Custom permission misconfigurations in Android : A Large-scale security analysis
Android’s popularity is due to its openness and vast app ecosystem. Global developers can use Android Studio and rich Android APIs to create their apps. Within this ecosystem, Android permissions play a crucial role in managing access to resources, with system permissions controlled by system apps a...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2024
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/9856 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-10856 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-108562024-12-24T02:24:02Z Custom permission misconfigurations in Android : A Large-scale security analysis LI, Rui DIAO, Wenrui GAO, Debin Android’s popularity is due to its openness and vast app ecosystem. Global developers can use Android Studio and rich Android APIs to create their apps. Within this ecosystem, Android permissions play a crucial role in managing access to resources, with system permissions controlled by system apps and custom permissions declared by third-party apps. However, the security of custom permissions has not received enough attention from the mobile security community, resulting in a lack of thorough evaluation of security practices for app developers using custom permissions. This study systematically evaluated the misconfiguration of custom permissions by Android app developers. It is based on ten configuration guidelines derived from the Android development documentation, OS source code, and related research papers to ensure proper functioning and adherence to best security practices of custom permissions. The study established the corresponding violation rules and built a dataset containing 174,740 APK files for large-scale measurement and analysis of guideline violations. The measurement results indicate that misconfiguration of custom permissions by Android app developers is quite common, with approximately 29.02% of the 92,461 apps involving custom permissions having configuration guideline violations. The two most common errors in custom permission configuration are 1) putting custom permissions into a defective custom group and 2) protecting components with undeclared custom permissions. Such misconfigurations can lead to various issues, including private app data leaks, app installation failures, or incomplete implementation of app functions. 2024-12-17T08:00:00Z text https://ink.library.smu.edu.sg/sis_research/9856 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Android permissions Android mobile security Customs permissions configurations Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Android permissions Android mobile security Customs permissions configurations Information Security |
| spellingShingle |
Android permissions Android mobile security Customs permissions configurations Information Security LI, Rui DIAO, Wenrui GAO, Debin Custom permission misconfigurations in Android : A Large-scale security analysis |
| description |
Android’s popularity is due to its openness and vast app ecosystem. Global developers can use Android Studio and rich Android APIs to create their apps. Within this ecosystem, Android permissions play a crucial role in managing access to resources, with system permissions controlled by system apps and custom permissions declared by third-party apps. However, the security of custom permissions has not received enough attention from the mobile security community, resulting in a lack of thorough evaluation of security practices for app developers using custom permissions. This study systematically evaluated the misconfiguration of custom permissions by Android app developers. It is based on ten configuration guidelines derived from the Android development documentation, OS source code, and related research papers to ensure proper functioning and adherence to best security practices of custom permissions. The study established the corresponding violation rules and built a dataset containing 174,740 APK files for large-scale measurement and analysis of guideline violations. The measurement results indicate that misconfiguration of custom permissions by Android app developers is quite common, with approximately 29.02% of the 92,461 apps involving custom permissions having configuration guideline violations. The two most common errors in custom permission configuration are 1) putting custom permissions into a defective custom group and 2) protecting components with undeclared custom permissions. Such misconfigurations can lead to various issues, including private app data leaks, app installation failures, or incomplete implementation of app functions. |
| format |
text |
| author |
LI, Rui DIAO, Wenrui GAO, Debin |
| author_facet |
LI, Rui DIAO, Wenrui GAO, Debin |
| author_sort |
LI, Rui |
| title |
Custom permission misconfigurations in Android : A Large-scale security analysis |
| title_short |
Custom permission misconfigurations in Android : A Large-scale security analysis |
| title_full |
Custom permission misconfigurations in Android : A Large-scale security analysis |
| title_fullStr |
Custom permission misconfigurations in Android : A Large-scale security analysis |
| title_full_unstemmed |
Custom permission misconfigurations in Android : A Large-scale security analysis |
| title_sort |
custom permission misconfigurations in android : a large-scale security analysis |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2024 |
| url |
https://ink.library.smu.edu.sg/sis_research/9856 |
| _version_ |
1820027800819597312 |