Analysis of Permission-based Security in Android through Policy Expert, Developer, and End User Perspectives

Being one of the major operating system in smartphone industry, security in Android is paramount importance to end users. Android applications are published through Google Play Store which is an official marketplace for Android. If we have to define the current security policy implemented by Google Play Store for publishing Android applications in one sentence then we can write it as "all are suspect but innocent until proven guilty". It means an application does not have to go through rigorous security review to be accepted for publication. It is assumed that all the applications are benign which does not mean it will remain so in future. If any application is found doing suspicious activities then the application will be categorized as malicious and it will be removed from the Play Store. Though filtering of malicious applications is performed at Play Store, some malicious applications escape the filtering process. Thus, it becomes necessary to take strong security measures at other levels. Security in Android can be enforced at system and application levels. At system level Android uses sandboxing technique while at application level it uses permission. In this paper, we analyze the permission-based security implemented in Android through three different perspectives - policy expert, developer, and end user