Presentation is loading. Please wait.

Presentation is loading. Please wait.

Android and IOS Permissions Why are they here and what do they want from me?

Published byMyron Buck Robinson Modified over 7 years ago

Similar presentations

Presentation on theme: "Android and IOS Permissions Why are they here and what do they want from me?"— Presentation transcript:

1 Android and IOS Permissions Why are they here and what do they want from me?

2 Road Map What is a Permission What permissions do Why do they exist Malicious Code Injection Conclusion

3 What is a Permission? A central design point of the Android security architecture. No application, by default, has permission to perform any operations that would adversely impact other applications, the operating system, or the user.

4 What Permissions Actually Do A basic Android application has no permissions associated with it by default, meaning it cannot do anything that would adversely impact the user experience or any data on the device. Sandbox Environment Allows the device to grant access to the protected system specified.

5 What Permissions Actually Do (continued) Permission requests are displayed for you once at install. Allows for fluid app use, without constant interruptions for requests. If Accepted the intended app will download. If denied, no part of the app will be installed.

6 Why do Permissions Exist? They protect the end user. Allows the end user to see what an app accesses. Deem safe or unsafe Particularly useful for Android platform Open source software Malicious code does exist

7 Understanding Permissions Each permission outlines what is being used in a general sense. Permissions are mostly catch all statement. Just because an app “can” use it, doesn’t mean it will.

8 Permission Example

9 Permission Example (cont…) Facebook Messenger Permissions Call. Texts messages. Camera. Microphone. Location. Network. Etc…

10 Permission Example (cont…) Facebook Messenger Permissions Facebook Messenger is operating in a Sandbox Environment Call App can call people in your contacts If you call a number that would cost you normally, then it will cost you in the App. Read phone status and identity So you don’t have to sign into Facebook every time you access the App.

11 Permission Example (cont…) Facebook Messenger Permissions Take Pictures and Videos App can take pictures or videos and send them in a message without ever leaving the App itself. Record Audio Same as taking the picture or video, you can send sound bites to friends within the App.

12 Permission Example (cont…) Facebook Messenger Permissions Catch all statements get a bad rep in certain cases SD access Stores information in a cache, not your physical SD card.

13 Permission Example (cont…) Facebook Messenger Permissions Without these permissions the App would hardly run at all.

14 Permissions Exceptions Malicious code does exist Some third party apps request permissions they don’t need For example Flappy bird.apk Flappy bird removed from google store Only available from third party sites Leading to malicious code injection Odd permission requests Flappy bird doesn’t need to read your emails.

15 Mobile Threats It has been found that 4 of the 10 top malware threats infecting Smartphones are Spyware. Moreover, the top 20 malware threats include “Trojanized” apps that steal data about the phone or send SMS messages.

16 Top Mobile Threats The top mobile threats are: Coogos.A!tr Trojan for android devices It checks if the victim is rooted Silently and automatically downloads a malicious system package into the device Uapush.A Adware Trojan for android Sends SMSs and steals data from the compromised device SMSTracker Android spy phone app Records all incoming and outgoing information

17 Top Mobile Threats The top mobile threats are: iBryte Adware Installs toolbars and displays pop-up advertisements on the infected device. ZeroAccess Peer-to-peer (P2P) bot that uses rootkit technology Hides its presence Downloads additional malware Large scale Ad-click fraud

18 Malicious Code Injection Focus on Spyware. In a sample of 500,000 users 1 in 800 android users were impacted. “SpyPhone” software doesn't take advantage of any exploits or vulnerabilities, and doesn't actually need to compromise the phone in any special way.

19 Malicious Code Injection After the infected app is installed, the user has no idea, what has happened. The Spyware will run even when the app is not open, because it is being executed as an android service. What can this Spyware do? Read all your message archives Use either camera, for pictures or video. (without notification) Send location info Steal credit cards or passwords with screen mirroring and key logging Send messages and make calls remotely from your phone.

20 Malicious Code Injection 99% of these spyware applications exist in 3 rd party app stores. Google Play services wouldn’t allow multiple copies of an app from different authors. Makes it hard for code injection on main channels. What stops developers from making their own app and having spyware attached already, as a sort of Trojan horse? Nothing… Downfall of open source Google services working on better permissions.

21 Conclusion Better understanding of what a Permission is Understanding of what permissions do Understand why they exist Better understanding of Malicious Code Injection

22 Works Cited http://www.androidcentral.com/facebook-messenger-permissions- not-scary-stories-might-have-you-believe http://www.androidcentral.com/facebook-messenger-permissions- not-scary-stories-might-have-you-believe http://www.androidcentral.com/look-application-permissions http://developer.android.com/guide/topics/security/permissions.htm l#top http://developer.android.com/guide/topics/security/permissions.htm l#top

Download ppt "Android and IOS Permissions Why are they here and what do they want from me?"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.

Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.
Kadra Alvaro April,2010. Introduction: The Android Platform Threats to Smartphones Android-Specific Threats How to Secure Your Android Device The Future.

Kadra Alvaro April,2010. Introduction: The Android Platform Threats to Smartphones Android-Specific Threats How to Secure Your Android Device The Future.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.

3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.
Trojan Horse Program Presented by : Lori Agrawal.

Trojan Horse Program Presented by : Lori Agrawal.
IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.

IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.
Threats To A Computer Network

Threats To A Computer Network
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
Security Advice Georgie Pepper Campsmount Acadamy.

Security Advice Georgie Pepper Campsmount Acadamy.
Android Security What is out there? Waqar Aziz. Android Market Share - I 2.

Android Security What is out there? Waqar Aziz. Android Market Share - I 2.
Trojan Virus Presented by Andy Lindberg & Denver Bohling.

Trojan Virus Presented by Andy Lindberg & Denver Bohling.
Presentation By Deepak Katta

Presentation By Deepak Katta
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.

Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.
Adware, Spyware, and Malware Anand Dedhia Bharath Raj ECE 4112 Project 28 April 2005.

Adware, Spyware, and Malware Anand Dedhia Bharath Raj ECE 4112 Project 28 April 2005.
Introduction Our Topic: Mobile Security Why is mobile security important?

Introduction Our Topic: Mobile Security Why is mobile security important?
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Similar presentations

Ads by Google