-Smart devices and the smart environment itself is getting more and more popular. A big part of smart devices uses the Android operating system. Since any information on these devices can become available to the third parties on the basis of granted permissions, it is very important to consider it properly before granting them. A permission monitoring system prototype has been proposed for this purpose.
Smart environment is rather an abstract conception and it may refer to a number of more specific areas in question. If we referred to one of many definitions for the smart environment, it would sound like [1] “ordinary environments equipped with visual and audio sensing systems, pervasive devices, sensors and networks that can perceive and react to people…”. It is expected that the number of such devices will only increase in the future.
One of the smart devices which makes a big part of the smart environment is a smartphone. A dominating operating system currently is Android [2]. This operating system has been created by Google on the basis of Linux. The operating system due to its nature of being an open source one has to be well controlled and maintained in order to keep it as safe as possible.
The purpose of this research is to analyze security issues the Android operating system faces. It assesses the security of the smart environment information storage in the Android operating system. It attempts to detect whether any unauthorized parties can get access to this information. The methods which may strengthen the security are considered.
A prototype has been proposed for this purpose. This prototype shall classify the tested applications based on their permissions which suggest any potential information leakage. The results will be compared with some other applications which are currently available on the Play Store for the same purpose.
II. SMART ENVIRONMENT THREATS
Mobile devices once were considered as safe ones but everything has changed as soon as operating systems were introduced. Installing an application is not only an additional comfort. It can be an additional concern as well. Especially if it is a malware which can leak any information. © 2019 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0)
IoT environment or the smart environment in this particular case since the issues are rather common can be divided into three main levels [3]: application level, transportation level and perception level. All these three levels bear threats which are typical to them.
provides customer requested services like air temperature
level: transmits and receives any collected data
physical sensors to collect any data and to process it
This research focuses on the application level. The operating system Android is picked due to its leading positions in the market.
III. ANALYSIS OF THE CURRENTLY AVAILABLE ANDROID DATA LEAKAGE MONITORING TOOLS
Data availability to third parties in the Android operating system relies on the permission model [4]. Permissions are such labels which should be assigned by developers to their application. The application must define in the manifest file which sensitive resources it needs to have access to. The user during the installation has a chance either to grant these permissions or not.
A. Preinstalled permission manager
As Android 6.0 “Marshmallow” has been introduced in 2015, the ability was provided to toggle any granted dangerous permission groups for any specific application [5]. The accessibility of this tool may vary depending on the manufacturer of a device, but it can be accessed in general via Settings > Apps / Application Manager > Permissions.
A screenshot is provided below of the operating system Android 8.1.0. It gives access to the list of all the installed applications. Dangerous permission groups can be reviewed, granted or revoked at any time.
However, if a user has no previous knowledge about the permissions, the list may not always be informative enough. B. Application Inspector
A good alternative which is available on Play Store for the permission management is Application Inspector. This is a third-party application which is developed by UBQSoft.
The tool once it is launched provides a list of all the installed applications. One can see more details after picking any particular application within that list concerning libraries, last update time etc. Involved permissions are described as well as their level they belong to is provided: dangerous, normal, signature. The status of granted or not granted is available which can be changed after tapping and being directed to relevant Settings submenus.
It is a very extensive analyzer and it provides access to different statistical data after a specific application is picked within a general scanned applications list. There is a tab for used permissions. These permissions are listed after tapping the tab, but the information resources are very limited. There are no descriptions about these permissions. It is undefined which level they belong to. There is no information if any of these permissions in the manifest file are granted or not.
Another application which can be helpful for scanning any installed applications on the device is PackageInfo. It gives a list of applications after scanning which are available for a more detailed review after picking any of them. It gives some package information, including the list of permissions. There are no detailed descriptions of these permissions. The state whether they are granted or not is unidentified.
It becomes obvious after the analysis of some currently available tools for permission scanning and monitoring that the focus given on the permissions may not be enough for a regular user. A regular user may not want to search for any explanatory information about the granted permissions in external sources. It may lead the user to underestimating any potential threat due to personal information leakage.
IV. V-S AXIS INFORMATION SENSITIVITY
ASSESSMENT
Different data classification methods were taken into consideration but V-S method [6] was chosen as the most appropriate one in this case. This method classifies any available information based on 2 axes which stand for information value and sensitivity. As the authors suggest who have introduced this method, it is possible to assign the data to different information classes while implementing different security measures.
A. V-S axis method in the prototype
In order to able to use the proposed V-S axis method for
the data on Android device, we first need to define the value
of the vertical axis for information sensitivity (Y). Sensitivity
axis has tree levels: low (0), middle (
o
,nA itca 1
)Y i
i(s ifss0,5
xa lca 0
iiittsvy iissno
n m
e r
S e
p
0
0,5
1
1,5
2
2,5
Value axis (X), defined by a user (
The horizontal axis for information value (X) has also
three levels. These levels are correspondingly: low (0), middle
(
The official classification of permissions available on Android developers’ portal was used for that purpose [7]. Permissions are classified there into four groups: normal, dangerous, signature, and special ones. This official classification reflects different information sensitivity levels to any potential information leakage. These permissions were assigned to the sensitivity (Y) axis in the following manner: 1) Low (0): Normal permissions are assigned to this level due their low potential threat. These permissions are granted to any installed application on a smart device without any intervention on the user side.
2) Middle (
3) High (
Signature permissions and special permissions were not further considered in this research. Therefore, they were not assigned to any axis level.
The horizontal (X) axis for information value is used for a personal assessment of the information stored on the smart device. The values for this axis are selected by default in the prototype but a user can change them any time.
1) Low (0): This information is not valuable to the user or the user will not have any significant issues upon losing it. Permissions of low sensitivity (Y) axis level are matched to this value (X) axis level by default which results in 0 as a score.
2) Middle (
3) High (
B. Proposed prototype based on V-S classification
The proposed prototype Permission Monitoring System gives a quick review of the installed applications. It consists of 2 main lists. The first one is made of applications which are sorted in the order of the highest danger point score to the lowest one. A total danger point score for a specific application is compared to the maximum possible danger point score (maximum point score is 134). It gives that way a quick review of the data leakage potential.
V-S axis classification method is used both for the maximum danger point score calculation and for the current danger point score calculation of any specific application. As mentioned above, permission classification and default information values which a user can adjust to his / her own priority any time are taken into consideration.
If a user taps any application in the application list provided by the prototype, further options are available. The user can see the package name, version number, last update time etc. It also provides the number of dangerous, potentially dangerous and normal permissions. These permissions can be further explored after tapping their titles in this submenu.
As soon as a submenu option for permissions is tapped, one can see the dangerous permissions which of them are namely granted. If these dangerous permission groups are not granted, but they are still in the list, it means that the manifest file contains that permission group, and as the application is used, sooner or later this permission group will be requested by the corresponding application. It is also the place where a user can change the value (horizontal one) axis level to a preferred one if he / she thinks that the default value does not meet his / her expectations. E.g. if a user feels that there is no important information in his / her contacts book and exposing it unintentionally to any third parties is not a big concern, it is possible to change the value axis level to the middle one or the low one. Danger point score will be recalculated accordingly. As the recalculation is completed, the score can accordingly be higher or lower.
C. V-S classification of permissions
The following default values were used to calculate the score for any permission used within an application.
The maximum amount of points for a dangerous permission is 4. Meanwhile, the maximum amount of points for potentially dangerous permissions is 2.
The following formula was used to calculate the danger point score:
(YD * XD) + (YPD * XPD).
D means in this formula “Dangerous permission”, meanwhile PD means “Potentially dangerous”. Y and X are the names of the axes.
All the permission groups which belong to the dangerous
protection level are used for this prototype. As it was
mentioned above, they belong to level High (
104
Some normal protection level permissions are used for the sensitivity (Y) axis with the default value set to Middle. These values officially are considered as not dangerous, but a user may find it uncomfortable if their status becomes uncontrollable. Therefore, the level on the sensitivity axis (Y) is 1, and the level on the value axis (X) which can be changed by a user is also 1 by default. However, this default value is considered as 2 when calculating the maximum danger point score. The following table provides further calculation details.
The maximum danger point score therefore is 134. If a user changes the level on the value (X) axis for any dangerous permission group or a potentially dangerous permission to low, it means that this permission will be multiplied by 0 which leads this permission to be unconsidered in the total danger point score for applications.
The purposes of completing information leakage experiments based on permissions were the following ones: 1) Which categories do pose the highest risk of an information leakage among the tested ones?
2) Which applications do pose the highest risk of an information leakage among the tested ones? 3) Which permissions are requested the most frequently? The following devices were used in one or other way in order to download the applications for testing them with the prototype.
Applications were downloaded based on different categories. Applications within the categories were picked while using the most popular application list since these applications are the most relevant ones to the biggest number of users.
The most popular 20 applications from the categories below were downloaded and installed.
Communication Shopping Finance Business Education
The results were calculated by summing up the danger point score of all the tested applications within that category. It was 20 top applications in it based on their popularity.
The following applications pose the highest risk of an information leakage among the tested ones.
These applications were picked by looking for the highest danger point score among all the tested applications. The number of the tested applications is 100 at the moment.
The following dangerous permissions which are in chart below are requested the most frequently by the downloaded applications which were used for this research.
Numbers of the usage of different dangerous permissions were calculated in this test. As 100 Android applications were currently tested in this research, the chart numbers suggest the amount of instances the corresponding permission was requested or was to be requested. It means in this case that the permission READ_EXTERNAL_STORAGE was requested by 78 applications out of 100 tested applications. Top 5 permissions with the highest usage number were picked. It suggests which information has the highest leak potential.
Android OS security is based on the permission model. However, granting the permissions can be underestimated by a regular user due to a lack of available information or interest in his/her personal security.
A prototype has been offered which provides a simple risk assessment of any information leakage. A user does not need to have any awareness of permissions to understand the results.
There is an option to cancel any granted permission but after it is cancelled, an application may not work correctly.
100 applications in total from 5 different categories were tested. The results are provided in charts for a comparative purpose.