A Study of Android Security Vulnerabilities and Their Future Prospects

Albandari Alsumayt, Heba Elbeh, Mohamed Elkawkagy, Zeyad Alfawaer, Fatemah H. Alghamedy, Majid Alshammari, Sumayh S. Aljameel, Sarah Albassam, Shahad AlGhareeb, Khadijah Alamoudi

Abstract


Nowadays, smartphones are used for various activities, including checking emails, paying bills, and playing games, which have become essential parts of daily life. Also, IoT devices can be managed and controlled using applications. While applications can provide numerous benefits, they have also led to several security risks, such as theft of data, eavesdropping, compromised data, and denial-of-service attacks. This study examines security breaches, attacks targeting Android system applications, and vulnerabilities present at every layer of the Android architecture. Additionally, the study aims to compare and evaluate various treatment methods to identify their advantages and disadvantages. Furthermore, the study aims to examine Android's architecture for weaknesses that might lead to app vulnerabilities and potential attacks. To achieve the objectives of this study, a comprehensive analysis of security breaches and attacks targeting Android system applications will be conducted. Various treatment methods will be compared and evaluated through rigorous examination. Additionally, Android's architecture will be thoroughly examined to identify potential weaknesses and vulnerabilities. The analysis will focus on identifying the security risks associated with the use of applications on smartphones and IoT devices. The vulnerabilities present at every layer of the Android architecture will also be analyzed. Furthermore, the advantages and disadvantages of various treatment methods will be assessed. The findings of this study will reveal the various security risks, vulnerabilities, and potential weaknesses present in Android system applications and the Android architecture. The advantages and disadvantages of different treatment methods will also be highlighted. This study contributes to the development of more precise and robust security measures for Android, aiming to mitigate security breaches, attacks, and vulnerabilities. By identifying weaknesses and vulnerabilities, this study provides valuable insights for improving the overall security of Android system applications.

 

Doi: 10.28991/HIJ-2024-05-03-020

Full Text: PDF


Keywords


DoS; Android; Internet of Things; IoT; Security; Attacks; Detection.

References


Albakri, A., Alhayan, F., Alturki, N., Ahamed, S., & Shamsudheen, S. (2023). Metaheuristics with Deep Learning Model for Cybersecurity and Android Malware Detection and Classification. Applied Sciences (Switzerland), 13(4), 2172. doi:10.3390/app13042172.

Verawati, A., Agustito, D., Pusporini, W., Utami, W. B., & Widodo, S. A. (2022). Designing Android learning media to improve problem-solving skills of ratio. Advances in Mobile Learning Educational Research, 2(1), 216–224. doi:10.25082/amler.2022.01.005.

Wilks, C. R., Gurtovenko, K., Rebmann, K., Williamson, J., Lovell, J., & Wasil, A. R. (2021). A systematic review of dialectical behavior therapy mobile apps for content and usability. Borderline Personality Disorder and Emotion Dysregulation, 8(1), 1–13. doi:10.1186/s40479-021-00167-5.

Mahor, V., Pachlasiya, K., Garg, B., Chouhan, M., Telang, S., & Rawat, R. (2022). Mobile Operating System (Android) Vulnerability Analysis Using Machine Learning. Lecture Notes in Networks and Systems, 481 LNNS, 159–169. doi:10.1007/978-981-19-3182-6_13.

Senanayake, J., Kalutarage, H., Al-Kadri, M. O., Petrovski, A., & Piras, L. (2023). Android Source Code Vulnerability Detection: A Systematic Literature Review. ACM Computing Surveys, 55(9), 1–37. doi:10.1145/3556974.

Saraswat, P. (2023). An inclusive analysis of Google’s android operating system and its security. AIP Conference Proceedings, 2427(1), 101614. doi:10.1063/5.0101614.

Sharma, T., & Rattan, D. (2023). Android Malwares with Their Characteristics and Threats. Lecture Notes in Networks and Systems, 588, 1–11. doi:10.1007/978-981-19-7982-8_1.

Yadav, C. S., Singh, J., Yadav, A., Pattanayak, H. S., Kumar, R., Khan, A. A., Haq, M. A., Alhussen, A., & Alharby, S. (2022). Malware Analysis in IoT & Android Systems with Defensive Mechanism. Electronics (Switzerland), 11(15), 2354. doi:10.3390/electronics11152354.

Nouman, N., Noreen, Z., & Naz, F. (2022). Vulnerabilities in Android OS: Challenges and Mitigation Techniques. Lecture Notes in Networks and Systems, 454 LNNS, 256–266. doi:10.1007/978-3-031-01942-5_25.

Ullah, S., Ahmad, T., Buriro, A., Zara, N., & Saha, S. (2022). TrojanDetector: A Multi-Layer Hybrid Approach for Trojan Detection in Android Applications. Applied Sciences (Switzerland), 12(21), 10755. doi:10.3390/app122110755.

Alkahtani, H., & Aldhyani, T. H. H. (2022). Artificial Intelligence Algorithms for Malware Detection in Android‐Operated Mobile Devices. Sensors, 22(6), 2268. doi:10.3390/s22062268.

Roshanaei, M. (2024). Enhancing Mobile Security through Comprehensive Penetration Testing. Journal of Information Security, 15(02), 63–86. doi:10.4236/jis.2024.152006.

Kusreynada, S. U., & Barkah, A. S. (2024). Android Apps Vulnerability Detection with Static and Dynamic Analysis Approach using MOBSF. Journal of Computer Science and Engineering (JCSE), 5(1), 46–63. doi:10.36596/jcse.v5i1.789.

Schiller, E., Aidoo, A., Fuhrer, J., Stahl, J., Ziörjen, M., & Stiller, B. (2022). Landscape of IoT security. Computer Science Review, 44, 100467. doi:10.1016/j.cosrev.2022.100467.

Cirne, A., Sousa, P. R., Resende, J. S., & Antunes, L. (2022). IoT security certifications: Challenges and potential approaches. Computers and Security, 116, 102669. doi:10.1016/j.cose.2022.102669.

Cho, T., Kim, H., & Yi, J. H. (2017). Security Assessment of Code Obfuscation Based on Dynamic Monitoring in Android Things. IEEE Access, 5, 6361–6371. doi:10.1109/ACCESS.2017.2693388.

Novac, O. C., Novac, M., Gordan, C., Berczes, T., & Bujdoso, G. (2017). Comparative study of Google Android, Apple iOS and Microsoft Windows Phone mobile operating systems. 2017 14th International Conference on Engineering of Modern Electric Systems, EMES 2017, 154–159. doi:10.1109/EMES.2017.7980403.

Rani, S. V. J., Ioannou, I. I., Nagaradjane, P., Christophorou, C., Vassiliou, V., Yarramsetti, H., Shridhar, S., Balaji, L. M., & Pitsillides, A. (2023). A Novel Deep Hierarchical Machine Learning Approach for Identification of Known and Unknown Multiple Security Attacks in a D2D Communications Network. IEEE Access, 11, 95161–95194. doi:10.1109/ACCESS.2023.3308036.

Romdhana, A., Merlo, A., Ceccato, M., & Tonella, P. (2023). Assessing the security of inter-app communications in android through reinforcement learning. Computers and Security, 131, 103311. doi:10.1016/j.cose.2023.103311.

Palamà, I., Amici, A., Bellicini, G., Gringoli, F., Pedretti, F., & Bianchi, G. (2023). Attacks and vulnerabilities of Wi-Fi Enterprise networks: User security awareness assessment through credential stealing attack experiments. Computer Communications, 212, 129–140. doi:10.1016/j.comcom.2023.09.031.

Karagiannis, S., Ribeiro, L. L., Ntantogian, C., Magkos, E., & Campos, L. M. (2023). Chidroid: A Mobile Android Application for Log Collection and Security Analysis in Healthcare and IoMT. Applied Sciences (Switzerland), 13(5), 3061. doi:10.3390/app13053061.

Gómez, A., & Muñoz, A. (2023). Deep Learning-Based Attack Detection and Classification in Android Devices. Electronics (Switzerland), 12(15), 3253. doi:10.3390/electronics12153253.

Rani, S. V. J., Ioannou, I., Nagaradjane, P., Christophorou, C., Vassiliou, V., Charan, S., Prakash, S., Parekh, N., & Pitsillides, A. (2023). Detection of DDoS attacks in D2D communications using machine learning approach. Computer Communications, 198, 32–51. doi:10.1016/j.comcom.2022.11.013.

Wong, A. Y., Chekole, E. G., Ochoa, M., & Zhou, J. (2023). On the Security of Containers: Threat Modeling, Attack Analysis, and Mitigation Strategies. Computers and Security, 128, 103140. doi:10.1016/j.cose.2023.103140.

Chimuco, F. T., Sequeiros, J. B. F., Lopes, C. G., Simões, T. M. C., Freire, M. M., & Inácio, P. R. M. (2023). Secure cloud-based mobile apps: attack taxonomy, requirements, mechanisms, tests and automation. International Journal of Information Security, 22(4), 833–867. doi:10.1007/s10207-023-00669-z.

Bhurtel, M., & Rawat, D. B. (2023). Unveiling the Landscape of Operating System Vulnerabilities. Future Internet, 15(7), 248. doi:10.3390/fi15070248.

Sun, P., Chen, S., Fan, L., Gao, P., Song, F., & Yang, M. (2023). VenomAttack: automated and adaptive activity hijacking in Android. Frontiers of Computer Science, 17(1), 171801. doi:10.1007/s11704-021-1126-x.

Noor, Z., Hina, S., Hayat, F., & Shah, G. A. (2023). An intelligent context-aware threat detection and response model for smart cyber-physical systems. Internet of Things (Netherlands), 23, 100843. doi:10.1016/j.iot.2023.100843.

Bella, G., Biondi, P., Bognanni, S., & Esposito, S. (2023). PETIoT: PEnetration Testing the Internet of Things. Internet of Things (Netherlands), 22, 100707. doi:10.1016/j.iot.2023.100707.

Schmitt, M. (2023). Securing the digital world: Protecting smart infrastructures and digital industries with artificial intelligence (AI)-enabled malware and intrusion detection. Journal of Industrial Information Integration, 36, 100520. doi:10.1016/j.jii.2023.100520.

Bojjagani, S., Seelam, N. R., Sharma, N. K., Uyyala, R., Akuri, S. R. C. M., & Maurya, A. K. (2023). The use of IoT-based wearable devices to ensure secure lightweight payments in FinTech applications. Journal of King Saud University - Computer and Information Sciences, 35(9), 101785. doi:10.1016/j.jksuci.2023.101785.

Tripathi, H., Nazir, I., & Singh, S. P. (2021). Android Patient Tracker. EasyChair Preprint, No. 5843, 1-6.

Fajar, A. N., Limonthy, S., Handopo, J. J., Purnawan, F., & Kesuma, A. E. (2023). System Architecture for IT Talent Ecosystem Using Service Oriented Approach. HighTech and Innovation Journal, 4(4), 739-748. doi:10.28991/HIJ-2023-04-04-03.

Sulistyo, W., & Kurniawan, B. (2020). The development of 'JEGER' application using Android platform as history learning media and model. International Journal of Emerging Technologies in Learning (iJET), 15(7), 110-122.

Lopes, J., Serrão, C., Nunes, L., Almeida, A., & Oliveira, J. (2019). Overview of machine learning methods for Android malware identification. 7th International Symposium on Digital Forensics and Security, ISDFS 2019, 1–6. doi:10.1109/ISDFS.2019.8757523.

Sarkar, A., Goyal, A., Hicks, D., Sarkar, D., & Hazra, S. (2019). Android Application Development: A Brief Overview of Android Platforms and Evolution of Security Systems. Proceedings of the 3rd International Conference on I-SMAC IoT in Social, Mobile, Analytics and Cloud, I-SMAC 2019, 73–79. doi:10.1109/I-SMAC47947.2019.9032440.

Wang, X., & Li, C. (2021). Android malware detection through machine learning on kernel task structures. Neurocomputing, 435, 126–150. doi:10.1016/j.neucom.2020.12.088.

Albakri, A., Fatima, H., Mohammed, M., Ahmed, A., Ali, A., Ali, A., & Elzein, N. M. (2022). Survey on Reverse-Engineering Tools for Android Mobile Devices. Mathematical Problems in Engineering, 2022, 1–7. doi:10.1155/2022/4908134.

Shaheen, J. A., Asghar, M. A., & Hussain, A. (2017). Android OS with its Architecture and Android Application with Dalvik Virtual Machine Review. International Journal of Multimedia and Ubiquitous Engineering, 12(7), 19–30. doi:10.14257/ijmue.2017.12.7.03.

Sutter, T., Kehrer, T., Rennhard, M., Tellenbach, B., & Klein, J. (2024). Dynamic Security Analysis on Android: A Systematic Literature Review. IEEE Access, 12, 57261–57287. doi:10.1109/ACCESS.2024.3390612.

Miltenberger, M., & Arzt, S. (2024). Precisely Extracting Complex Variable Values from Android Apps. ACM Transactions on Software Engineering and Methodology, 33(5). doi:10.1145/3649591.

Zhou, W., Yongzhi, Y., & Wang, J. (2022). Dynamic Class Generating and Loading Technology in Android Web Application. 2022 International Symposium on Networks, Computers and Communications, ISNCC 2022, 1–6. doi:10.1109/ISNCC55209.2022.9851782.

Garg, S., & Baliyan, N. (2024). Mobile OS Vulnerabilities: Quantitative and Qualitative Analysis. CRC Press, Florida, United States. doi:10.1201/9781003354574.

Sharma, T., & Rattan, D. (2021). Malicious application detection in android - A systematic literature review. Computer Science Review, 40, 100373. doi:10.1016/j.cosrev.2021.100373.

Ejiyi, C. J., Deng, J., Ejiyi, T. U., Salako, A. A., Ejiyi, M. B., & Anomihe, C. G. (2021). Design and Development of Android Application for Educational Institutes. Journal of Physics: Conference Series, 1769(1), 12066. doi:10.1088/1742-6596/1769/1/012066.

Dawoud, A., & Bugiel, S. (2021). Bringing Balance to the Force: Dynamic Analysis of the Android Application Framework. 28th Annual Network and Distributed System Security Symposium, NDSS 2021. doi:10.14722/ndss.2021.23106.

Shewale, H., Patil, S., Deshmukh, V., & Singh, P. (2014). Analysis of Android Vulnerabilities and Modern Exploitation Techniques. ICTACT Journal on Communication Technology, 05(01), 863–867. doi:10.21917/ijct.2014.0122.

Razgallah, A., Khoury, R., Hallé, S., & Khanmohammadi, K. (2021). A survey of malware detection in Android apps: Recommendations and perspectives for future research. Computer Science Review, 39, 100358. doi:10.1016/j.cosrev.2020.100358.

Bhat, P., & Dutta, K. (2019). A survey on various threats and current state of security in android platform. ACM Computing Surveys, 52(1), 1–35. doi:10.1145/3301285.

Rana, A. (2021). An overview of android operating system. Academicia: An International Multidisciplinary Research Journal, 11(10), 668-674. doi:10.5958/2249-7137.2021.02115.7.

Heuser, S., Negro, M., Pendyala, P. K., & Sadeghi, A. R. (2017). DroidAuditor: Forensic analysis of application-layer privilege escalation attacks on android (short paper). Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 9603 LNCS, 260–268. doi:10.1007/978-3-662-54970-4_15.

Damodaran, A., Troia, F. Di, Visaggio, C. A., Austin, T. H., & Stamp, M. (2017). A comparison of static, dynamic, and hybrid analysis for malware detection. Journal of Computer Virology and Hacking Techniques, 13(1), 1–12. doi:10.1007/s11416-015-0261-z.

Ashawa, M., & Morris, S. (2019). Analysis of Android Malware Detection Techniques: A Systematic Review. International Journal of Cyber-Security and Digital Forensics, 8(3), 177–187. doi:10.17781/p002605.

Possemato, A., Nisi, D., & Fratantonio, Y. (2021). Preventing and Detecting State Inference Attacks on Android. In 28th Annual Network and Distributed System Security Symposium, NDSS 2021. doi:10.14722/ndss.2021.24479.

Pan, Y., Ge, X., Fang, C., & Fan, Y. (2020). A Systematic Literature Review of Android Malware Detection Using Static Analysis. IEEE Access, 8, 116363–116379. doi:10.1109/ACCESS.2020.3002842.

Onyedeke, O. C., Elmissaoui, T., Okoronkwo, M. C., Ugwuishiwu, C. H., & Onyebuchi, O. B. (2020). Signature based Network Intrusion Detection System using Feature Selection on Android. International Journal of Advanced Computer Science and Applications, 11(6), 551-558.

Zheng, M., Sun, M., & Lui, J. C. S. (2013). Droid analytics: A signature based analytic system to collect, extract, analyze and associate android malware. Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013, 163–171. doi:10.1109/TrustCom.2013.25.

Şahin, D. Ö., Kural, O. E., Akleylek, S., & Kılıç, E. (2023). A novel permission-based Android malware detection system using feature selection based on linear regression. Neural Computing and Applications, 35(7), 4903–4918. doi:10.1007/s00521-021-05875-1.

Samra, A. A. A., Qunoo, H. N., Al-Rubaie, F., & El-Talli, H. (2019). A survey of static android malware detection techniques. IEEE 7th Palestinian International Conference on Electrical and Computer Engineering, PICECE 2019, 1–6. doi:10.1109/PICECE.2019.8747224.

Dahri, K. A., Vighio, M. S., & Zardari, B. A. (2021). Detection and Prevention of Malware in Android Operating System. Mehran University Research Journal of Engineering and Technology, 40(4), 847–859. doi:10.22581/muet1982.2104.14.

Chao, W., Qun, L., Xiaohu, W., Tianyu, R., Jiahan, D., Guangxin, G., & Enjie, S. (2020). An Android Application Vulnerability Mining Method Based on Static and Dynamic Analysis. Proceedings of 2020 IEEE 5th Information Technology and Mechatronics Engineering Conference, ITOEC 2020, 599–603. doi:10.1109/ITOEC49072.2020.9141575.

Gaharwar, R. S., & Gupta, R. (2020). Android data leakage and anomaly-based Intrusion detection System. 2nd International Conference on Data, Engineering and Applications, IDEA 2020, 1–5. doi:10.1109/IDEA49133.2020.9170738.

Luo, L., Bodden, E., & Spath, J. (2019). A qualitative analysis of android taint-analysis results. Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019, 102–114. doi:10.1109/ASE.2019.00020.

Sinha, A., Di Troia, F., Heller, P., & Stamp, M. (2021). Emulation Versus Instrumentation for Android Malware Detection. Advanced Sciences and Technologies for Security Applications, 1–20. doi:10.1007/978-3-030-60425-7_1.

Ding, C., Luktarhan, N., Lu, B., & Zhang, W. (2021). A hybrid analysis-based approach to android malware family classification. Entropy, 23(8), 1009. doi:10.3390/e23081009.

Amin, M., Shah, B., Sharif, A., Ali, T., Kim, K. Il, & Anwar, S. (2022). Android malware detection through generative adversarial networks. Transactions on Emerging Telecommunications Technologies, 33(2), 3675. doi:10.1002/ett.3675.

Ali-Gombe, A. I., Saltaformaggio, B., Ramanujam “Ram,” J. R., Xu, D., & Richard, G. G. (2018). Toward a more dependable hybrid analysis of android malware using aspect-oriented programming. Computers and Security, 73, 235–248. doi:10.1016/j.cose.2017.11.006.

Xu, L., Zhang, D., Jayasena, N., & Cavazos, J. (2018). HADM: Hybrid Analysis for Detection of Malware. Lecture Notes in Networks and Systems, 16, 702–724. doi:10.1007/978-3-319-56991-8_51.

Naway, A., & Li, Y. (2019). Using deep neural network for Android malware detection. arXiv preprint arXiv:1904.00736. doi:10.48550/arXiv.1904.00736.

Roy, R., Dutta, S., Biswas, S., & Banerjee, J. S. (2020). Android things: A comprehensive solution from things to smart display and speaker. Lecture Notes in Networks and Systems, 116, 339–352. doi:10.1007/978-981-15-3020-3_31.

Zhang, Z., Zhang, H., Qian, Z., & Lau, B. (2021). An investigation of the Android kernel patch ecosystem. Proceedings of the 30th USENIX Security Symposium, 3649–3666.

Bhatia, T., & Kaushal, R. (2017). Malware detection in android based on dynamic analysis. 2017 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2017, 1–6. doi:10.1109/CyberSecPODS.2017.8074847.

Choudhary, M., & Kishore, B. (2018). HAAMD: Hybrid Analysis for Android Malware Detection. 2018 International Conference on Computer Communication and Informatics, ICCCI 2018, 1–4. doi:10.1109/ICCCI.2018.8441295.

Siddiqui, S., & Khan, T. A. (2024). An Overview of Techniques for Obfuscated Android Malware Detection. SN Computer Science, 5(4), 1–24. doi:10.1007/s42979-024-02637-3.


Full Text: PDF

DOI: 10.28991/HIJ-2024-05-03-020

Refbacks

  • There are currently no refbacks.


Copyright (c) 2024 Albandari Alsumayt, Heba Elbeh, Mohamed Elkawkagy, Zeyad AlFawaer, Fatemah H. Alghamedy, Majid Alshammari, Sumayh S. Aljameel, Sarah Albassam, Shahad AlGhareeb, Khadijah Alamoudi