A Review on Android Security Threats

Abhishek Tiwari1, Mansi Mishra2, Pragya Kamal3

Student1, Student2, Department of Information Technology, Buddha Institute Of Technology
13it001@bit.ac.in1, 13it015@bit.ac.in2, pragyakamal379@bit.ac.in3
Assistant Professor3, Department of Information Technology, Buddha Institute of Technology
pragyakamal379@bit.ac.in

Abstract Android is currently the worlds most popular and widely decide for themselves whether an app is safe to use. According
used operating system in smartphones. It has gained huge market to the annual Mobile Threat Report (2013) by Juniper Networks
share due to its open architecture and the popularity of its application release, Mobile malware grew at a rate of 614 percent during the
programming interface in the developer community. While the power past year (Kerr 2013), of which 92 percent are targeted
of Android comes in the form of its openness and easy to learn and
specifically at Android. This paper aims at complementing the
implement nature. it obviously exposes the group of interconnected
system to certain level of security risks to the end users. Increased former reviews by expanding the coverage of various Android
popularity of the Android devices and associated monetary benefits threats. In this survey, we will cover about Android OS security
attracted the malware developers, resulting in big rise of the Android threats. The rest of this paper is organized as follows: We first
malware apps. These issues could range from the client side injection, describe the Android OS and application and their architectures
improper session handling, broken cryptography, insufficient in Section II and then some basic Android security threats and
transport layer protection to insecure data storage. This survey issues in Section III and Finally, conclusion in Section IV.
extensively covers various android OS specific threats and
vulnerabilities. II. Android OS and Applications Architecture
Keywords- Android, Security, Threats, Vulnerabilities, Malware,
In this section we describe the architecture of the Android OS
Smartphones, Risks, Application, Developer. and its applications. Android is being developed and maintained
by Google and promoted by the Open Handset Alliance (OHA).
I. INTRODUCTION Android OS is placed on top of the Linux kernel and it includes
With the recent rapid development of mobile technologies, the middleware, libraries and APIs written in c language, and
Android has gained a tremendous number of users over the last application software running on an application framework
few years as smartphone [1] . Android developed in Linux kernel which includes Java-compatible libraries. Androids source code
has become the world most popular mobile operating system is released by Google under open source licenses.
due to its features such as open source and easy application
development. However, threats also soar in the meanwhile [3].
Android OS allows developer freedom access and modify the
source code of apps running on it. So Android is providing a
free platform to the developers with numerous facilities to
generate new applications in a rapid rate. Various apps running
on this platform, providing customized services for both
individuals and enterprises. Mobile phones also cause security
vulnerabilities and threats due to its huge storage of personal
information and business privacy. Security of Android OS has
been a great concern in the worldwide [5][2]. Due to the large user
base, smart devices are used to store sensitive personal
information more frequently than laptops and desktops. As a
consequence, Android malware can not only steal private
information, such as the contact list, text messages, and location
from its user, but can also gain control of device, cause financial
loss of the users by making secretive premium rate phone calls,
text messages and stealing money from bank accounts[4]. There
are a large variety of Android vulnerabilities and they can occur
in any layers of Android OS stack, such as application layer or
framework layer. Various security issues such as unauthorized
access from one app to the others [5] (information leakage),
permission escalation, repackaging apps to inject malicious
1. Linux kernel
code, colluding, and Denial of Service (DoS) attacks. At the
The basic layer is the Linux Kernel. The whole Android OS is
same time, the rapid growth of the number of applications on
built on top of the Linux Kernel with some further architectural
Android markets makes it hard for app market places, such as
changes [6]. Please dont get confused by the terms Linux and
Google App Store for example, to thoroughly verify if an app is
Linux Kernel. The term Kernel means the core of any
legitimate or malicious. As a result, mobile users are left to
Operating System. By saying Android is based upon Linux
Kernel, it doesnt mean that it is another Linux distribution. It is
not like that. It simply means, Android at its core is Linux. But
you cant run any Linux packages on Android. It is a totally
different OS. It is this Linux kernel that interacts with the
hardware and it contains all the essential hardware
drivers. Drivers are programs that control and communicate
with the hardware. For example, consider the Bluetooth
function. All devices have Bluetooth hardware in it. Therefore
the kernel must include a Bluetooth driver to communicate with
the Bluetooth hardware. The Linux kernel also acts as an
abstraction layer between the hardware and other software
layers. Android is built on a most popular and proven
foundation, the porting of Android to variety of hardware
became a relatively painless task.
2. Libraries
The next layer is the Androids native libraries. It is this layer
that enables the device to handle different types of data. These
libraries are written in c or c++ language and are specific for a
particular hardware.
Some of the important native libraries include the following:
Surface Manager: It is used for compositing window manager
with off-screen buffering. Off-screen buffering means the apps
cant directly draw into the screen; instead the drawings go to
the off-screen buffer. There it is combined with other drawings
and form the final screen the user will see. This off screen buffer
is the reason behind the transparency of windows.
Media framework: Media framework provides different media
codecs allowing the recording and playback of different media
formats
SQLite: SQLite is the database engine used in android for data
storage purposes
WebKit: It is the browser engine used to display HTML content
OpenGL: Used to render 2D or 3D graphics content to the
screen.
3. Android Runtime
Android Runtime consists of Dalvik Virtual machine and Core
Java libraries.
Dalvik Virtual Machine:
It is a type of JVM used in android devices to run apps and is
optimized for low processing power and low memory
environments. Unlike the JVM, the Dalvik Virtual Machine
doesnt run .class files, instead it runs .dex files. .dex files are
built from .class file at the time of compilation and provide
higher efficiency in low resource environments. The Dalvik VM
allows multiple instance of Virtual machine to be created
simultaneously providing security, isolation, memory
management and threading support.
ART:
Google has introduced a new virtual machine known as ART
(Android Runtime) in their newer releases of Android. In
Lollipop, the Dalvik Virtual Machine is completely replaced by
ART. ART has many advantages over Dalvik VM such as AOT
(Ahead of Time) compilation and improved garbage collection
which boost the performance of apps significantly.
Core Java Libraries:
These are different from Java SE and Java ME libraries.
However these libraries provide most of the functionalities
defined in the Java SE libraries.
4. Application Framework
These are the blocks that our applications directly interact with.
These programs manage the basic functions of phone like
resource management, voice call management etc. As a
developer, you just consider these are some basic tools with
which we are building our applications.
Important blocks of Application framework are:
Activity Manager: Manages the activity life cycle of
applications
Content Providers: Manage the data sharing between
applications
Telephony Manager: Manages all voice calls. We use
telephony manager if we want to access voice calls in our
application.
Location Manager: Location management, using GPS or cell
tower
Resource Manager: Manage the various types of resources we
use in our Application
Notications Manager: Notications Manager allows
applications to display alerts and notications to the user. With
this service, apps can notify the user of events that happen in the
background.
5. Applications
Applications are the top layer in the Android architecture and
this is where our applications are going to fit into. Several
standard applications come pre-installed with every device, such
as:
SMS client app
Dialer
Web browser
Contact manager
As a developer we are able to write an app which replaces any
existing system app. That is, you are not limited in accessing
any particular feature. You are practically limitless and can
whatever you want to do with the android (as long as the users
of your app permit it). Thus Android is opening endless
opportunities to the developer.
III. Android Security Issues and Threats
The Android ecosystem has two main security risks, according
to mobile security experts:
The Google Play Store
The fragmentation of devices and OS versions
The Google Play Store's risks: Android is a truly open OS, and
that makes it risky and leads to potential security vulnerabilities
when not managed coherently. Google Play (formerly called the
Android Market), the digital distribution platform for
applications for Android devices, is itself a source of potential
security risks. "With Google Play, there is a higher percentage
of apps that contain malware, or social engineering to connect to
malware, than any other app store by an order of magnitude,
"It's not a well-policed environment, and these factors continue
to create friction or resistance toward greater adoption of
Android in the enterprise." When users download apps from
Google Play, they often don't pay attention to the extent of
permissions an app can have on their device, "They usually just
accept the permission during installation, and more often than
not, apps ask for more permissions than they really need."
Android security is built upon a permission-based mechanism
which regulates the access of third-party Android applications to
critical resources on an Android device. Such permission-based
mechanism is widely criticized for its coarse-grained control of
application permissions and the inefcient permission
management, by developers, marketers, and end-users. For
example, users can either accept all permission requests from an
app to install it, or not to install the app. This type of permission
management is proved to be undesirable for the devices security.
In this section, we discuss the main security issues of the
Android, which leads to user information leakage and puts the
users privacy in jeopardy [11].
The fragmentation of devices and OS versions
The Android platform also suffers the issue of fragmentation;
there are multiple versions of Android in the market, even on
current devices. Manufacturers often make their own changes to
Android, so they could be behind Google's current reference
release. In addition, carriers and manufacturers may not update
their devices' Android version when Google does, or they take
months or even years to do so. As a result, many people within
the same organization might be using outdated versions that
could be riddled with security vulnerabilities. Research shows
that a majority of Android device users worldwide have devices
with noncurrent versions of the OS, If users have older versions
of Android, that could mean vulnerabilities are left unpatched
and new features of the OS won't reach them. The fragmentation
issue multiplies the attack surface; thus, there's no single
security solution that will fit all of Android's variations.
There are some other threats stated
1. Information leakage:
In current Android architecture design, apps are restricted from
accessing resources or other apps unless it is authorized by the
users. Users have to grant all resource access requests before
installing and using an app. Information leakage occurs when
users grant resources without any restriction from OS [24][25].
This is done by privilege escalation attack. With more than 1.4
million available apps in Google Play, a signicant number of
malicious apps have been exposed to Android users for
installation. However, when installing a new app, only a small
portion of users pay attention to the resource being requested,
since they tend to rush through prompted permission request
screens to get to use the application. Only a small portion (3%)
of users is cautious and makes correct answers to permission
granting questions [7]. the reasons for the ineffectiveness of the
current permission control system include: (1) inexperienced
users do not realize resource requests are irrelevant and will
compromise their privacy, (2) users have the urge to use the app
and may be obliged to exchange their privacy for using the app
[5]
.
2. Email Links and Downloads
In this threat, you have been sent a message that suggests going
to a suspicious-sounding website or there is an unsolicited
attachment, it is best to delete the email. The easiest way to stay
away from this type of threat is to tell anyone that may
potentially email you to put a subject title that clearly identifies
the subject matter, so you know the content is safe.
3. Repackaging Apps
Repackaging is one of the most important and common security
issues of the Android OS. Repackaging is the process of
disassembling/decompiling of .apk les using reverse-
engineering techniques and adding (injecting) malicious code
into the main source code. Repackaging techniques that can be
used on the Android platform allow malicious code to be
disguised as a normal app. It is difcult to distinguish between a
repackaged malicious code and a normal app because the
repackaged app usually appears to function in the same way as
the legitimate one. The repackaging steps are as follows [8][9]:
Unpacking: unpacking APK les using available tools such as
apktool, which is a tool based on reverse-engineering.
Decompiling: decompiling the Java source code using JAD and
extracting the source code of Java classes.
Code injection: injecting Code and adding resources into the
main source code using Java developing environments.
Repacking: rebuilding the les using apktool and signing the
generated les using jarsigner. Geimini and KungFu are
examples of trojans which are based on APK repackaging.
These trojans can be bundled into many valid Android apps.
4: Denial of Service (DoS) attack
The increasing number of smart phone users and prevalence of
mobile devices (phones, tablets) which are connected to the
Internet can be a platform for growth of DoS attacks. Since the
majority of smartphones are not equipped with the same
protections (i.e. anti-virus programs) as PCs, malicious apps nd
it as a proper platform for DoS attacks. Overusing limited CPU,
memory, network bandwidth and battery power are the main
goals of DoS attacks [10].
5. Colluding
Colluding threat is a client-side attack. In this attack, users
install a set of apps developed by the same developer and same
certicate and grant different types of permissions including
sensitive and non-sensitive. After installing apps, these apps can
take advantage of a shared UID and get access to all their
permissions and resources [12].
6. Bots, Trojans and malwares [10] E. Kovacs, Wi- direct aw exposes android devices to dos attacks,
Online; accessed at July 8, 2015, http://www.securityweek.com/wi--
These are malicious software which when downloaded by user
direct-aw-exposes-android-devices-dos-attacks.
may harm their system by various ways. Bots are sometimes [11] P. Faruki, A. Bharmal, V. Laxmi, V. Ganmoor, M. Gaur, M. Conti, and
hard to recognize and may come in various forms. They also R. Muttukrishnan, Android security: A survey of issues, malware
may cause numerous issues to your Android security. Bots are penetration and defenses, 2015. [Online]. Available:
http://dx.doi.org/10.1109/COMST.2014.2386139
sometimes able to act as a key logger, which means they can
[12] C. Marforio,A. Francillon, and S. Capkun, Application Collusion Attack
give your login information to cyber-criminals that will use it on the Permission-Based Security Model and Its Implications for Modern
for spam or to steal your identity, gain access of your device. Smartphone Systems. Department of Computer Science, ETH
This threat is best put to rest by staying away from third-party Zurich,2010[Online].
Available:https://books.google.com/books?id=nvszMwEACAAJ
apps that appear suspicious and to avoid downloading untrusted
software.
IV. Conclusion
Along with the increasing prevalence of Android smartphones,
the number of Android apps including malware is increasing
daily. Despite deployed Android security mechanisms, malware
take advantage of the Android security loopholes to misuse the
granted resources. There by, many efforts have been proposed to
restrict the outreach of vulnerabilities in Android devices. In this
survey we investigated about many obvious types of threats
concerning the security of android and stated about android
architecture.

V. REFERENCES

[1] Gartner, Gartner: 1.1 billion android smartphones,

Tablets expected to ship in 2014 Online; accessed at
June 5, 2015, http://tinyurl.com/n8t3h9y.
[2] Parvez Faruki, Ammar Bharmal, Vijay Laxmi: "Android Security:
A Survey of Issues, Malware Penetration, and Defenses" Authors,
Computer Eng. Dept., Malaviya Nat. Inst. of Technol. (MNIT),
Jaipur, India.
[3] Maya Krishnan: "Survey on Security Risks in Android OS and an
Introduction to Samsung KNOX" Author,
Department of Computer Science, CMRIT, India.
[4] A clear-eyed A clear-eyed guide to Android's actual security
Risks>BY>Bob Violino
http://www.infoworld.com/article/2609338/android/a-clear-eyed-guide-
to-android-s-actual-security-risks.html
[5] 5 SECURITY THREATS TO YOUR ANDROID PHONE at
koolspan.com
[6] Android Operating System Architecture
http://www.eazytutz.com/android/android-architecture/
[7] A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner,
Android permissions: User attention, comprehension, and behavior, in
Proc. of the 8th Symposium on Usable Privacy and Security (SOUPS12),
Pittsburgh, PA, USA. ACM, July 2012, pp. 3:13:14.[Online].Available:
http://doi.acm.org/10.1145/2335356.2335360
[8] H. Huang, S. Zhu, P. Liu, and D. Wu, A framework for evaluating
mobile app repackaging detection algorithms, in Proc. of the 6th
International Conference on Trust and Trustworthy Computing
(TRUST13), London, UK, LNCS, M. Huth, N. Asokan, S. Capkun, I.
Flechais, and L. ColesKemp, Eds., vol. 7904. Springer Berlin Heidelberg,
June 2013, pp. 169186. [Online]. Available:
http://dx.doi.org/10.1007/978-3-642-38908-5 13
[9] W. Zhou, Y. Zhou, X. Jiang, and P. Ning, Detecting repackaged
smartphone applications in third-party android marketplaces, in Proc. of
the 2nd ACM Conference on Data and Application Security and Privacy
(CODASPY12), San Antonio, Texas, USA. ACM,March2012,pp.317
326.[Online].Available: http://doi.acm.org/10.1145/2133601.2133640