Sleeping Android: the danger of dormant permissions

By James Sellwood and Jason Crampton

A weakness in the permissions architecture of the Android platform means that apps could gain access to functionality without a user’s knowledge or consent, leaving them open to exploitation or abuse by attackers.

Changes to the way the Android platform authorises permission requests could compromise the security of unwary users.

Since the first commercial device was made available in October 2008, the Android platform has enjoyed a meteoric rise. In those four years it has grown to hold the greatest market share among many of the world’s most significant smartphone markets.

Competing head to head with Apple’s iOS platform, the two operating systems are used in the vast majority of the world’s smartphones.

The Android platform has evolved considerably since its introduction. Since 2008, there have been 25 platform version releases – the latest being 4.2.1 – introducing 17 different API levels in that time.

These releases have introduced numerous new features and, as one might expect nowadays, they have also included various bug fixes and security patches.

One area of the Android platform has undergone continued development in that time and has received close scrutiny due to its significant security role and noticeable disparity from similar mechanisms on other platforms.

The area in question is the Android permission architecture.

Click on the button below to download this article

Royal Holloway Information Security Thesis Series

Vendor:: TechTarget ComputerWeekly.com
Posted:: Feb 8, 2021
Published:: Mar 4, 2013
Format:: PDF
Type:: Essential Guide

Already a Bitpipe member? Log in here

Download this Essential Guide!

Corporate Email Address:
You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

Please provide a Corporate Email Address.

This email address is already registered. Please log in.
First Name:
You forgot to provide your first name.
Last Name:
You forgot to provide your last name.
Company Name:
You forgot to provide a company name.
Job Title:
You forgot to provide a job title.
Seniority:
You forgot to select your seniority.
Job Function:
You forgot to select your job function.
# of employees:
You did not select the number of employees at your company.
Industry:
You did not select which industry you are in.
Sub-Industry:
You did not select which industry you are in.
Address 1:
You did not provide a full local address.
Address 2:
City/Town:
You did not provide a full local address.
Country:
You did not select the country you are from.
State/Province:

You did not provide a full local address.
Zip/Postal Code:
You did not provide a full local address.
Phone:
You forgot to provide a phone number.

This phone number format is not recognized. Please check the country and number.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.