Usability analysis of a novel biometric authentication approach for android-based mobile devices

Mobile devices are widely replacing the standard personal computers thanks to their small size and user-friendly use. As a consequence, the amount of information, often confidential, exchanged through these devices is raising. This makes them potential targets of malicious network hackers. The use of simple passwords or PIN are not sufficient to provide a suitable security level for those applications requiring high protection levels on data and services. In this paper a biometric authentication system, as a running Android application, has been developed and implemented on a real mobile device. A system test on real users has been also carried out in order to evaluate the human-machine interaction quality, the recognition accuracy of the proposed technique, and the scheduling latency of the operating system and its degree of acceptance. Several measures, such as system usability, users satisfaction, and tolerable speed for identification, have been carried out in order to evaluate the performance of the proposed approach

Exploring Archetypes of Value Co-Destructive Privacy Practices

Personal data is a critical resource to tailor digital services to the context of use and the preferences of individual users. Services have the characteristic that users and providers no longer interact in a dyadic relationship but rather in service systems co-creating value. Here, actors can provoke adverse effects that result from misaligned or destructive behavior. In service research, value co-destruction emerged as a perspective to study such undermined value co-creation. We use this lens in the case of information privacy as an example of a normative value. Building on a multi-case analysis of information privacy violations reported in the news, we elucidate seven archetypes of value co- destruction. These archetypes enable an understanding of underlying conceptions and mechanisms of actor arrangements that inhibit the holistic consideration of normative values such as information privacy in digital services

Security-Pattern Recognition and Validation

The increasing and diverse number of technologies that are connected to the Internet, such as distributed enterprise systems or small electronic devices like smartphones, brings the topic IT security to the foreground. We interact daily with these technologies and spend much trust on a well-established software development process. However, security vulnerabilities appear in software on all kinds of PC(-like) platforms, and more and more vulnerabilities are published, which compromise systems and their users. Thus, software has also to be modified due to changing requirements, bugs, and security flaws and software engineers must more and more face security issues during the software design; especially maintenance programmers must deal with such use cases after a software has been released. In the domain of software development, design patterns have been proposed as the best-known solutions for recurring problems in software design. Analogously, security patterns are best practices aiming at ensuring security. This thesis develops a deeper understanding of the nature of security patterns. It focuses on their validation and detection regarding the support of reviews and maintenance activities. The landscape of security patterns is diverse. Thus, published security patterns are collected and organized to identify software-related security patterns. The description of the selected software-security patterns is assessed, and they are compared against the common design patterns described by Gamma et al. to identify differences and issues that may influence the detection of security patterns. Based on these insights and a manual detection approach, we illustrate an automatic detection method for security patterns. The approach is implemented in a tool and evaluated in a case study with 25 real-world Android applications from Google Play