Security in Android

Roco Escalera | Researcher

Recently there has been a clear migration to mobile devices and these are increasingly used to access the Internet. Since 2008, the percentage of people using connected mobile devices has doubled every year. Google announced that 5,000 million people use a mobile phone today and 20 percent connect to the Internet through them.

In the battle to dominate this market, Android begins to set itself apart from its competitors. Three out of four smartphones sold in the third quarter of 2012 had this mobile operating system.

Given the increasing complexity, features and convenience of these smartphones, users are progressively relying on them to store and process personal information. We may find phone records, addresses of friends or relatives, browsing histories of visited URLs as well as cached email messages and photos taken with the built-in camera.

Recent studies reveal that there are malicious applications that can be uploaded to app stores that successfully send personal information without user’s permission.

Given this scenario, the question is whether we are in good hands and if the transit to the mobile world is as safe as we expect.

Android is based on a permissions system that restricts the access of each application to system or other applications data. If we want to install an application on Google’s operating system we must grant permissions as requested by the the developer, which might not be necessary or even used for other goals that expected ones. In many cases, location data, for instance, is used to send information to advertising servers, or our SMS are accessed with no need.

There is an evident demand of a security model to address this problem, returning control for the users to decide what to share, giving them the possibility of anonymizing information like the location or the contacts list, if necessary for the application to work.

Gradiant conducts technology monitoring on Multimedia Protection and Advanced Mobile Applications, which are closely related to this problem. Therefore a new line of research has been opened on the Android permission system and its potential leaks of sensitive user information, in order to provide a solution that will allow to run the same applications privately, at user satisfaction.