The Android-based IoT(Internet of Things) platform just like the existing Android provides an environment that makes it easy to utilize Google’s infrastructure services including development tools and APIs through which it helps to control the sensors of IoT devices. Applications running on the Android-based IoT platform are often UI free and are used without the user’s consent to registered permissions. It is difficult to respond to the misuse of permissions as well as to check them when they are registered indiscriminately while updating applications. This paper analyzes the versions of before and after an application the update running on the Android-based IoT platform and the collected permission lists. It aims to identify the same permissions before and after the update, and deleted and newly added permissions after the update were identified, and thereby respond to security threats that can arise from the permissions that is not needed for IoT devices to perform certain functions. Codeshoppy
The Android-based IoT platform was first unveiled to the public as the developer preview version on December 13, 2016. The Android-based IoT platform provides the technology to develop applications that run on IoT devices based on the Android operating system. It makes it easy to develop applications while leveraging existing Android development tools, Android APIs and Google infrastructure services. Applications that run on the Android-based IoT platform have much in common with those that run on existing Android-based Smartphone. Both applications running on the IoT device and smartphone register permissions to provide users with certain functions. If an application is used differently from its original purpose or asks additional permissions rather than using given permissions to provide certain functions for the user, it can perform malicious activities such as collecting excessive information or leaking personal information [1]. For example, if an IoT device that provides temperature and humidity registered permissions such as location information, camera, packagenstallation and deletion, etc., it would perform functions different from the original purpose through the newly registered permissions. This paper collects permission lists for the versions of an application running on the Android-based IoT platform before and after the update. It aims to respond to future security threats by identifying the same, deleted, and added permission information compared to the update based on the collected permission lists. The structure of this paper is as follows. Section 2 discusses the Android-based IoT platform, the AndroidManifest.xml file, and the Android permission protection level. Section 3 performs permission analysis on the application to identify permission differences before and after the update. Finally, section 4 concludes this study.
Android-based IoT platform The Android-based IoT platform named “Android-Things” was first unveiled by Google. It is the first platform dedicated to IoT devices. “Android-Things” is an upgraded version of the existing Google’s Internet platform, Brillo. Unlike the C/C++ language used in Brilo, it enables Android developers to easily develop IoT products [2, 3] by using existing Android development tools such as Android Studio, JAVA language, Android SDK in the same way. In addition, the hardware of “Android-Things” includes Intel Edison, Pico NXP, Raspberry Pi 3, etc. Each hardware is equipped with SOC (System On Chip), RAM, and wireless communication devices. “Android-Things” basically supports various sample code examples such as Doorbell and Bluetooth Audio, making it easier for developers to access. 2.2. AndroidManifes.xml file The AndroidManifest.xml file of an application used in the Android-based IoT platform environment has a similar structure to that in the conventional Android smartphone. The AndroidManifest.xml file contains information on the application including <activity>, <Intent-filter>, and <uses-permission> [4-6]. This paper analyzes permissions of the versions of before and after application the update by analyzing the AnadroidManifest.xml file. The followingable 1 shows the structure of the AndroidManifest.xml file for a sample application provided for the use in the Android-based IoT platform environment
https://codeshoppy.com/android-app-ideas-for-students-college-project.html