Method for Before and After Applications the Update in Android
The Android-based IoT platform was first unveiled to the public as the developer preview version on December 13, 2016. The Android-based IoT platform provides the technology to develop applications that run on IoT devices based on the Android operating system. It makes it easy to develop applications while leveraging existing Android development tools, Android APIs and Google infrastructure services. Applications that run on the Android-based IoT platform have much in common with those that run on existing Android-based Smartphone. Both applications running on the IoT device and smartphone register permissions to provide users with certain functions. If an application is used differently from its original purpose or asks additional permissions rather than using given permissions to provide certain functions for the user, it can perform malicious activities such as collecting excessive information or leaking personal information [1]. For example, if an IoT device that provides temperature and humidity registered permissions such as location information, camera, package installation and deletion, etc., it would perform functions different from the original purpose through the newly registered permissions. This paper collects permission lists for the versions of an application running on the Android-based IoT platform before and after the update. It aims to respond to future security threats by identifying the same, deleted, and added permission information compared to the update based on the collected permission lists. The structure of this paper is as follows. Section 2 discusses the Android-based IoT platform, the AndroidManifest.xml file, and the Android permission protection level. Section 3 performs permission analysis on the application to identify permission differences before and after the update. Finally, section 4 concludes this study of android.codeshoppy
Android permission protection level Android applications must register their permissions in the AndroidManifest.xml file to gain access to the information on the Android device and obtain the user’s consent to the use of permissions. The permission protection level for registered permissions can be specified by the developer. It is classified into Normal, Dangerous, Signature, and SignatureOrSystem. Table 1 below lists the four permission protection levels and its definition [4, 7, 8]
recognizing them in advance that may occur in Android-based IoT devices. 3.2. Source code for permission analysis before and after the update Python version 3.5.3 is used to analyze the permissions of the application used in the Android-based IoT platform environment. Search the AndroidManifest.xml file inside the application based on both of the application input information. Analyze both AndroidManifest.xml files to identify the same and changed permissions before and after the update. The content of the source code is explained as follows Table 2.a.Line 01~02: -The variable pwd1 and pwd2 contain the top-level directory name for analyzing both versions of the application. b.Line 04~12: -Find the AndroidManifest.xml file in the application using the variable pwd1 and pwd2. Generally, the AndroidManifest.xml file is in “/app/src/main/” but sometimes it is not. Therefore, do not always search the same path but search all paths inside the application to find the AndroidManifest.xml file. If the AndroidManifest.xml file is found, open the AndroidManifest.xml file in read mode using the update_before and update_after variable to analyze the information in the AndroidManifest.xml file. c.Line 14~19: -Check the phrase “android.permission” by reading a file line by line. In case permissions are provided by Android, the phrase basically starts with “android.permission”. When this phrase is found, include the permission before and after the update in the update_before and update_after list respectively and identify the deleted or added permissions based on the list information. The identified permissions are kept sorted for the ease of use later.
When the analysis of two versions of the application is completed, the same permissions before and after the update are first printed out on screen. Next, the deleted and newly added permissions after the update are printed out in order. Figure 2 shows the results of analyzing the permissions of before and after application the update. Permissions from [1] through [3] in Figure 2 show the same permissions that exist in both versions of before and after application the update. [4] through [6] indicate permissions that existed in the version of before application the update but were deleted after the update. [7] – [14] shows newly added permissions that did not exist in the version of before application the update but were added in the update process. The permissions that have been deleted or added after the update can be identified through the analysisIoT devices can carry out malicious activities such as collecting personal information indiscriminately or leaking personal information when permissions not related to performing certain functions are added during the update process. To prevent IoT devices from performing such malicious activities, there is a need to analyze threats that may arise from permissions to be added during the application update. Information on permissions that exist in many applications that perform malicious activities has been continuously analyzed through many researches. Table 3 below shows the list of permissions that exist in the malicious applications that have been previously studied [4, 5, 9, 10]. It is sorted in the order most used of permission in the malicious application. Restrictions on the use of permissions in the process of analyzing security threats should be considered since there may be restrictions on using permissions according to IoT devices. Based on the previously researched permission information and the results analyzed in section 3.3, it is necessary to respond to security threats in advance by analyzing them that may occur due to added permissions while updating an application. For example, if an IoT device that provides temperature or humidity asks permissions to control the location information .
https://codeshoppy.com/php-projects-titles-topics.html