Unravelling Security Issues of Runtime Permissions in Android View Full Text


Ontology type: schema:ScholarlyArticle     


Article Info

DATE

2018-10-25

AUTHORS

Efthimios Alepis, Constantinos Patsakis

ABSTRACT

Mobile computing is conquering human-computer interaction and user Internet access over the last years. At the same time, smartphone devices are equipped with an increasing number of sensors, realizing context awareness, while accompanying their users in their daily life. As a result, these highly sophisticated and multi-modal devices deal with a surprisingly big amount of data, much of which is private and sensitive. To control data access, OSes have special permission mechanisms, often controlled by the users. The Android permission model has radically changed over the last years, in an effort to become more flexible and protect its users more effectively. This work presents a thorough analysis of the new android permission architecture, accompanied with a criticism regarding its advantages and disadvantages based on a number of disclosed security issues. More... »

PAGES

45-63

References to SciGraph publications

  • 2014. Attacks on Android Clipboard in DETECTION OF INTRUSIONS AND MALWARE, AND VULNERABILITY ASSESSMENT
  • 2011. Privilege Escalation Attacks on Android in INFORMATION SECURITY
  • 2017-04-06. Automated generation of colluding apps for experimental research in JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES
  • 2017-11-22. Hey Doc, Is This Normal?: Exploring Android Permissions in the Post Marshmallow Era in SECURITY, PRIVACY, AND APPLIED CRYPTOGRAPHY ENGINEERING
  • 2012. Android Security Permissions – Can We Trust Them? in SECURITY AND PRIVACY IN MOBILE INFORMATION AND COMMUNICATION SYSTEMS
  • 2013. Hey, You, Get Off of My Clipboard in FINANCIAL CRYPTOGRAPHY AND DATA SECURITY
  • 2012. A Conundrum of Permissions: Installing Applications on an Android Smartphone in FINANCIAL CRYPTOGRAPHY AND DATA SECURITY
  • 2017-10-12. Trapped by the UI: The Android Case in RESEARCH IN ATTACKS, INTRUSIONS, AND DEFENSES
  • 2016-12-10. AndroPatchApp: Taming Rogue Ads in Android in MOBILE, SECURE, AND PROGRAMMABLE NETWORKING
  • Identifiers

    URI

    http://scigraph.springernature.com/pub.10.1007/s41635-018-0053-2

    DOI

    http://dx.doi.org/10.1007/s41635-018-0053-2

    DIMENSIONS

    https://app.dimensions.ai/details/publication/pub.1107828970


    Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
    Incoming Citations Browse incoming citations for this publication using opencitations.net

    JSON-LD is the canonical representation for SciGraph data.

    TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

    [
      {
        "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
        "about": [
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "name": "Information and Computing Sciences", 
            "type": "DefinedTerm"
          }, 
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0806", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "name": "Information Systems", 
            "type": "DefinedTerm"
          }
        ], 
        "author": [
          {
            "affiliation": {
              "alternateName": "Department of Informatics, University of Piraeus, 80, Karaoli, Dimitriou, 18534, Piraeus, Greece", 
              "id": "http://www.grid.ac/institutes/grid.4463.5", 
              "name": [
                "Department of Informatics, University of Piraeus, 80, Karaoli, Dimitriou, 18534, Piraeus, Greece"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Alepis", 
            "givenName": "Efthimios", 
            "id": "sg:person.015577045277.19", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015577045277.19"
            ], 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "Department of Informatics, University of Piraeus, 80, Karaoli, Dimitriou, 18534, Piraeus, Greece", 
              "id": "http://www.grid.ac/institutes/grid.4463.5", 
              "name": [
                "Department of Informatics, University of Piraeus, 80, Karaoli, Dimitriou, 18534, Piraeus, Greece"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Patsakis", 
            "givenName": "Constantinos", 
            "id": "sg:person.014242524451.59", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014242524451.59"
            ], 
            "type": "Person"
          }
        ], 
        "citation": [
          {
            "id": "sg:pub.10.1007/978-3-319-71501-8_4", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1092867567", 
              "https://doi.org/10.1007/978-3-319-71501-8_4"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-34638-5_6", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1036892534", 
              "https://doi.org/10.1007/978-3-642-34638-5_6"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-18178-8_30", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1018279739", 
              "https://doi.org/10.1007/978-3-642-18178-8_30"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-319-08509-8_5", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1035961984", 
              "https://doi.org/10.1007/978-3-319-08509-8_5"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-319-66332-6_15", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1092165462", 
              "https://doi.org/10.1007/978-3-319-66332-6_15"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-39884-1_12", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1017031502", 
              "https://doi.org/10.1007/978-3-642-39884-1_12"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/s11416-017-0296-4", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1084519602", 
              "https://doi.org/10.1007/s11416-017-0296-4"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-30244-2_4", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1041452416", 
              "https://doi.org/10.1007/978-3-642-30244-2_4"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-319-50463-6_15", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1030532756", 
              "https://doi.org/10.1007/978-3-319-50463-6_15"
            ], 
            "type": "CreativeWork"
          }
        ], 
        "datePublished": "2018-10-25", 
        "datePublishedReg": "2018-10-25", 
        "description": "Mobile computing is conquering human-computer interaction and user Internet access over the last years. At the same time, smartphone devices are equipped with an increasing number of sensors, realizing context awareness, while accompanying their users in their daily life. As a result, these highly sophisticated and multi-modal devices deal with a surprisingly big amount of data, much of which is private and sensitive. To control data access, OSes have special permission mechanisms, often controlled by the users. The Android permission model has radically changed over the last years, in an effort to become more flexible and protect its users more effectively. This work presents a thorough analysis of the new android permission architecture, accompanied with a criticism regarding its advantages and disadvantages based on a number of disclosed security issues.", 
        "genre": "article", 
        "id": "sg:pub.10.1007/s41635-018-0053-2", 
        "inLanguage": "en", 
        "isAccessibleForFree": false, 
        "isFundedItemOf": [
          {
            "id": "sg:grant.3940319", 
            "type": "MonetaryGrant"
          }
        ], 
        "isPartOf": [
          {
            "id": "sg:journal.1290439", 
            "issn": [
              "2509-3428", 
              "2509-3436"
            ], 
            "name": "Journal of Hardware and Systems Security", 
            "publisher": "Springer Nature", 
            "type": "Periodical"
          }, 
          {
            "issueNumber": "1", 
            "type": "PublicationIssue"
          }, 
          {
            "type": "PublicationVolume", 
            "volumeNumber": "3"
          }
        ], 
        "keywords": [
          "security issues", 
          "human-computer interaction", 
          "user Internet access", 
          "multi-modal devices", 
          "Android permission model", 
          "mobile computing", 
          "context awareness", 
          "permission mechanism", 
          "number of sensors", 
          "data access", 
          "permission model", 
          "runtime permissions", 
          "smartphone devices", 
          "Internet access", 
          "big amount", 
          "users", 
          "last years", 
          "computing", 
          "daily life", 
          "Android", 
          "thorough analysis", 
          "architecture", 
          "same time", 
          "access", 
          "devices", 
          "issues", 
          "sensors", 
          "permission", 
          "OS", 
          "advantages", 
          "number", 
          "work", 
          "disadvantages", 
          "model", 
          "efforts", 
          "data", 
          "time", 
          "awareness", 
          "results", 
          "amount", 
          "analysis", 
          "interaction", 
          "mechanism", 
          "years", 
          "life", 
          "criticism", 
          "special permission mechanisms", 
          "new android permission architecture", 
          "android permission architecture", 
          "permission architecture"
        ], 
        "name": "Unravelling Security Issues of Runtime Permissions in Android", 
        "pagination": "45-63", 
        "productId": [
          {
            "name": "dimensions_id", 
            "type": "PropertyValue", 
            "value": [
              "pub.1107828970"
            ]
          }, 
          {
            "name": "doi", 
            "type": "PropertyValue", 
            "value": [
              "10.1007/s41635-018-0053-2"
            ]
          }
        ], 
        "sameAs": [
          "https://doi.org/10.1007/s41635-018-0053-2", 
          "https://app.dimensions.ai/details/publication/pub.1107828970"
        ], 
        "sdDataset": "articles", 
        "sdDatePublished": "2021-11-01T18:33", 
        "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
        "sdPublisher": {
          "name": "Springer Nature - SN SciGraph project", 
          "type": "Organization"
        }, 
        "sdSource": "s3://com-springernature-scigraph/baseset/20211101/entities/gbq_results/article/article_781.jsonl", 
        "type": "ScholarlyArticle", 
        "url": "https://doi.org/10.1007/s41635-018-0053-2"
      }
    ]
     

    Download the RDF metadata as:  json-ld nt turtle xml License info

    HOW TO GET THIS DATA PROGRAMMATICALLY:

    JSON-LD is a popular format for linked data which is fully compatible with JSON.

    curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/s41635-018-0053-2'

    N-Triples is a line-based linked data format ideal for batch operations.

    curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/s41635-018-0053-2'

    Turtle is a human-readable linked data format.

    curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/s41635-018-0053-2'

    RDF/XML is a standard XML format for linked data.

    curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/s41635-018-0053-2'


     

    This table displays all metadata directly associated to this object as RDF triples.

    153 TRIPLES      22 PREDICATES      84 URIs      67 LITERALS      6 BLANK NODES

    Subject Predicate Object
    1 sg:pub.10.1007/s41635-018-0053-2 schema:about anzsrc-for:08
    2 anzsrc-for:0806
    3 schema:author N562bf0419eb1498cb12fe82fd3cdf4cc
    4 schema:citation sg:pub.10.1007/978-3-319-08509-8_5
    5 sg:pub.10.1007/978-3-319-50463-6_15
    6 sg:pub.10.1007/978-3-319-66332-6_15
    7 sg:pub.10.1007/978-3-319-71501-8_4
    8 sg:pub.10.1007/978-3-642-18178-8_30
    9 sg:pub.10.1007/978-3-642-30244-2_4
    10 sg:pub.10.1007/978-3-642-34638-5_6
    11 sg:pub.10.1007/978-3-642-39884-1_12
    12 sg:pub.10.1007/s11416-017-0296-4
    13 schema:datePublished 2018-10-25
    14 schema:datePublishedReg 2018-10-25
    15 schema:description Mobile computing is conquering human-computer interaction and user Internet access over the last years. At the same time, smartphone devices are equipped with an increasing number of sensors, realizing context awareness, while accompanying their users in their daily life. As a result, these highly sophisticated and multi-modal devices deal with a surprisingly big amount of data, much of which is private and sensitive. To control data access, OSes have special permission mechanisms, often controlled by the users. The Android permission model has radically changed over the last years, in an effort to become more flexible and protect its users more effectively. This work presents a thorough analysis of the new android permission architecture, accompanied with a criticism regarding its advantages and disadvantages based on a number of disclosed security issues.
    16 schema:genre article
    17 schema:inLanguage en
    18 schema:isAccessibleForFree false
    19 schema:isPartOf N7e9330653ca540a6b8004d6aa05ab66e
    20 N9dc0d2e86f9442d1974138763446d46a
    21 sg:journal.1290439
    22 schema:keywords Android
    23 Android permission model
    24 Internet access
    25 OS
    26 access
    27 advantages
    28 amount
    29 analysis
    30 android permission architecture
    31 architecture
    32 awareness
    33 big amount
    34 computing
    35 context awareness
    36 criticism
    37 daily life
    38 data
    39 data access
    40 devices
    41 disadvantages
    42 efforts
    43 human-computer interaction
    44 interaction
    45 issues
    46 last years
    47 life
    48 mechanism
    49 mobile computing
    50 model
    51 multi-modal devices
    52 new android permission architecture
    53 number
    54 number of sensors
    55 permission
    56 permission architecture
    57 permission mechanism
    58 permission model
    59 results
    60 runtime permissions
    61 same time
    62 security issues
    63 sensors
    64 smartphone devices
    65 special permission mechanisms
    66 thorough analysis
    67 time
    68 user Internet access
    69 users
    70 work
    71 years
    72 schema:name Unravelling Security Issues of Runtime Permissions in Android
    73 schema:pagination 45-63
    74 schema:productId Na4456af6fad54dbf8cd83538ccebeef4
    75 Nb5ef14f3a2764da8bd57942eef6c19b7
    76 schema:sameAs https://app.dimensions.ai/details/publication/pub.1107828970
    77 https://doi.org/10.1007/s41635-018-0053-2
    78 schema:sdDatePublished 2021-11-01T18:33
    79 schema:sdLicense https://scigraph.springernature.com/explorer/license/
    80 schema:sdPublisher Nf8226f689a074cd1b4ebfa20ed1bb31c
    81 schema:url https://doi.org/10.1007/s41635-018-0053-2
    82 sgo:license sg:explorer/license/
    83 sgo:sdDataset articles
    84 rdf:type schema:ScholarlyArticle
    85 N06d30b62e352425b9a8dd3f4ec9d6d49 rdf:first sg:person.014242524451.59
    86 rdf:rest rdf:nil
    87 N562bf0419eb1498cb12fe82fd3cdf4cc rdf:first sg:person.015577045277.19
    88 rdf:rest N06d30b62e352425b9a8dd3f4ec9d6d49
    89 N7e9330653ca540a6b8004d6aa05ab66e schema:issueNumber 1
    90 rdf:type schema:PublicationIssue
    91 N9dc0d2e86f9442d1974138763446d46a schema:volumeNumber 3
    92 rdf:type schema:PublicationVolume
    93 Na4456af6fad54dbf8cd83538ccebeef4 schema:name doi
    94 schema:value 10.1007/s41635-018-0053-2
    95 rdf:type schema:PropertyValue
    96 Nb5ef14f3a2764da8bd57942eef6c19b7 schema:name dimensions_id
    97 schema:value pub.1107828970
    98 rdf:type schema:PropertyValue
    99 Nf8226f689a074cd1b4ebfa20ed1bb31c schema:name Springer Nature - SN SciGraph project
    100 rdf:type schema:Organization
    101 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
    102 schema:name Information and Computing Sciences
    103 rdf:type schema:DefinedTerm
    104 anzsrc-for:0806 schema:inDefinedTermSet anzsrc-for:
    105 schema:name Information Systems
    106 rdf:type schema:DefinedTerm
    107 sg:grant.3940319 http://pending.schema.org/fundedItem sg:pub.10.1007/s41635-018-0053-2
    108 rdf:type schema:MonetaryGrant
    109 sg:journal.1290439 schema:issn 2509-3428
    110 2509-3436
    111 schema:name Journal of Hardware and Systems Security
    112 schema:publisher Springer Nature
    113 rdf:type schema:Periodical
    114 sg:person.014242524451.59 schema:affiliation grid-institutes:grid.4463.5
    115 schema:familyName Patsakis
    116 schema:givenName Constantinos
    117 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014242524451.59
    118 rdf:type schema:Person
    119 sg:person.015577045277.19 schema:affiliation grid-institutes:grid.4463.5
    120 schema:familyName Alepis
    121 schema:givenName Efthimios
    122 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015577045277.19
    123 rdf:type schema:Person
    124 sg:pub.10.1007/978-3-319-08509-8_5 schema:sameAs https://app.dimensions.ai/details/publication/pub.1035961984
    125 https://doi.org/10.1007/978-3-319-08509-8_5
    126 rdf:type schema:CreativeWork
    127 sg:pub.10.1007/978-3-319-50463-6_15 schema:sameAs https://app.dimensions.ai/details/publication/pub.1030532756
    128 https://doi.org/10.1007/978-3-319-50463-6_15
    129 rdf:type schema:CreativeWork
    130 sg:pub.10.1007/978-3-319-66332-6_15 schema:sameAs https://app.dimensions.ai/details/publication/pub.1092165462
    131 https://doi.org/10.1007/978-3-319-66332-6_15
    132 rdf:type schema:CreativeWork
    133 sg:pub.10.1007/978-3-319-71501-8_4 schema:sameAs https://app.dimensions.ai/details/publication/pub.1092867567
    134 https://doi.org/10.1007/978-3-319-71501-8_4
    135 rdf:type schema:CreativeWork
    136 sg:pub.10.1007/978-3-642-18178-8_30 schema:sameAs https://app.dimensions.ai/details/publication/pub.1018279739
    137 https://doi.org/10.1007/978-3-642-18178-8_30
    138 rdf:type schema:CreativeWork
    139 sg:pub.10.1007/978-3-642-30244-2_4 schema:sameAs https://app.dimensions.ai/details/publication/pub.1041452416
    140 https://doi.org/10.1007/978-3-642-30244-2_4
    141 rdf:type schema:CreativeWork
    142 sg:pub.10.1007/978-3-642-34638-5_6 schema:sameAs https://app.dimensions.ai/details/publication/pub.1036892534
    143 https://doi.org/10.1007/978-3-642-34638-5_6
    144 rdf:type schema:CreativeWork
    145 sg:pub.10.1007/978-3-642-39884-1_12 schema:sameAs https://app.dimensions.ai/details/publication/pub.1017031502
    146 https://doi.org/10.1007/978-3-642-39884-1_12
    147 rdf:type schema:CreativeWork
    148 sg:pub.10.1007/s11416-017-0296-4 schema:sameAs https://app.dimensions.ai/details/publication/pub.1084519602
    149 https://doi.org/10.1007/s11416-017-0296-4
    150 rdf:type schema:CreativeWork
    151 grid-institutes:grid.4463.5 schema:alternateName Department of Informatics, University of Piraeus, 80, Karaoli, Dimitriou, 18534, Piraeus, Greece
    152 schema:name Department of Informatics, University of Piraeus, 80, Karaoli, Dimitriou, 18534, Piraeus, Greece
    153 rdf:type schema:Organization
     




    Preview window. Press ESC to close (or click here)


    ...