A Study of Android Security Vulnerabilities and Their Future Prospects
Abstract
Doi: 10.28991/HIJ-2024-05-03-020
Full Text: PDF
Keywords
References
Albakri, A., Alhayan, F., Alturki, N., Ahamed, S., & Shamsudheen, S. (2023). Metaheuristics with Deep Learning Model for Cybersecurity and Android Malware Detection and Classification. Applied Sciences (Switzerland), 13(4), 2172. doi:10.3390/app13042172.
Verawati, A., Agustito, D., Pusporini, W., Utami, W. B., & Widodo, S. A. (2022). Designing Android learning media to improve problem-solving skills of ratio. Advances in Mobile Learning Educational Research, 2(1), 216–224. doi:10.25082/amler.2022.01.005.
Wilks, C. R., Gurtovenko, K., Rebmann, K., Williamson, J., Lovell, J., & Wasil, A. R. (2021). A systematic review of dialectical behavior therapy mobile apps for content and usability. Borderline Personality Disorder and Emotion Dysregulation, 8(1), 1–13. doi:10.1186/s40479-021-00167-5.
Mahor, V., Pachlasiya, K., Garg, B., Chouhan, M., Telang, S., & Rawat, R. (2022). Mobile Operating System (Android) Vulnerability Analysis Using Machine Learning. Lecture Notes in Networks and Systems, 481 LNNS, 159–169. doi:10.1007/978-981-19-3182-6_13.
Senanayake, J., Kalutarage, H., Al-Kadri, M. O., Petrovski, A., & Piras, L. (2023). Android Source Code Vulnerability Detection: A Systematic Literature Review. ACM Computing Surveys, 55(9), 1–37. doi:10.1145/3556974.
Saraswat, P. (2023). An inclusive analysis of Google’s android operating system and its security. AIP Conference Proceedings, 2427(1), 101614. doi:10.1063/5.0101614.
Sharma, T., & Rattan, D. (2023). Android Malwares with Their Characteristics and Threats. Lecture Notes in Networks and Systems, 588, 1–11. doi:10.1007/978-981-19-7982-8_1.
Yadav, C. S., Singh, J., Yadav, A., Pattanayak, H. S., Kumar, R., Khan, A. A., Haq, M. A., Alhussen, A., & Alharby, S. (2022). Malware Analysis in IoT & Android Systems with Defensive Mechanism. Electronics (Switzerland), 11(15), 2354. doi:10.3390/electronics11152354.
Nouman, N., Noreen, Z., & Naz, F. (2022). Vulnerabilities in Android OS: Challenges and Mitigation Techniques. Lecture Notes in Networks and Systems, 454 LNNS, 256–266. doi:10.1007/978-3-031-01942-5_25.
Ullah, S., Ahmad, T., Buriro, A., Zara, N., & Saha, S. (2022). TrojanDetector: A Multi-Layer Hybrid Approach for Trojan Detection in Android Applications. Applied Sciences (Switzerland), 12(21), 10755. doi:10.3390/app122110755.
Alkahtani, H., & Aldhyani, T. H. H. (2022). Artificial Intelligence Algorithms for Malware Detection in Android‐Operated Mobile Devices. Sensors, 22(6), 2268. doi:10.3390/s22062268.
Roshanaei, M. (2024). Enhancing Mobile Security through Comprehensive Penetration Testing. Journal of Information Security, 15(02), 63–86. doi:10.4236/jis.2024.152006.
Kusreynada, S. U., & Barkah, A. S. (2024). Android Apps Vulnerability Detection with Static and Dynamic Analysis Approach using MOBSF. Journal of Computer Science and Engineering (JCSE), 5(1), 46–63. doi:10.36596/jcse.v5i1.789.
Schiller, E., Aidoo, A., Fuhrer, J., Stahl, J., Ziörjen, M., & Stiller, B. (2022). Landscape of IoT security. Computer Science Review, 44, 100467. doi:10.1016/j.cosrev.2022.100467.
Cirne, A., Sousa, P. R., Resende, J. S., & Antunes, L. (2022). IoT security certifications: Challenges and potential approaches. Computers and Security, 116, 102669. doi:10.1016/j.cose.2022.102669.
Cho, T., Kim, H., & Yi, J. H. (2017). Security Assessment of Code Obfuscation Based on Dynamic Monitoring in Android Things. IEEE Access, 5, 6361–6371. doi:10.1109/ACCESS.2017.2693388.
Novac, O. C., Novac, M., Gordan, C., Berczes, T., & Bujdoso, G. (2017). Comparative study of Google Android, Apple iOS and Microsoft Windows Phone mobile operating systems. 2017 14th International Conference on Engineering of Modern Electric Systems, EMES 2017, 154–159. doi:10.1109/EMES.2017.7980403.
Rani, S. V. J., Ioannou, I. I., Nagaradjane, P., Christophorou, C., Vassiliou, V., Yarramsetti, H., Shridhar, S., Balaji, L. M., & Pitsillides, A. (2023). A Novel Deep Hierarchical Machine Learning Approach for Identification of Known and Unknown Multiple Security Attacks in a D2D Communications Network. IEEE Access, 11, 95161–95194. doi:10.1109/ACCESS.2023.3308036.
Romdhana, A., Merlo, A., Ceccato, M., & Tonella, P. (2023). Assessing the security of inter-app communications in android through reinforcement learning. Computers and Security, 131, 103311. doi:10.1016/j.cose.2023.103311.
Palamà, I., Amici, A., Bellicini, G., Gringoli, F., Pedretti, F., & Bianchi, G. (2023). Attacks and vulnerabilities of Wi-Fi Enterprise networks: User security awareness assessment through credential stealing attack experiments. Computer Communications, 212, 129–140. doi:10.1016/j.comcom.2023.09.031.
Karagiannis, S., Ribeiro, L. L., Ntantogian, C., Magkos, E., & Campos, L. M. (2023). Chidroid: A Mobile Android Application for Log Collection and Security Analysis in Healthcare and IoMT. Applied Sciences (Switzerland), 13(5), 3061. doi:10.3390/app13053061.
Gómez, A., & Muñoz, A. (2023). Deep Learning-Based Attack Detection and Classification in Android Devices. Electronics (Switzerland), 12(15), 3253. doi:10.3390/electronics12153253.
Rani, S. V. J., Ioannou, I., Nagaradjane, P., Christophorou, C., Vassiliou, V., Charan, S., Prakash, S., Parekh, N., & Pitsillides, A. (2023). Detection of DDoS attacks in D2D communications using machine learning approach. Computer Communications, 198, 32–51. doi:10.1016/j.comcom.2022.11.013.
Wong, A. Y., Chekole, E. G., Ochoa, M., & Zhou, J. (2023). On the Security of Containers: Threat Modeling, Attack Analysis, and Mitigation Strategies. Computers and Security, 128, 103140. doi:10.1016/j.cose.2023.103140.
Chimuco, F. T., Sequeiros, J. B. F., Lopes, C. G., Simões, T. M. C., Freire, M. M., & Inácio, P. R. M. (2023). Secure cloud-based mobile apps: attack taxonomy, requirements, mechanisms, tests and automation. International Journal of Information Security, 22(4), 833–867. doi:10.1007/s10207-023-00669-z.
Bhurtel, M., & Rawat, D. B. (2023). Unveiling the Landscape of Operating System Vulnerabilities. Future Internet, 15(7), 248. doi:10.3390/fi15070248.
Sun, P., Chen, S., Fan, L., Gao, P., Song, F., & Yang, M. (2023). VenomAttack: automated and adaptive activity hijacking in Android. Frontiers of Computer Science, 17(1), 171801. doi:10.1007/s11704-021-1126-x.
Noor, Z., Hina, S., Hayat, F., & Shah, G. A. (2023). An intelligent context-aware threat detection and response model for smart cyber-physical systems. Internet of Things (Netherlands), 23, 100843. doi:10.1016/j.iot.2023.100843.
Bella, G., Biondi, P., Bognanni, S., & Esposito, S. (2023). PETIoT: PEnetration Testing the Internet of Things. Internet of Things (Netherlands), 22, 100707. doi:10.1016/j.iot.2023.100707.
Schmitt, M. (2023). Securing the digital world: Protecting smart infrastructures and digital industries with artificial intelligence (AI)-enabled malware and intrusion detection. Journal of Industrial Information Integration, 36, 100520. doi:10.1016/j.jii.2023.100520.
Bojjagani, S., Seelam, N. R., Sharma, N. K., Uyyala, R., Akuri, S. R. C. M., & Maurya, A. K. (2023). The use of IoT-based wearable devices to ensure secure lightweight payments in FinTech applications. Journal of King Saud University - Computer and Information Sciences, 35(9), 101785. doi:10.1016/j.jksuci.2023.101785.
Tripathi, H., Nazir, I., & Singh, S. P. (2021). Android Patient Tracker. EasyChair Preprint, No. 5843, 1-6.
Fajar, A. N., Limonthy, S., Handopo, J. J., Purnawan, F., & Kesuma, A. E. (2023). System Architecture for IT Talent Ecosystem Using Service Oriented Approach. HighTech and Innovation Journal, 4(4), 739-748. doi:10.28991/HIJ-2023-04-04-03.
Sulistyo, W., & Kurniawan, B. (2020). The development of 'JEGER' application using Android platform as history learning media and model. International Journal of Emerging Technologies in Learning (iJET), 15(7), 110-122.
Lopes, J., Serrão, C., Nunes, L., Almeida, A., & Oliveira, J. (2019). Overview of machine learning methods for Android malware identification. 7th International Symposium on Digital Forensics and Security, ISDFS 2019, 1–6. doi:10.1109/ISDFS.2019.8757523.
Sarkar, A., Goyal, A., Hicks, D., Sarkar, D., & Hazra, S. (2019). Android Application Development: A Brief Overview of Android Platforms and Evolution of Security Systems. Proceedings of the 3rd International Conference on I-SMAC IoT in Social, Mobile, Analytics and Cloud, I-SMAC 2019, 73–79. doi:10.1109/I-SMAC47947.2019.9032440.
Wang, X., & Li, C. (2021). Android malware detection through machine learning on kernel task structures. Neurocomputing, 435, 126–150. doi:10.1016/j.neucom.2020.12.088.
Albakri, A., Fatima, H., Mohammed, M., Ahmed, A., Ali, A., Ali, A., & Elzein, N. M. (2022). Survey on Reverse-Engineering Tools for Android Mobile Devices. Mathematical Problems in Engineering, 2022, 1–7. doi:10.1155/2022/4908134.
Shaheen, J. A., Asghar, M. A., & Hussain, A. (2017). Android OS with its Architecture and Android Application with Dalvik Virtual Machine Review. International Journal of Multimedia and Ubiquitous Engineering, 12(7), 19–30. doi:10.14257/ijmue.2017.12.7.03.
Sutter, T., Kehrer, T., Rennhard, M., Tellenbach, B., & Klein, J. (2024). Dynamic Security Analysis on Android: A Systematic Literature Review. IEEE Access, 12, 57261–57287. doi:10.1109/ACCESS.2024.3390612.
Miltenberger, M., & Arzt, S. (2024). Precisely Extracting Complex Variable Values from Android Apps. ACM Transactions on Software Engineering and Methodology, 33(5). doi:10.1145/3649591.
Zhou, W., Yongzhi, Y., & Wang, J. (2022). Dynamic Class Generating and Loading Technology in Android Web Application. 2022 International Symposium on Networks, Computers and Communications, ISNCC 2022, 1–6. doi:10.1109/ISNCC55209.2022.9851782.
Garg, S., & Baliyan, N. (2024). Mobile OS Vulnerabilities: Quantitative and Qualitative Analysis. CRC Press, Florida, United States. doi:10.1201/9781003354574.
Sharma, T., & Rattan, D. (2021). Malicious application detection in android - A systematic literature review. Computer Science Review, 40, 100373. doi:10.1016/j.cosrev.2021.100373.
Ejiyi, C. J., Deng, J., Ejiyi, T. U., Salako, A. A., Ejiyi, M. B., & Anomihe, C. G. (2021). Design and Development of Android Application for Educational Institutes. Journal of Physics: Conference Series, 1769(1), 12066. doi:10.1088/1742-6596/1769/1/012066.
Dawoud, A., & Bugiel, S. (2021). Bringing Balance to the Force: Dynamic Analysis of the Android Application Framework. 28th Annual Network and Distributed System Security Symposium, NDSS 2021. doi:10.14722/ndss.2021.23106.
Shewale, H., Patil, S., Deshmukh, V., & Singh, P. (2014). Analysis of Android Vulnerabilities and Modern Exploitation Techniques. ICTACT Journal on Communication Technology, 05(01), 863–867. doi:10.21917/ijct.2014.0122.
Razgallah, A., Khoury, R., Hallé, S., & Khanmohammadi, K. (2021). A survey of malware detection in Android apps: Recommendations and perspectives for future research. Computer Science Review, 39, 100358. doi:10.1016/j.cosrev.2020.100358.
Bhat, P., & Dutta, K. (2019). A survey on various threats and current state of security in android platform. ACM Computing Surveys, 52(1), 1–35. doi:10.1145/3301285.
Rana, A. (2021). An overview of android operating system. Academicia: An International Multidisciplinary Research Journal, 11(10), 668-674. doi:10.5958/2249-7137.2021.02115.7.
Heuser, S., Negro, M., Pendyala, P. K., & Sadeghi, A. R. (2017). DroidAuditor: Forensic analysis of application-layer privilege escalation attacks on android (short paper). Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 9603 LNCS, 260–268. doi:10.1007/978-3-662-54970-4_15.
Damodaran, A., Troia, F. Di, Visaggio, C. A., Austin, T. H., & Stamp, M. (2017). A comparison of static, dynamic, and hybrid analysis for malware detection. Journal of Computer Virology and Hacking Techniques, 13(1), 1–12. doi:10.1007/s11416-015-0261-z.
Ashawa, M., & Morris, S. (2019). Analysis of Android Malware Detection Techniques: A Systematic Review. International Journal of Cyber-Security and Digital Forensics, 8(3), 177–187. doi:10.17781/p002605.
Possemato, A., Nisi, D., & Fratantonio, Y. (2021). Preventing and Detecting State Inference Attacks on Android. In 28th Annual Network and Distributed System Security Symposium, NDSS 2021. doi:10.14722/ndss.2021.24479.
Pan, Y., Ge, X., Fang, C., & Fan, Y. (2020). A Systematic Literature Review of Android Malware Detection Using Static Analysis. IEEE Access, 8, 116363–116379. doi:10.1109/ACCESS.2020.3002842.
Onyedeke, O. C., Elmissaoui, T., Okoronkwo, M. C., Ugwuishiwu, C. H., & Onyebuchi, O. B. (2020). Signature based Network Intrusion Detection System using Feature Selection on Android. International Journal of Advanced Computer Science and Applications, 11(6), 551-558.
Zheng, M., Sun, M., & Lui, J. C. S. (2013). Droid analytics: A signature based analytic system to collect, extract, analyze and associate android malware. Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013, 163–171. doi:10.1109/TrustCom.2013.25.
Şahin, D. Ö., Kural, O. E., Akleylek, S., & Kılıç, E. (2023). A novel permission-based Android malware detection system using feature selection based on linear regression. Neural Computing and Applications, 35(7), 4903–4918. doi:10.1007/s00521-021-05875-1.
Samra, A. A. A., Qunoo, H. N., Al-Rubaie, F., & El-Talli, H. (2019). A survey of static android malware detection techniques. IEEE 7th Palestinian International Conference on Electrical and Computer Engineering, PICECE 2019, 1–6. doi:10.1109/PICECE.2019.8747224.
Dahri, K. A., Vighio, M. S., & Zardari, B. A. (2021). Detection and Prevention of Malware in Android Operating System. Mehran University Research Journal of Engineering and Technology, 40(4), 847–859. doi:10.22581/muet1982.2104.14.
Chao, W., Qun, L., Xiaohu, W., Tianyu, R., Jiahan, D., Guangxin, G., & Enjie, S. (2020). An Android Application Vulnerability Mining Method Based on Static and Dynamic Analysis. Proceedings of 2020 IEEE 5th Information Technology and Mechatronics Engineering Conference, ITOEC 2020, 599–603. doi:10.1109/ITOEC49072.2020.9141575.
Gaharwar, R. S., & Gupta, R. (2020). Android data leakage and anomaly-based Intrusion detection System. 2nd International Conference on Data, Engineering and Applications, IDEA 2020, 1–5. doi:10.1109/IDEA49133.2020.9170738.
Luo, L., Bodden, E., & Spath, J. (2019). A qualitative analysis of android taint-analysis results. Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019, 102–114. doi:10.1109/ASE.2019.00020.
Sinha, A., Di Troia, F., Heller, P., & Stamp, M. (2021). Emulation Versus Instrumentation for Android Malware Detection. Advanced Sciences and Technologies for Security Applications, 1–20. doi:10.1007/978-3-030-60425-7_1.
Ding, C., Luktarhan, N., Lu, B., & Zhang, W. (2021). A hybrid analysis-based approach to android malware family classification. Entropy, 23(8), 1009. doi:10.3390/e23081009.
Amin, M., Shah, B., Sharif, A., Ali, T., Kim, K. Il, & Anwar, S. (2022). Android malware detection through generative adversarial networks. Transactions on Emerging Telecommunications Technologies, 33(2), 3675. doi:10.1002/ett.3675.
Ali-Gombe, A. I., Saltaformaggio, B., Ramanujam “Ram,” J. R., Xu, D., & Richard, G. G. (2018). Toward a more dependable hybrid analysis of android malware using aspect-oriented programming. Computers and Security, 73, 235–248. doi:10.1016/j.cose.2017.11.006.
Xu, L., Zhang, D., Jayasena, N., & Cavazos, J. (2018). HADM: Hybrid Analysis for Detection of Malware. Lecture Notes in Networks and Systems, 16, 702–724. doi:10.1007/978-3-319-56991-8_51.
Naway, A., & Li, Y. (2019). Using deep neural network for Android malware detection. arXiv preprint arXiv:1904.00736. doi:10.48550/arXiv.1904.00736.
Roy, R., Dutta, S., Biswas, S., & Banerjee, J. S. (2020). Android things: A comprehensive solution from things to smart display and speaker. Lecture Notes in Networks and Systems, 116, 339–352. doi:10.1007/978-981-15-3020-3_31.
Zhang, Z., Zhang, H., Qian, Z., & Lau, B. (2021). An investigation of the Android kernel patch ecosystem. Proceedings of the 30th USENIX Security Symposium, 3649–3666.
Bhatia, T., & Kaushal, R. (2017). Malware detection in android based on dynamic analysis. 2017 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2017, 1–6. doi:10.1109/CyberSecPODS.2017.8074847.
Choudhary, M., & Kishore, B. (2018). HAAMD: Hybrid Analysis for Android Malware Detection. 2018 International Conference on Computer Communication and Informatics, ICCCI 2018, 1–4. doi:10.1109/ICCCI.2018.8441295.
Siddiqui, S., & Khan, T. A. (2024). An Overview of Techniques for Obfuscated Android Malware Detection. SN Computer Science, 5(4), 1–24. doi:10.1007/s42979-024-02637-3.
DOI: 10.28991/HIJ-2024-05-03-020
Refbacks
- There are currently no refbacks.
Copyright (c) 2024 Albandari Alsumayt, Heba Elbeh, Mohamed Elkawkagy, Zeyad AlFawaer, Fatemah H. Alghamedy, Majid Alshammari, Sumayh S. Aljameel, Sarah Albassam, Shahad AlGhareeb, Khadijah Alamoudi