Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presentation By Deepak Katta

Similar presentations


Presentation on theme: "Presentation By Deepak Katta"— Presentation transcript:

1 Presentation By Deepak Katta
Android Privacy Presentation By Deepak Katta

2 Outline Introduction Android Vs IoS Privacy Issues Spyware for Android
Samples of Spyware for Android Attack Scenarios Recommendations References

3 Introduction What is Privacy?
Should not use or disclose one’s private information without permission.

4 Introduction Now a days phones are having more features similar to computer called smart phones. With Smart Phone, we can: Text Instant Message Browse Internet Store and Share any type of Data Social Networking Can download any App Instantly and use it. And many more. Smart phones are becoming hosts for sensitive data

5 Introduction These are the various Mobile Operating Systems for Smart Phones: IoS Android Windows Symbian Research in Motion (RiM – Blackberry) Most of the smart phone users are going for either IoS or Android.

6 Introduction Generally, Attacker inject malicious code into targeted smart phone and extract private and sensitive information. Intrusion Detection System (IDS) is used to find such attacks but only known malwares can be found. According to Charlie Miller, both Android and IoS provide Public Market like Android Market and App Store but they take different approaches to limit malicious Apps.

7 Code Signing: Android App Developers can use Self – Signing code on Android Apps.
App Source: Can download App from anywhere not only from market. Removed App: Crowd Sourcing, Publish directly to market if more users complain delete from market and devices remotely. Sandbox: Sandboxing is App Specific. Code Signing: IoS App Developers must use code signing which is proposed from Apple. App Source: Can be downloaded only from App Store. Removed App: Reviewer committee checks the App before publishing and if any malicious found they will remove App. Sandbox: All Apps have same access permissions.

8 Android Vs IoS Malicious users can develop Android Apps easily because very little limits are imposed on Android App Development. Another point is High Convenient makes low – security. For this reason Android Privacy is serious concern.

9 Privacy Issues Identifiers Disclosure SMS Misuse
Four Smart Phone Identifiers Phone Number International Mobile Equipment Identity (IMEI) International Mobile Subscriber Identity (IMSI) SIM Card Serial Number Can Track the phone and Misuse the IMEI SMS Misuse Basic functionality in smart phones. Authentication may be misused. Can send SMS to any number.

10 Privacy Issues Location Leakage Browser History Root Exploits
Most private information. Many Apps ask for location access like Maps and location based searches. Browser History Browsing history, cookies and passwords. Root Exploits Jail Break Both Malicious user and Authorized user can use. Malicious user to gain root access of system. Authorized user for customizing their phone according to their interest.

11 Spyware for Android Android OS is built upon the Linux Kernel and supports most of its functionalities. Android security mechanisms are based on Linux system. Software Development for Android needs: Software Development Kit (SDK) – Tools for developing programs. Emulator – To implement and test smart phone App on computer. IDE – Allows users to run, compile and debug App.

12 Spyware for Android Spyware: Software or an App that can extract user’s private information without any authentication. Spyware silently extract user’s data and upload it to remote server. We use only Android API to develop Spyware. To reach Android Market Spyware can wilfully use self – signed APIs.

13 Samples of Spyware for Android
Phone Information Disclosure: getContentResolver ( ) – Returns ContentResolver instance for user application package. getColumnIndex(String columnName) – to get index of the given column getCount ( ) – Gives how many items are in Data Set.

14 Samples of Spyware for Android

15 Samples of Spyware for Android
Call log: Use API android.provider.CallLog.Calls which can extract all details regarding call log.

16 Samples of Spyware for Android
Acquirement of We use getAccount and getAccountsByType which can list all types of accounts on the device.

17 Samples of Spyware for Android
Location Leakage: We use LocationManager class to extract location informaion

18 Samples of Spyware for Android
Browsed History We use getAllVisitedUrls(ContentResover cr) which returns the list of visited URLs.

19 Attack Scenarios Spyware can be developed and extract the personal information of user. IMEI can be misused. Location Leakage of Celebrities is serious issue. Blackmailing for money can be possible. Anyone may use personal information for malicious activity.

20 Recommendations For Android: For Consumers:
Not to use crowd sourcing, replace it with source code examination and reviewer’s comments. For Consumers: Often clean history records and sensitive data. Don’t download Apps from unauthorized sources. Use Anti Virus Software.

21 References ANDROID PRIVACY by TE – EN WEI, ALBERT B. JENG, HAHN-MING LEE, CHIH-HOW CHEN,CHIN- WEI TIEN. Charlie Miller, “Mobile Attacks and Defense,” IEEE Security and Privacy. Security in Computing 4/e by Charles P. Pfleeger. All Images used in presentation are downloaded from Google images.

22


Download ppt "Presentation By Deepak Katta"

Similar presentations


Ads by Google