Visible to the public Biblio

Filters: Keyword is Android (operating system)  [Clear All Filters]
2021-03-22
Sai, C. C., Prakash, C. S., Jose, J., Mana, S. C., Samhitha, B. K..  2020.  Analysing Android App Privacy Using Classification Algorithm. 2020 4th International Conference on Trends in Electronics and Informatics (ICOEI)(48184). :551–555.
The interface permits the client to scan for a subjective utility on the Play Store; the authorizations posting and the protection arrangement are then routinely recovered, on all events imaginable. The client has then the capability of choosing an interesting authorization, and a posting of pertinent sentences are separated with the guide of the privateer's inclusion and introduced to them, alongside a right depiction of the consent itself. Such an interface allows the client to rapidly assess the security-related dangers of an Android application, by utilizing featuring the pertinent segments of the privateer's inclusion and by introducing helpful data about shrewd authorizations. A novel procedure is proposed for the assessment of privateer's protection approaches with regards to Android applications. The gadget actualized widely facilitates the way toward understanding the security ramifications of placing in 1/3 birthday celebration applications and it has just been checked in a situation to feature troubling examples of uses. The gadget is created in light of expandability, and correspondingly inclines in the strategy can without trouble be worked in to broaden the unwavering quality and adequacy. Likewise, if your application handles non-open or delicate individual information, it would be ideal if you also allude to the extra necessities in the “Individual and Sensitive Information” territory underneath. These Google Play necessities are notwithstanding any prerequisites endorsed by method for material security or data assurance laws. It has been proposed that, an individual who needs to perform the establishment and utilize any 1/3 festival application doesn't perceive the significance and which methods for the consents mentioned by method for an application, and along these lines sincerely gives all the authorizations as a final product of which unsafe applications furthermore get set up and work their malevolent leisure activity in the rear of the scene.
2021-03-09
Yerima, S. Y., Alzaylaee, M. K..  2020.  Mobile Botnet Detection: A Deep Learning Approach Using Convolutional Neural Networks. 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). :1—8.

Android, being the most widespread mobile operating systems is increasingly becoming a target for malware. Malicious apps designed to turn mobile devices into bots that may form part of a larger botnet have become quite common, thus posing a serious threat. This calls for more effective methods to detect botnets on the Android platform. Hence, in this paper, we present a deep learning approach for Android botnet detection based on Convolutional Neural Networks (CNN). Our proposed botnet detection system is implemented as a CNN-based model that is trained on 342 static app features to distinguish between botnet apps and normal apps. The trained botnet detection model was evaluated on a set of 6,802 real applications containing 1,929 botnets from the publicly available ISCX botnet dataset. The results show that our CNN-based approach had the highest overall prediction accuracy compared to other popular machine learning classifiers. Furthermore, the performance results observed from our model were better than those reported in previous studies on machine learning based Android botnet detection.

2021-02-23
Gamba, J., Rashed, M., Razaghpanah, A., Tapiador, J., Vallina-Rodriguez, N..  2020.  An Analysis of Pre-installed Android Software. 2020 IEEE Symposium on Security and Privacy (SP). :1039—1055.

The open-source nature of the Android OS makes it possible for manufacturers to ship custom versions of the OS along with a set of pre-installed apps, often for product differentiation. Some device vendors have recently come under scrutiny for potentially invasive private data collection practices and other potentially harmful or unwanted behavior of the preinstalled apps on their devices. Yet, the landscape of preinstalled software in Android has largely remained unexplored, particularly in terms of the security and privacy implications of such customizations. In this paper, we present the first large- scale study of pre-installed software on Android devices from more than 200 vendors. Our work relies on a large dataset of real-world Android firmware acquired worldwide using crowd-sourcing methods. This allows us to answer questions related to the stakeholders involved in the supply chain, from device manufacturers and mobile network operators to third- party organizations like advertising and tracking services, and social network platforms. Our study allows us to also uncover relationships between these actors, which seem to revolve primarily around advertising and data-driven services. Overall, the supply chain around Android's open source model lacks transparency and has facilitated potentially harmful behaviors and backdoored access to sensitive data and services without user consent or awareness. We conclude the paper with recommendations to improve transparency, attribution, and accountability in the Android ecosystem.

2021-01-28
Siddiquie, K., Shafqat, N., Masood, A., Abbas, H., Shahid, W. b.  2020.  Profiling Vulnerabilities Threatening Dual Persona in Android Framework. 2019 International Conference on Advances in the Emerging Computing Technologies (AECT). :1—6.

Enterprises round the globe have been searching for a way to securely empower AndroidTM devices for work but have spurned away from the Android platform due to ongoing fragmentation and security concerns. Discrepant vulnerabilities have been reported in Android smartphones since Android Lollipop release. Smartphones can be easily hacked by installing a malicious application, visiting an infectious browser, receiving a crafted MMS, interplaying with plug-ins, certificate forging, checksum collisions, inter-process communication (IPC) abuse and much more. To highlight this issue a manual analysis of Android vulnerabilities is performed, by using data available in National Vulnerability Database NVD and Android Vulnerability website. This paper includes the vulnerabilities that risked the dual persona support in Android 5 and above, till Dec 2017. In our security threat analysis, we have identified a comprehensive list of Android vulnerabilities, vulnerable Android versions, manufacturers, and information regarding complete and partial patches released. So far, there is no published research work that systematically presents all the vulnerabilities and vulnerability assessment for dual persona feature of Android's smartphone. The data provided in this paper will open ways to future research and present a better Android security model for dual persona.

2020-12-11
Huang, N., Xu, M., Zheng, N., Qiao, T., Choo, K. R..  2019.  Deep Android Malware Classification with API-Based Feature Graph. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :296—303.

The rapid growth of Android malware apps poses a great security threat to users thus it is very important and urgent to detect Android malware effectively. What's more, the increasing unknown malware and evasion technique also call for novel detection method. In this paper, we focus on API feature and develop a novel method to detect Android malware. First, we propose a novel selection method for API feature related with the malware class. However, such API also has a legitimate use in benign app thus causing FP problem (misclassify benign as malware). Second, we further explore structure relationships between these APIs and map to a matrix interpreted as the hand-refined API-based feature graph. Third, a CNN-based classifier is developed for the API-based feature graph classification. Evaluations of a real-world dataset containing 3,697 malware apps and 3,312 benign apps demonstrate that selected API feature is effective for Android malware classification, just top 20 APIs can achieve high F1 of 94.3% under Random Forest classifier. When the available API features are few, classification performance including FPR indicator can achieve effective improvement effectively by complementing our further work.

Ge, X., Pan, Y., Fan, Y., Fang, C..  2019.  AMDroid: Android Malware Detection Using Function Call Graphs. 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C). :71—77.

With the rapid development of the mobile Internet, Android has been the most popular mobile operating system. Due to the open nature of Android, c countless malicious applications are hidden in a large number of benign applications, which pose great threats to users. Most previous malware detection approaches mainly rely on features such as permissions, API calls, and opcode sequences. However, these approaches fail to capture structural semantics of applications. In this paper, we propose AMDroid that leverages function call graphs (FCGs) representing the behaviors of applications and applies graph kernels to automatically learn the structural semantics of applications from FCGs. We evaluate AMDroid on the Genome Project, and the experimental results show that AMDroid is effective to detect Android malware with 97.49% detection accuracy.

Wu, Y., Li, X., Zou, D., Yang, W., Zhang, X., Jin, H..  2019.  MalScan: Fast Market-Wide Mobile Malware Scanning by Social-Network Centrality Analysis. 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). :139—150.

Malware scanning of an app market is expected to be scalable and effective. However, existing approaches use either syntax-based features which can be evaded by transformation attacks or semantic-based features which are usually extracted by performing expensive program analysis. Therefor, in this paper, we propose a lightweight graph-based approach to perform Android malware detection. Instead of traditional heavyweight static analysis, we treat function call graphs of apps as social networks and perform social-network-based centrality analysis to represent the semantic features of the graphs. Our key insight is that centrality provides a succinct and fault-tolerant representation of graph semantics, especially for graphs with certain amount of inaccurate information (e.g., inaccurate call graphs). We implement a prototype system, MalScan, and evaluate it on datasets of 15,285 benign samples and 15,430 malicious samples. Experimental results show that MalScan is capable of detecting Android malware with up to 98% accuracy under one second which is more than 100 times faster than two state-of-the-art approaches, namely MaMaDroid and Drebin. We also demonstrate the feasibility of MalScan on market-wide malware scanning by performing a statistical study on over 3 million apps. Finally, in a corpus of dataset collected from Google-Play app market, MalScan is able to identify 18 zero-day malware including malware samples that can evade detection of existing tools.

2020-11-23
Wang, X., Li, J..  2018.  Design of Intelligent Home Security Monitoring System Based on Android. 2018 2nd IEEE Advanced Information Management,Communicates,Electronic and Automation Control Conference (IMCEC). :2621–2624.
In view of the problem that the health status and safety monitoring of the traditional intelligent home are mainly dependent on the manual inspection, this paper introduces the intelligent home-based remote monitoring system by introducing the Internet-based Internet of Things technology into the intelligent home condition monitoring and safety assessment. The system's Android remote operation based on the MVP model to develop applications, the use of neural networks to deal with users daily use of operational data to establish the network data model, combined with S3C2440A microcontrollers in the gateway to the embedded Linux to facilitate different intelligent home drivers development. Finally, the power line communication network is used to connect the intelligent electrical appliances to the gateway. By calculating the success rate of the routing nodes, the success rate of the network nodes of 15 intelligent devices is 98.33%. The system can intelligent home many electrical appliances at the same time monitoring, to solve the system data and network congestion caused by the problem can not he security monitoring.
2020-11-17
Qian, K., Parizi, R. M., Lo, D..  2018.  OWASP Risk Analysis Driven Security Requirements Specification for Secure Android Mobile Software Development. 2018 IEEE Conference on Dependable and Secure Computing (DSC). :1—2.
The security threats to mobile applications are growing explosively. Mobile apps flaws and security defects open doors for hackers to break in and access sensitive information. Defensive requirements analysis should be an integral part of secure mobile SDLC. Developers need to consider the information confidentiality and data integrity, to verify the security early in the development lifecycle rather than fixing the security holes after attacking and data leaks take place. Early eliminating known security vulnerabilities will help developers increase the security of apps and reduce the likelihood of exploitation. However, many software developers lack the necessary security knowledge and skills at the development stage, and that's why Secure Mobile Software Development education is very necessary for mobile software engineers. In this paper, we propose a guided security requirement analysis based on OWASP Mobile Top ten security risk recommendations for Android mobile software development and its traceability of the developmental controls in SDLC. Building secure apps immune to the OWASP Mobile Top ten risks would be an effective approach to provide very useful mobile security guidelines.
Jaiswal, M., Malik, Y., Jaafar, F..  2018.  Android gaming malware detection using system call analysis. 2018 6th International Symposium on Digital Forensic and Security (ISDFS). :1—5.
Android operating systems have become a prime target for attackers as most of the market is currently dominated by Android users. The situation gets worse when users unknowingly download or sideload cloning applications, especially gaming applications that look like benign games. In this paper, we present, a dynamic Android gaming malware detection system based on system call analysis to classify malicious and legitimate games. We performed the dynamic system call analysis on normal and malicious gaming applications while applications are in execution state. Our analysis reveals the similarities and differences between benign and malware game system calls and shows how dynamically analyzing the behavior of malicious activity through system calls during runtime makes it easier and is more effective to detect malicious applications. Experimental analysis and results shows the efficiency and effectiveness of our approach.
2020-10-29
Jiang, Jianguo, Li, Song, Yu, Min, Li, Gang, Liu, Chao, Chen, Kai, Liu, Hui, Huang, Weiqing.  2019.  Android Malware Family Classification Based on Sensitive Opcode Sequence. 2019 IEEE Symposium on Computers and Communications (ISCC). :1—7.

Android malware family classification is an advanced task in Android malware analysis, detection and forensics. Existing methods and models have achieved a certain success for Android malware detection, but the accuracy and the efficiency are still not up to the expectation, especially in the context of multiple class classification with imbalanced training data. To address those challenges, we propose an Android malware family classification model by analyzing the code's specific semantic information based on sensitive opcode sequence. In this work, we construct a sensitive semantic feature-sensitive opcode sequence using opcodes, sensitive APIs, STRs and actions, and propose to analyze the code's specific semantic information, generate a semantic related vector for Android malware family classification based on this feature. Besides, aiming at the families with minority, we adopt an oversampling technique based on the sensitive opcode sequence. Finally, we evaluate our method on Drebin dataset, and select the top 40 malware families for experiments. The experimental results show that the Total Accuracy and Average AUC (Area Under Curve, AUC) reach 99.50% and 98.86% with 45. 17s per Android malware, and even if the number of malware families increases, these results remain good.

2020-09-04
Ishak, Muhammad Yusry Bin, Ahmad, Samsiah Binti, Zulkifli, Zalikha.  2019.  Iot Based Bluetooth Smart Radar Door System Via Mobile Apps. 2019 1st International Conference on Artificial Intelligence and Data Sciences (AiDAS). :142—145.
{In the last few decades, Internet of things (IOT) is one of the key elements in industrial revolution 4.0 that used mart phones as one of the best technological advances' intelligent device. It allows us to have power over devices without people intervention, either remote or voice control. Therefore, the “Smart Radar Door “system uses a microcontroller and mobile Bluetooth module as an automation of smart door lock system. It is describing the improvement of a security system integrated with an Android mobile phone that uses Bluetooth as a wireless connection protocol and processing software as a tool in order to detect any object near to the door. The mob ile device is required a password as authentication method by using microcontroller to control lock and unlock door remotely. The Bluetooth protocol was chosen as a method of communication between microcontroller and mobile devices which integrated with many Android devices in secured protocol}.
2020-08-14
Singleton, Larry, Zhao, Rui, Song, Myoungkyu, Siy, Harvey.  2019.  FireBugs: Finding and Repairing Bugs with Security Patterns. 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems (MOBILESoft). :30—34.

Security is often a critical problem in software systems. The consequences of the failure lead to substantial economic loss or extensive environmental damage. Developing secure software is challenging, and retrofitting existing systems to introduce security is even harder. In this paper, we propose an automated approach for Finding and Repairing Bugs based on security patterns (FireBugs), to repair defects causing security vulnerabilities. To locate and fix security bugs, we apply security patterns that are reusable solutions comprising large amounts of software design experience in many different situations. In the evaluation, we investigated 2,800 Android app repositories to apply our approach to 200 subject projects that use javax.crypto APIs. The vision of our automated approach is to reduce software maintenance burdens where the number of outstanding software defects exceeds available resources. Our ultimate vision is to design more security patterns that have a positive impact on software quality by disseminating correlated sets of best security design practices and knowledge.

Mitra, Joydeep, Ranganath, Venkatesh-Prasad, Narkar, Aditya.  2019.  BenchPress: Analyzing Android App Vulnerability Benchmark Suites. 2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW). :13—18.
In recent years, various benchmark suites have been developed to evaluate the efficacy of Android security analysis tools. Tool developers often choose such suites based on the availability and popularity of suites and not on their characteristics and relevance due to the lack of information about them. In this context, based on a recent effort, we empirically evaluated four Android-specific benchmark suites: DroidBench, Ghera, ICCBench, and UBCBench. For each benchmark suite, we identified the APIs used by the suite that were discussed on Stack Overflow in the context of Android app development and measured the usage of these APIs in a sample of 227K real-world apps (coverage). We also identified security-related APIs used in real-world apps but not in any of the above benchmark suites to assess the opportunities to extend benchmark suites (gaps).
2020-08-10
Zhang, Xinman, He, Tingting, Xu, Xuebin.  2019.  Android-Based Smartphone Authentication System Using Biometric Techniques: A Review. 2019 4th International Conference on Control, Robotics and Cybernetics (CRC). :104–108.
As the technological progress of mobile Internet, smartphone based on Android OS accounts for the vast majority of market share. The traditional encryption technology cannot resolve the dilemma in smartphone information leakage, and the Android-based authentication system in view of biometric recognition emerge to offer more reliable information assurance. In this paper, we summarize several biometrics providing their attributes. Furthermore, we also review the algorithmic framework and performance index acting on authentication techniques. Thus, typical identity authentication systems including their experimental results are concluded and analyzed in the survey. The article is written with an intention to provide an in-depth overview of Android-based biometric verification systems to the readers.
Kim, Byoungchul, Jung, Jaemin, Han, Sangchul, Jeon, Soyeon, Cho, Seong-je, Choi, Jongmoo.  2019.  A New Technique for Detecting Android App Clones Using Implicit Intent and Method Information. 2019 Eleventh International Conference on Ubiquitous and Future Networks (ICUFN). :478–483.
Detecting repackaged apps is one of the important issues in the Android ecosystem. Many attackers usually reverse engineer a legitimate app, modify or embed malicious codes into the app, repackage and distribute it in the online markets. They also employ code obfuscation techniques to hide app cloning or repackaging. In this paper, we propose a new technique for detecting repackaged Android apps, which is robust to code obfuscation. The technique analyzes the similarity of Android apps based on the method call information of component classes that receive implicit intents. We developed a tool Calldroid that implemented the proposed technique, and evaluated it on apps transformed using well-known obfuscators. The evaluation results showed that the proposed technique can effectively detect repackaged apps.
Wu, Sha, Liu, Jiajia.  2019.  Overprivileged Permission Detection for Android Applications. ICC 2019 - 2019 IEEE International Conference on Communications (ICC). :1–6.
Android applications (Apps) have penetrated almost every aspect of our lives, bring users great convenience as well as security concerns. Even though Android system adopts permission mechanism to restrict Apps from accessing important resources of a smartphone, such as telephony, camera and GPS location, users face still significant risk of privacy leakage due to the overprivileged permissions. The overprivileged permission means the extra permission declared by the App but has nothing to do with its function. Unfortunately, there doesn't exist any tool for ordinary users to detect the overprivileged permission of an App, hence most users grant any permission declared by the App, intensifying the risk of private information leakage. Although some previous studies tried to solve the problem of permission overprivilege, their methods are not applicable nowadays because of the progress of App protection technology and the update of Android system. Towards this end, we develop a user-friendly tool based on frequent item set mining for the detection of overprivileged permissions of Android Apps, which is named Droidtector. Droidtector can operate in online or offline mode and users can choose any mode according to their situation. Finally, we run Droidtector on 1000 Apps crawled from Google Play and find that 479 of them are overprivileged, accounting for about 48% of all the sample Apps.
Rodinko, Mariia, Oliynykov, Roman.  2019.  Comparing Performances of Cypress Block Cipher and Modern Lighweight Block Ciphers on Different Platforms. 2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S T). :113–116.

The paper is devoted to the comparison of performance of prospective lightweight block cipher Cypress with performances of the known modern lightweight block ciphers such as AES, SPECK, SPARX etc. The measurement was done on different platforms: Windows, Linux and Android. On all platforms selected, the block cipher Cypress showed the best results. The block cipher Cypress-256 showed the highest performance on Windows x32 (almost 3.5 Gbps), 64-bit Linux (over 8 Gbps) and Android (1.3 Gbps). On Windows x64 the best result was obtained by Cypress- 512 (almost 5 Gbps).

Zhang, Hao, Li, Zhuolin, Shahriar, Hossain, Lo, Dan, Wu, Fan, Qian, Ying.  2019.  Protecting Data in Android External Data Storage. 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC). 1:924–925.
Insecure data storage may open a door to malicious malware to steal users' and system sensitive information. These problems may due to developer negligence or lack of security knowledge. Android developers use various storage methods to store data. However, Attackers have attacked these vulnerable data storage. Although the developers have modified the apps after knowing the vulnerability, the user's personal information has been leaked and caused serious consequences. As a result, instead of patching and fixing the vulnerability, we should conduct proactive control for secure Android data storage. In this paper, we analyzed Android external storage vulnerability and discussed the prevention solutions to prevent sensitive information in external storage from disclosure.
Ko, Ju-Seong, Jo, Jeong-Seok, Kim, Deuk-Hun, Choi, Seul-Ki, Kwak, Jin.  2019.  Real Time Android Ransomware Detection by Analyzed Android Applications. 2019 International Conference on Electronics, Information, and Communication (ICEIC). :1–5.
Recently, damage caused by ransomware has been increasing in PC and Android environments. There are many studies into real-time ransomware detection because the most important time to prevent encryption is before ransomware is able to execute its malicious process. Traditional analyses determine an application is ransomware or not by static/dynamic methods. Those analyses can serve as components of a method to detect ransomware in real time. However, problems can occur such as the inability to detect new/variant/unknown ransomware. These types require signed patches from a trusted party that can only be created after attacks occur. In a previous study into realtime new/variant/unknown ransomware detection in a PC environment, important files are monitored and only programs that have been previously analyzed and evaluated as nonmalicious are allowed. As such, programs that have not been analyzed are restricted from accessing important files. In an Android environment, this method can be applied using Android applications to prevent emerging threats and verify consistency with user intent. Thus, this paper proposes a method of detecting new/variant/unknown ransomware in real time in an Android environment.
2020-08-07
Guri, Mordechai.  2019.  HOTSPOT: Crossing the Air-Gap Between Isolated PCs and Nearby Smartphones Using Temperature. 2019 European Intelligence and Security Informatics Conference (EISIC). :94—100.
Air-gapped computers are hermetically isolated from the Internet to eliminate any means of information leakage. In this paper we present HOTSPOT - a new type of airgap crossing technique. Signals can be sent secretly from air-gapped computers to nearby smartphones and then on to the Internet - in the form of thermal pings. The thermal signals are generated by the CPUs and GPUs and intercepted by a nearby smartphone. We examine this covert channel and discuss other work in the field of air-gap covert communication channels. We present technical background and describe thermal sensing in modern smartphones. We implement a transmitter on the computer side and a receiver Android App on the smartphone side, and discuss the implementation details. We evaluate the covert channel and tested it in a typical work place. Our results show that it possible to send covert signals from air-gapped PCs to the attacker on the Internet through the thermal pings. We also propose countermeasures for this type of covert channel which has thus far been overlooked.
2020-07-27
Sudozai, M. A. K., Saleem, Shahzad.  2018.  Profiling of secure chat and calling apps from encrypted traffic. 2018 15th International Bhurban Conference on Applied Sciences and Technology (IBCAST). :502–508.
Increased use of secure chat and voice/ video apps has transformed the social life. While the benefits and facilitations are seemingly limitless, so are the asscoiacted vulnerabilities and threats. Besides ensuring confidentiality requirements for common users, known facts of non-readable contents over the network make these apps more attractive for criminals. Though access to contents of cryptograhically secure sessions is not possible, network forensics of secure apps can provide interesting information which can be of great help during criminal invetigations. In this paper, we presented a novel framework of profiling the secure chat and voice/ video calling apps which can be employed to extract hidden patterns about the app, information of involved parties, activities of chatting, voice/ video calls, status indications and notifications while having no information of communication protocol of the app and its security architecture. Signatures of any secure app can be developed though our framework and can become base of a large scale solution. Our methodology is considered very important for different cases of criminal investigations and bussiness intelligence solutions for service provider networks. Our results are applicable to any mobile platform of iOS, android and windows.
Pandey, Ashutosh, Khan, Rijwan, Srivastava, Akhilesh Kumar.  2018.  Challenges in Automation of Test Cases for Mobile Payment Apps. 2018 4th International Conference on Computational Intelligence Communication Technology (CICT). :1–4.
Software Engineering is a field of new challenges every day. With every passing day, new technologies emerge. There was an era of web Applications, but the time has changed and most of the web Applications are available as Mobile Applications as well. The Mobile Applications are either android based or iOS based. To deliver error free, secure and reliable Application, it is necessary to test the Applications properly. Software testing is a phase of software development life cycle, where we test an Application in all aspects. Nowadays different type of tools are available for testing an Application automatically but still we have too many challenges for applying test cases on a given Application. In this paper the authors will discuss the challenges of automation of test cases for a Mobile based payment Application.
Galuppo, Raúl Ignacio, Luna, Carlos, Betarte, Gustavo.  2018.  Security in iOS and Android: A Comparative Analysis. 2018 37th International Conference of the Chilean Computer Science Society (SCCC). :1–8.
This paper presents a detailed analysis of some relevant security features of iOS and Android -the two most popular operating systems for mobile devices- from the perspective of user privacy. In particular, permissions that can be modified at run time on these platforms are analyzed. Additionally, a framework is introduced for permission analysis, a hybrid mobile application that can run on both iOS and Android. The framework, which can be extended, places special emphasis on the relationship between the user's privacy and the permission system.
Dar, Muneer Ahmad, Nisar Bukhari, Syed, Khan, Ummer Iqbal.  2018.  Evaluation of Security and Privacy of Smartphone Users. 2018 Fourth International Conference on Advances in Electrical, Electronics, Information, Communication and Bio-Informatics (AEEICB). :1–4.

The growing use of smart phones has also given opportunity to the intruders to create malicious apps thereby the security and privacy concerns of a novice user has also grown. This research focuses on the privacy concerns of a user who unknowingly installs a malicious apps created by the programmer. In this paper we created an attack scenario and created an app capable of compromising the privacy of the users. After accepting all the permissions by the user while installing the app, the app allows us to track the live location of the Android device and continuously sends the GPS coordinates to the server. This spying app is also capable of sending the call log details of the user. This paper evaluates two leading smart phone operating systems- Android and IOS to find out the flexibility provided by the two operating systems to their programmers to create the malicious apps.