Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presentation By Deepak Katta

Published byNathan Shepherd Modified over 8 years ago

Similar presentations

Presentation on theme: "Presentation By Deepak Katta"— Presentation transcript:

1 Presentation By Deepak Katta
Android Privacy Presentation By Deepak Katta

2 Outline Introduction Android Vs IoS Privacy Issues Spyware for Android
Samples of Spyware for Android Attack Scenarios Recommendations References

3 Introduction What is Privacy?
Should not use or disclose one’s private information without permission.

4 Introduction Now a days phones are having more features similar to computer called smart phones. With Smart Phone, we can: Text Instant Message Browse Internet Store and Share any type of Data Social Networking Can download any App Instantly and use it. And many more. Smart phones are becoming hosts for sensitive data

5 Introduction These are the various Mobile Operating Systems for Smart Phones: IoS Android Windows Symbian Research in Motion (RiM – Blackberry) Most of the smart phone users are going for either IoS or Android.

6 Introduction Generally, Attacker inject malicious code into targeted smart phone and extract private and sensitive information. Intrusion Detection System (IDS) is used to find such attacks but only known malwares can be found. According to Charlie Miller, both Android and IoS provide Public Market like Android Market and App Store but they take different approaches to limit malicious Apps.

7 Code Signing: Android App Developers can use Self – Signing code on Android Apps.
App Source: Can download App from anywhere not only from market. Removed App: Crowd Sourcing, Publish directly to market if more users complain delete from market and devices remotely. Sandbox: Sandboxing is App Specific. Code Signing: IoS App Developers must use code signing which is proposed from Apple. App Source: Can be downloaded only from App Store. Removed App: Reviewer committee checks the App before publishing and if any malicious found they will remove App. Sandbox: All Apps have same access permissions.

8 Android Vs IoS Malicious users can develop Android Apps easily because very little limits are imposed on Android App Development. Another point is High Convenient makes low – security. For this reason Android Privacy is serious concern.

9 Privacy Issues Identifiers Disclosure SMS Misuse
Four Smart Phone Identifiers Phone Number International Mobile Equipment Identity (IMEI) International Mobile Subscriber Identity (IMSI) SIM Card Serial Number Can Track the phone and Misuse the IMEI SMS Misuse Basic functionality in smart phones. Authentication may be misused. Can send SMS to any number.

10 Privacy Issues Location Leakage Browser History Root Exploits
Most private information. Many Apps ask for location access like Maps and location based searches. Browser History Browsing history, cookies and passwords. Root Exploits Jail Break Both Malicious user and Authorized user can use. Malicious user to gain root access of system. Authorized user for customizing their phone according to their interest.

11 Spyware for Android Android OS is built upon the Linux Kernel and supports most of its functionalities. Android security mechanisms are based on Linux system. Software Development for Android needs: Software Development Kit (SDK) – Tools for developing programs. Emulator – To implement and test smart phone App on computer. IDE – Allows users to run, compile and debug App.

12 Spyware for Android Spyware: Software or an App that can extract user’s private information without any authentication. Spyware silently extract user’s data and upload it to remote server. We use only Android API to develop Spyware. To reach Android Market Spyware can wilfully use self – signed APIs.

13 Samples of Spyware for Android
Phone Information Disclosure: getContentResolver ( ) – Returns ContentResolver instance for user application package. getColumnIndex(String columnName) – to get index of the given column getCount ( ) – Gives how many items are in Data Set.

14 Samples of Spyware for Android

15 Samples of Spyware for Android
Call log: Use API android.provider.CallLog.Calls which can extract all details regarding call log.

16 Samples of Spyware for Android
Acquirement of We use getAccount and getAccountsByType which can list all types of accounts on the device.

17 Samples of Spyware for Android
Location Leakage: We use LocationManager class to extract location informaion

18 Samples of Spyware for Android
Browsed History We use getAllVisitedUrls(ContentResover cr) which returns the list of visited URLs.

19 Attack Scenarios Spyware can be developed and extract the personal information of user. IMEI can be misused. Location Leakage of Celebrities is serious issue. Blackmailing for money can be possible. Anyone may use personal information for malicious activity.

20 Recommendations For Android: For Consumers:
Not to use crowd sourcing, replace it with source code examination and reviewer’s comments. For Consumers: Often clean history records and sensitive data. Don’t download Apps from unauthorized sources. Use Anti Virus Software.

21 References ANDROID PRIVACY by TE – EN WEI, ALBERT B. JENG, HAHN-MING LEE, CHIH-HOW CHEN,CHIN- WEI TIEN. Charlie Miller, “Mobile Attacks and Defense,” IEEE Security and Privacy. Security in Computing 4/e by Charles P. Pfleeger. All Images used in presentation are downloaded from Google images.

22

Download ppt "Presentation By Deepak Katta"

Similar presentations

User Authentication on Mobile Devices Google Two Factor Authentication OTP (One Time Password)

User Authentication on Mobile Devices Google Two Factor Authentication OTP (One Time Password)
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Chung Man Ho Willims Chow Man Kei Gary Kwok Pak Wai Lion.

Chung Man Ho Willims Chow Man Kei Gary Kwok Pak Wai Lion.
Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.

Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
2. Setting Up Your Android Development Environment.

2. Setting Up Your Android Development Environment.
Bonrix Track & Trace System A GPS Based Vehicle Tracing System (SMS, GPRS/3G, Offline) Bonrix Software Systems Ahmedabad (INDIA) Website:

Bonrix Track & Trace System A GPS Based Vehicle Tracing System (SMS, GPRS/3G, Offline) Bonrix Software Systems Ahmedabad (INDIA) Website:
ANDROID PROGRAMMING MODULE 1 – GETTING STARTED

ANDROID PROGRAMMING MODULE 1 – GETTING STARTED
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
SMARTPHONE OPERATION SYSTEM MARKET IN U.S. Ryan (Jang-Hoon) Doo ISM 158.

SMARTPHONE OPERATION SYSTEM MARKET IN U.S. Ryan (Jang-Hoon) Doo ISM 158.
Android Security What is out there? Waqar Aziz. Android Market Share - I 2.

Android Security What is out there? Waqar Aziz. Android Market Share - I 2.
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
How It Applies In A Virtual World

How It Applies In A Virtual World
Apps VS Mobile Websites Which is better?. Bizness Apps Survey Bizness Apps surveyed over 500 small business owners with both a mobile app and a mobile.

Apps VS Mobile Websites Which is better?. Bizness Apps Survey Bizness Apps surveyed over 500 small business owners with both a mobile app and a mobile.
The Study of Security and Privacy in Mobile Applications Name: Liang Wei

The Study of Security and Privacy in Mobile Applications Name: Liang Wei
Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.

Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.
Introduction to Mobile Malware

Introduction to Mobile Malware
Sophos Mobile Security

Sophos Mobile Security
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

Similar presentations

Ads by Google