The Android-based IoT(Internet of Things) platform just like the existing Android provides an environment that makes it easy to utilize Google’s infrastructure services including development tools and APIs through which it helps to control the sensors of IoT devices. Applications running on the Android-based IoT platform are often UI free and are used without the user’s consent to registered permissions. It is difficult to respond to the misuse of permissions as well as to check them when they are registered indiscriminately while updating applications. This paper analyzes the versions of before and after an application the update running on the Android-based IoT platform and the collected permission lists. It aims to identify the same permissions before and after the update, and deleted and newly added permissions after the update were identified, and thereby respond to security threats that can arise from the permissions that is not needed for IoT devices to perform certain functions.
The Android-based IoT platform was first unveiled to the public as the developer preview version on December 13, 2016. The Android-based IoT platform provides the technology to develop applications that run on IoT devices based on the Android operating system. It makes it easy to develop applications while leveraging existing Android development tools, Android APIs and Google infrastructure services. Applications that run on the Android-based IoT platform have much in common with those that run on existing Android-based Smartphone. Both applications running on the IoT device and smartphone register permissions to provide users with certain functions. If an application is used differently from its original purpose or asks additional permissions rather than using given permissions to provide certain functions for the user, it can perform malicious activities such as collecting excessive information or leaking personal information [1]. For example, if an IoT device that provides temperature and humidity registered permissions such as location information, camera, package .CodeShoppy
Android-based IoT platform The Android-based IoT platform named “Android-Things” was first unveiled by Google. It is the first platform dedicated to IoT devices. “Android-Things” is an upgraded version of the existing Google’s Internet platform, Brillo. Unlike the C/C++ language used in Brilo, it enables Android developers to easily develop IoT products [2, 3] by using existing Android development tools such as Android Studio, JAVA language, Android SDK in the same way. In addition, the hardware of “Android-Things” includes Intel Edison, Pico NXP, Raspberry Pi 3, etc. Each hardware is equipped with SOC (System On Chip), RAM, and wireless communication devices. “Android-Things” basically supports various sample code examples such as Doorbell and Bluetooth Audio, making it easier for developers to access. 2.2. AndroidManifes.xml file The AndroidManifest.xml file of an application used in the Android-based IoT platform environment has a similar structure to that in the conventional Android smartphone. The AndroidManifest.xml file contains information on the application including <activity>, <Intent-filter>, and <uses-permission> [4-6]. This paper analyzes permissions of the versions of before and after application the update by analyzing the AnadroidManifest.xml file.
Permission management method for before and after applications the update 3.1. Analysis flowchart for change of permissions before and after the update The first step in the analysis sequence to compare permissions before and after the application update is to find the AndroidManifest.xml file and then perform ananalysis on the file. The persmissions used by before and after an application the update are first identified based on the analyzed information. After this, the same, deleted, and added permissions in the versions of before and after application the update are checked through the identified information. Figure 2 below shows an analysis flow chart to analyze the permission differences before and after the updatePermission analysis for before and after application the update consists of four steps. The detailed analysis process is as follows. a.Input of the application information before and after the update -Input two versions of the application to analyze before and after application the update. b.Search of the AndroidManifest.xml -Search for the AndroidManifest.xml file to analyze permissions for both versions of the application. During this process, find each AndroidManifest.xml file for before and after application the update c.Check the permissions used by before and after application the update -Analyze the AndroidManifest.xml file found in step 2 to check and list permissions used in before and after application the update d.Identify permission differences for before and after application the update -Based on the analyzed information above, the same, deleted, and added permissions during the update process are identified. Based on the permission information identified through the analysis, respond to security threats such as indiscriminate data collection and data leakage by recognizing them in advance that may occur in Android-based IoT devices.
https://codeshoppy.com/android-app-ideas-for-students-college-project.html