SlideShare a Scribd company logo

Malware Improvements in Android OS

Pranav Saini
Pranav Saini

The document discusses malware improvements on Android OS. It provides an introduction to the growth of smartphones and Android's dominance of the market. It then covers the organization of the paper and defines malware. It reviews the Android OS architecture and literature on Android security. The objectives are to increase awareness of the Android security model and analyze malware development. The findings show Android security relies on user awareness and the open source nature makes it vulnerable. Future scopes include modifying the permission model and alpha testing apps for the Play Store.

Mobile
1 of 19
Malware Improvements A Closer Look 1. Pranav Saini Department of Information Technology BVCOE, New Delhi, India 2. Yogesh Madaan Department of Information Technology BVCOE, New Delhi, India
ORGANIZATION OF PRESENTATION 1. Introduction 2. Android OS 3. Literature Review 4. Objectives of the Study 5. Research Findings & Conclusions 6. Future Scope & Challenges 7. References
INTRODUCTION • The mobile phone market today performs very well. In many countries, especially in Western Europe and North America, the number of cell phone subscriptions exceeds the population count. • According to the Gartner market research firm, smartphones accounted for 66 percent of the total mobile phone market in 2014. • Also, according to data collected by IDC, Android dominates the smartphone OS market with a 76.6% share in 2014 and an average market share of approx. 70% since 2012.
INTRODUCTION •Every day, more users are using mobile devices to access services, view data, and pursue personal/business interests. Moreover, many of these devices are not controlled by the administrator, meaning that sensitive data is not subject to the security and Data Loss Prevention policies. •To complicate matters, today’s mobile devices are not islands— they are connected to an entire ecosystem of supporting cloud and PC- based services. Many users directly synchronize their mobile device with their home computer to back up key device settings and data. In such scenarios, key assets may be stored in any number of insecure locations.
INTRODUCTION •In view of the above, we tried to review and suggest changes to the security models of the Android OS, in order to understand the impact it will have as its adoption grows within the world. •The paper is mainly focussed on the Android platform, development of various malwares for the platform, different attacks possible and their effects and finally trying to provide a solution to the increasing problems.
ANDROID OS •The remarkable history of Android started in 2005, when Google acquired the 2003-founded start-up Android Inc. Until then, only little was known about the young organization's work, whose main business was developing software for mobile handsets. •The Open Handset Alliance (a Google Initiative, 2007) announced the development of Android, which featured a complete software platform for mobile handsets including an operating system, middleware and key mobile applications. Android was the first mass-produced consumer-market open source mobile platform that allowed developers to easily create applications and users to readily install them.
ANDROID OS FIG. 2.1 ANDROID ARCHITECTURE – SOFTWARE STACK
MALWARE CONCEPT Malicious software ("malware") is designed specifically to target a mobile device system, such as a tablet or smartphone to damage or disrupt the device. Most mobile malware is designed to disable a mobile device, allow a malicious user to remotely control the device or to steal personal information stored on the device. Among the mobile phones malware attacks, the Android smart phones are largely targeted by the malware users and hackers. This is mainly due to the reason that, Android applications market provides an open platform to all the application. As Google is looking mainly for developing and selling Apps, they are quite relaxed on the security aspects.
MALWARE CONCEPT – SOME EXAMPLES A malware enters your phone when you download any malicious app into your android phone. Most of the Android applications are vulnerable for any third party intervention. Though the unauthorised third party access has been reported earlier, you can still find increased malware attacks on the android phones. Most dangerous Android malware attacks: Fake Banking Apps: This lured the customers into entering their online account login details. DroidDream: It infected devices, breached the android security sandbox and stole data. AndroidOS fake player: It seems to be a media player and silently sends SMS to premium SMS numbers.
MALWARE CONCEPT In 2013 Android grew to a very large number: 87%. This was its share of the global smartphone market then. It also grew to an even larger one: 97%. This was Android’s share of global mobile malware. Source: Forbes, 2014
LITERATURE REVIEW The literature analysis carried here for almost a decade (from 2005 to 2014) from acclaimed researchers of international repute, is intended to serve the global Mobile Computing Community – Developers and Users alike - who need to take more informed decisions regarding Mobile Security and Risks associated with it. 1. Reinfelder, Lena, Zinaida Benenson, and Freya Gassmann compared Android and iPhone users according to their security and privacy awareness when handling apps. Based on an online survey conducted with over 700 German respondents (mostly university students) they found out that Android users seem to be more aware of the risks associated with the app usage than iPhone users. 2. Daniel Tse attempted to give feasible solutions to improve Android’s security model from the user’s awareness level as well as technical level.
LITERATURE REVIEW 3. According to Ryan Farmer (Senior Resourcer and Consultant, Acumin Consulting), there is no one-stop effective security measure that can be implemented on an Android device. He suggested that providing a suite of tools which can be installed on to a device, or offering an encrypted preloaded SD card, will ensure that exponential growth in mobile malware does not affect the organisation. 4. Research done by Yajin Zhou and Xuxian Jiang presented a systematic characterization of existing Android Malware. The results of this characterization of malware samples showed that (1) 86.0% of them repackage legitimate apps to include malicious payloads; (2) 36.7 contain platform-level exploits to escalate privelege; (3) 93.0% exhibit bot-like capability. Furthermore, evaluation with four existing mobile anti-virus software showed that the best case detects 79.6% of them the worst case detects only 20.2%.
OBJECTIVES OF THE STUDY •To fill the research gaps and to sort out the emerging issues, the following objectives are defined: 1. To increase awareness and basic knowledge about the standard Android OS architecture and operation. 2. To identify the bottlenecks and loopholes in the Android Security Model. 3. To analyse the development of botnets and malwares against the current operating system and design its counterparts to defend system from same types, in the coming future.
RESEARCH FINDINGS & CONCLUSIONS 1. On the basis of our study, we can easily conclude that Android security majorly depends on the user awareness. If the users are aware of how their smartphones can be attacked/broken into, they would perhaps have a more guarded and preventive approach. 2. Although, due to the open source nature of this platform, persistence of a malware for a longer time is much easier than that in other platforms. Lack in implementation of security checks for an application even being published on the Android Play Store makes it quite vulnerable.
3. We have analysed latest research to identify novel malware techniques that can be expected to come into action in the foreseeable future. 4. We have also identified major system level enhancements for the Android platform as well as novel countermeasures that can be used for countering these advanced attacks. RESEARCH FINDINGS & CONCLUSIONS
FUTURE SCOPES & CHALLENGES This study will provide both developers and users alike, a deep insight into the workings and shortcomings of the Android OS along with the following points: 1. Restructuring/Modifying the Android Permissions Model : The permissions model is based on permissions, which are constructs that various APIs require calling apps to have before they will provide certain services, can be seen as a preventive factor. 2. Alpha-testing of suspicious applications on the Android Play Store is also an important issue to look into. 3. We hope to build a malware detection application in the coming future based on these malware attacks.
REFERENCES [1] YAJIN, Z., AND XUXIAN, J. Dissecting android malware: Characterization and evolution. In Proceedings of the 33rd IEEE Symposium on Security and Privacy (may 2012).. [2] http://www.theinquirer.net/inquirer/news/2325812/androids-growth-to- slow-following-record-capture-of-80-percent-market-share-in-2013 [3] Tse, Daniel, et al. "STRATEGIES IN IMPROVING ANDROID SECURITY." (2014). [4] http://androidprogramz.blogspot.in/2012/06/architecture-of-android-in- order-to.html [5]http://www.techotopia.com/index.php/An_Overview_of_the_Android_ Architecture
REFERENCES [6]http://www.acumin.co.uk/download_files/WhitePaper/android_white_pape r_2.pdf [7] Reinfelder, Lena, Zinaida Benenson, and Freya Gassmann. "Differences between Android and iPhone Users in Their Security and Privacy Awareness. "Trust, Privacy, and Security in Digital Business. Springer International Publishing, 2014. 156-167. [8] http://developer.android.com/tools/building/index.html [9] http://www.symantec.com/connect/blogs/future-mobile-malware [10] Gordon Kelly. “Report: 97% Of Mobile Malware Is On Android. This Is The Easy Way You Stay Safe”. Forbes, 2013. [11] Press Release, “Gartner Says Sales of Smartphones Grew 20 Percent in Third Quarter of 2014.” Gartner, 2014.
THANK YOU

Recommended

A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...
A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...
A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...
AM Publications
 
2012 nq mobile_security_report
2012 nq mobile_security_report2012 nq mobile_security_report
2012 nq mobile_security_reportIsnur Rochmad
 
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Carlos Laorden
 
Adaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRAdaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBR
ijtsrd
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devices
ijmnct
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
ijmnct
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ijitcs
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
IOSR Journals
 

Recommended

A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...
A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...
A Comprehensive Study on Security issues in Android Mobile Phone — Scope and ...
AM Publications
 
2012 nq mobile_security_report
2012 nq mobile_security_report2012 nq mobile_security_report
2012 nq mobile_security_reportIsnur Rochmad
 
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Carlos Laorden
 
Adaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRAdaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBR
ijtsrd
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devices
ijmnct
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
ijmnct
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ijitcs
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
IOSR Journals
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android Smartphones
IOSR Journals
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile SecurityTharaka Mahadewa
 
OS-Project-Report-Team-8
OS-Project-Report-Team-8OS-Project-Report-Team-8
OS-Project-Report-Team-8shriram suryanarayanan
 
20120140504023
2012014050402320120140504023
20120140504023IAEME Publication
 
Rpt repeating-history
Rpt repeating-historyRpt repeating-history
Rpt repeating-historyAnatoliy Tkachev
 
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET Journal
 
White Paper - Android Security
White Paper - Android SecurityWhite Paper - Android Security
White Paper - Android Security
ryanfarmer
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
Anjoum .
 
Mitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportMitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportVinoth Kanna
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malwareSytelReplyUK
 
Usabiltyvs Security Case study of SmartPhone OS
Usabiltyvs Security Case study of SmartPhone OSUsabiltyvs Security Case study of SmartPhone OS
Usabiltyvs Security Case study of SmartPhone OS
Rajiv Ranjan Singh
 
Cscu module 13 securing mobile devices
Cscu module 13 securing mobile devicesCscu module 13 securing mobile devices
Cscu module 13 securing mobile devicesSejahtera Affif
 
Test Cases and Testing Strategies for Mobile Apps –A Survey
Test Cases and Testing Strategies for Mobile Apps –A SurveyTest Cases and Testing Strategies for Mobile Apps –A Survey
Test Cases and Testing Strategies for Mobile Apps –A Survey
IRJET Journal
 
Ce hv8 module 16 hacking mobile platforms
Ce hv8 module 16 hacking mobile platformsCe hv8 module 16 hacking mobile platforms
Ce hv8 module 16 hacking mobile platformsMehrdad Jingoism
 
Attribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android SmartphonesAttribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android Smartphones
IJCSIS Research Publications
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSPurna Bhat
 
HinDroid
HinDroidHinDroid
HinDroid
HinDroid
 
I018145157
I018145157I018145157
I018145157
IOSR Journals
 
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
IRJET Journal
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
Kavita Rastogi
 
Android mobile platform security and malware survey
Android mobile platform security and malware surveyAndroid mobile platform security and malware survey
Android mobile platform security and malware survey
eSAT Journals
 
Istr 21-2016-en
Istr 21-2016-enIstr 21-2016-en
Istr 21-2016-en
Andrey Apuhtin
 

More Related Content

What's hot

Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android Smartphones
IOSR Journals
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile SecurityTharaka Mahadewa
 
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET Journal
 
White Paper - Android Security
White Paper - Android SecurityWhite Paper - Android Security
White Paper - Android Security
ryanfarmer
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
Anjoum .
 
Mitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportMitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportVinoth Kanna
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malwareSytelReplyUK
 
Usabiltyvs Security Case study of SmartPhone OS
Usabiltyvs Security Case study of SmartPhone OSUsabiltyvs Security Case study of SmartPhone OS
Usabiltyvs Security Case study of SmartPhone OS
Rajiv Ranjan Singh
 
Cscu module 13 securing mobile devices
Cscu module 13 securing mobile devicesCscu module 13 securing mobile devices
Cscu module 13 securing mobile devicesSejahtera Affif
 
Test Cases and Testing Strategies for Mobile Apps –A Survey
Test Cases and Testing Strategies for Mobile Apps –A SurveyTest Cases and Testing Strategies for Mobile Apps –A Survey
Test Cases and Testing Strategies for Mobile Apps –A Survey
IRJET Journal
 
Ce hv8 module 16 hacking mobile platforms
Ce hv8 module 16 hacking mobile platformsCe hv8 module 16 hacking mobile platforms
Ce hv8 module 16 hacking mobile platformsMehrdad Jingoism
 
Attribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android SmartphonesAttribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android Smartphones
IJCSIS Research Publications
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSPurna Bhat
 
HinDroid
HinDroidHinDroid
HinDroid
HinDroid
 
I018145157
I018145157I018145157
I018145157
IOSR Journals
 
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
IRJET Journal
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
Kavita Rastogi
 

What's hot (20)

Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android Smartphones
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile Security
 
OS-Project-Report-Team-8
OS-Project-Report-Team-8OS-Project-Report-Team-8
OS-Project-Report-Team-8
 
20120140504023
2012014050402320120140504023
20120140504023
 
Rpt repeating-history
Rpt repeating-historyRpt repeating-history
Rpt repeating-history
 
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...
 
White Paper - Android Security
White Paper - Android SecurityWhite Paper - Android Security
White Paper - Android Security
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
 
Mitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportMitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android Report
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware
 
Usabiltyvs Security Case study of SmartPhone OS
Usabiltyvs Security Case study of SmartPhone OSUsabiltyvs Security Case study of SmartPhone OS
Usabiltyvs Security Case study of SmartPhone OS
 
Cscu module 13 securing mobile devices
Cscu module 13 securing mobile devicesCscu module 13 securing mobile devices
Cscu module 13 securing mobile devices
 
Test Cases and Testing Strategies for Mobile Apps –A Survey
Test Cases and Testing Strategies for Mobile Apps –A SurveyTest Cases and Testing Strategies for Mobile Apps –A Survey
Test Cases and Testing Strategies for Mobile Apps –A Survey
 
Ce hv8 module 16 hacking mobile platforms
Ce hv8 module 16 hacking mobile platformsCe hv8 module 16 hacking mobile platforms
Ce hv8 module 16 hacking mobile platforms
 
Attribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android SmartphonesAttribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android Smartphones
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoS
 
HinDroid
HinDroidHinDroid
HinDroid
 
I018145157
I018145157I018145157
I018145157
 
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
 

Viewers also liked

Android mobile platform security and malware survey
Android mobile platform security and malware surveyAndroid mobile platform security and malware survey
Android mobile platform security and malware survey
eSAT Journals
 
Istr 21-2016-en
Istr 21-2016-enIstr 21-2016-en
Istr 21-2016-en
Andrey Apuhtin
 
дэвис м., филлипс д. изучаем Php и my sql (2008) (1)
дэвис м., филлипс д. изучаем Php и my sql (2008) (1)дэвис м., филлипс д. изучаем Php и my sql (2008) (1)
дэвис м., филлипс д. изучаем Php и my sql (2008) (1)
Владимир Потапов
 
Marketing Analytics: Data Quality, Data Matching & Marketing Metrics
Marketing Analytics: Data Quality, Data Matching & Marketing MetricsMarketing Analytics: Data Quality, Data Matching & Marketing Metrics
Marketing Analytics: Data Quality, Data Matching & Marketing Metrics
Senturus
 
Crm data analytics introduction
Crm data analytics introductionCrm data analytics introduction
Crm data analytics introduction
Aditya Madiraju
 
"Marketing Analytics and Applications": Course Introduction
"Marketing Analytics and Applications": Course Introduction"Marketing Analytics and Applications": Course Introduction
"Marketing Analytics and Applications": Course Introduction
Masao Kakihara
 
Web analytics introduction
Web analytics introductionWeb analytics introduction
Web analytics introduction
Aditya Madiraju
 
Data Mining and Big Data Analytics in Pharma
Data Mining and Big Data Analytics in Pharma Data Mining and Big Data Analytics in Pharma
Data Mining and Big Data Analytics in Pharma Ankur Khanna
 
Improving pharmaceutical marketing using big data solutions
Improving pharmaceutical marketing using big data solutionsImproving pharmaceutical marketing using big data solutions
Improving pharmaceutical marketing using big data solutions
Paul Grant
 
Internet of things, Big Data and Analytics 101
Internet of things, Big Data and Analytics 101Internet of things, Big Data and Analytics 101
Internet of things, Big Data and Analytics 101
Mukul Krishna
 
How Big Data is Changing Retail Marketing Analytics
How Big Data is Changing Retail Marketing Analytics How Big Data is Changing Retail Marketing Analytics
How Big Data is Changing Retail Marketing Analytics
Revolution Analytics
 
Web Analytics Maturity Model
Web Analytics Maturity ModelWeb Analytics Maturity Model
Web Analytics Maturity Model
Stéphane Hamel
 
Marketing data analytics
Marketing data analyticsMarketing data analytics
Marketing data analytics
Canvass All-in-one Marketing Software
 
Intro to Data Science for Enterprise Big Data
Intro to Data Science for Enterprise Big DataIntro to Data Science for Enterprise Big Data
Intro to Data Science for Enterprise Big Data
Paco Nathan
 
Introduction to Marketing Analytics
Introduction to Marketing AnalyticsIntroduction to Marketing Analytics
Introduction to Marketing Analytics
Michael Levin
 
Myths and Mathemagical Superpowers of Data Scientists
Myths and Mathemagical Superpowers of Data ScientistsMyths and Mathemagical Superpowers of Data Scientists
Myths and Mathemagical Superpowers of Data Scientists
David Pittman
 

Viewers also liked (16)

Android mobile platform security and malware survey
Android mobile platform security and malware surveyAndroid mobile platform security and malware survey
Android mobile platform security and malware survey
 
Istr 21-2016-en
Istr 21-2016-enIstr 21-2016-en
Istr 21-2016-en
 
дэвис м., филлипс д. изучаем Php и my sql (2008) (1)
дэвис м., филлипс д. изучаем Php и my sql (2008) (1)дэвис м., филлипс д. изучаем Php и my sql (2008) (1)
дэвис м., филлипс д. изучаем Php и my sql (2008) (1)
 
Marketing Analytics: Data Quality, Data Matching & Marketing Metrics
Marketing Analytics: Data Quality, Data Matching & Marketing MetricsMarketing Analytics: Data Quality, Data Matching & Marketing Metrics
Marketing Analytics: Data Quality, Data Matching & Marketing Metrics
 
Crm data analytics introduction
Crm data analytics introductionCrm data analytics introduction
Crm data analytics introduction
 
"Marketing Analytics and Applications": Course Introduction
"Marketing Analytics and Applications": Course Introduction"Marketing Analytics and Applications": Course Introduction
"Marketing Analytics and Applications": Course Introduction
 
Web analytics introduction
Web analytics introductionWeb analytics introduction
Web analytics introduction
 
Data Mining and Big Data Analytics in Pharma
Data Mining and Big Data Analytics in Pharma Data Mining and Big Data Analytics in Pharma
Data Mining and Big Data Analytics in Pharma
 
Improving pharmaceutical marketing using big data solutions
Improving pharmaceutical marketing using big data solutionsImproving pharmaceutical marketing using big data solutions
Improving pharmaceutical marketing using big data solutions
 
Internet of things, Big Data and Analytics 101
Internet of things, Big Data and Analytics 101Internet of things, Big Data and Analytics 101
Internet of things, Big Data and Analytics 101
 
How Big Data is Changing Retail Marketing Analytics
How Big Data is Changing Retail Marketing Analytics How Big Data is Changing Retail Marketing Analytics
How Big Data is Changing Retail Marketing Analytics
 
Web Analytics Maturity Model
Web Analytics Maturity ModelWeb Analytics Maturity Model
Web Analytics Maturity Model
 
Marketing data analytics
Marketing data analyticsMarketing data analytics
Marketing data analytics
 
Intro to Data Science for Enterprise Big Data
Intro to Data Science for Enterprise Big DataIntro to Data Science for Enterprise Big Data
Intro to Data Science for Enterprise Big Data
 
Introduction to Marketing Analytics
Introduction to Marketing AnalyticsIntroduction to Marketing Analytics
Introduction to Marketing Analytics
 
Myths and Mathemagical Superpowers of Data Scientists
Myths and Mathemagical Superpowers of Data ScientistsMyths and Mathemagical Superpowers of Data Scientists
Myths and Mathemagical Superpowers of Data Scientists
 

Similar to Malware Improvements in Android OS

A Systematic Review of Android Malware Detection Techniques
A Systematic Review of Android Malware Detection TechniquesA Systematic Review of Android Malware Detection Techniques
A Systematic Review of Android Malware Detection Techniques
CSCJournals
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Idexcel Technologies
 
Research in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacksResearch in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacks
JPINFOTECH JAYAPRAKASH
 
Mobile security article
Mobile security articleMobile security article
Mobile security article
Kulani Mahadewa
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacks
IAEME Publication
 
presentation
presentationpresentation
presentation
SaveraAyub2
 
Enter Sandbox: Android Sandbox Comparison
Enter Sandbox: Android Sandbox ComparisonEnter Sandbox: Android Sandbox Comparison
Enter Sandbox: Android Sandbox Comparison
Jose Moruno Cadima
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniques
ijdpsjournal
 
Android Malware Detection
Android Malware DetectionAndroid Malware Detection
Android Malware Detection
IRJET Journal
 
I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperHarsimran Walia
 
Whitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppWhitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppEric Zhuo
 
BYOD - Secure the data, not the device
BYOD - Secure the data, not the deviceBYOD - Secure the data, not the device
BYOD - Secure the data, not the device
b coatesworth
 
Behavior-Based Security for Mobile Devices Using Machine Learning Techniques
Behavior-Based Security for Mobile Devices Using Machine Learning TechniquesBehavior-Based Security for Mobile Devices Using Machine Learning Techniques
Behavior-Based Security for Mobile Devices Using Machine Learning Techniques
gerogepatton
 
Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...
IJECEIAES
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats Report
Juniper Networks
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devices
IOSR Journals
 
Android security
Android securityAndroid security
Android security
Dr Amira Bibo
 
Android security
Android securityAndroid security
Android security
Dr Amira Bibo
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
Subho Halder
 

Similar to Malware Improvements in Android OS (20)

A Systematic Review of Android Malware Detection Techniques
A Systematic Review of Android Malware Detection TechniquesA Systematic Review of Android Malware Detection Techniques
A Systematic Review of Android Malware Detection Techniques
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
 
Research in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacksResearch in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacks
 
Mobile security article
Mobile security articleMobile security article
Mobile security article
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacks
 
presentation
presentationpresentation
presentation
 
Enter Sandbox: Android Sandbox Comparison
Enter Sandbox: Android Sandbox ComparisonEnter Sandbox: Android Sandbox Comparison
Enter Sandbox: Android Sandbox Comparison
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniques
 
Android Malware Detection
Android Malware DetectionAndroid Malware Detection
Android Malware Detection
 
I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaper
 
Whitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6ppWhitepaper - CISO Guide_6pp
Whitepaper - CISO Guide_6pp
 
BYOD - Secure the data, not the device
BYOD - Secure the data, not the deviceBYOD - Secure the data, not the device
BYOD - Secure the data, not the device
 
Behavior-Based Security for Mobile Devices Using Machine Learning Techniques
Behavior-Based Security for Mobile Devices Using Machine Learning TechniquesBehavior-Based Security for Mobile Devices Using Machine Learning Techniques
Behavior-Based Security for Mobile Devices Using Machine Learning Techniques
 
Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats Report
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devices
 
Android security
Android securityAndroid security
Android security
 
Android security
Android securityAndroid security
Android security
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
 

Malware Improvements in Android OS

  • 1. Malware Improvements A Closer Look 1. Pranav Saini Department of Information Technology BVCOE, New Delhi, India 2. Yogesh Madaan Department of Information Technology BVCOE, New Delhi, India
  • 2. ORGANIZATION OF PRESENTATION 1. Introduction 2. Android OS 3. Literature Review 4. Objectives of the Study 5. Research Findings & Conclusions 6. Future Scope & Challenges 7. References
  • 3. INTRODUCTION • The mobile phone market today performs very well. In many countries, especially in Western Europe and North America, the number of cell phone subscriptions exceeds the population count. • According to the Gartner market research firm, smartphones accounted for 66 percent of the total mobile phone market in 2014. • Also, according to data collected by IDC, Android dominates the smartphone OS market with a 76.6% share in 2014 and an average market share of approx. 70% since 2012.
  • 4. INTRODUCTION •Every day, more users are using mobile devices to access services, view data, and pursue personal/business interests. Moreover, many of these devices are not controlled by the administrator, meaning that sensitive data is not subject to the security and Data Loss Prevention policies. •To complicate matters, today’s mobile devices are not islands— they are connected to an entire ecosystem of supporting cloud and PC- based services. Many users directly synchronize their mobile device with their home computer to back up key device settings and data. In such scenarios, key assets may be stored in any number of insecure locations.
  • 5. INTRODUCTION •In view of the above, we tried to review and suggest changes to the security models of the Android OS, in order to understand the impact it will have as its adoption grows within the world. •The paper is mainly focussed on the Android platform, development of various malwares for the platform, different attacks possible and their effects and finally trying to provide a solution to the increasing problems.
  • 6. ANDROID OS •The remarkable history of Android started in 2005, when Google acquired the 2003-founded start-up Android Inc. Until then, only little was known about the young organization's work, whose main business was developing software for mobile handsets. •The Open Handset Alliance (a Google Initiative, 2007) announced the development of Android, which featured a complete software platform for mobile handsets including an operating system, middleware and key mobile applications. Android was the first mass-produced consumer-market open source mobile platform that allowed developers to easily create applications and users to readily install them.
  • 7. ANDROID OS FIG. 2.1 ANDROID ARCHITECTURE – SOFTWARE STACK
  • 8. MALWARE CONCEPT Malicious software ("malware") is designed specifically to target a mobile device system, such as a tablet or smartphone to damage or disrupt the device. Most mobile malware is designed to disable a mobile device, allow a malicious user to remotely control the device or to steal personal information stored on the device. Among the mobile phones malware attacks, the Android smart phones are largely targeted by the malware users and hackers. This is mainly due to the reason that, Android applications market provides an open platform to all the application. As Google is looking mainly for developing and selling Apps, they are quite relaxed on the security aspects.
  • 9. MALWARE CONCEPT – SOME EXAMPLES A malware enters your phone when you download any malicious app into your android phone. Most of the Android applications are vulnerable for any third party intervention. Though the unauthorised third party access has been reported earlier, you can still find increased malware attacks on the android phones. Most dangerous Android malware attacks: Fake Banking Apps: This lured the customers into entering their online account login details. DroidDream: It infected devices, breached the android security sandbox and stole data. AndroidOS fake player: It seems to be a media player and silently sends SMS to premium SMS numbers.
  • 10. MALWARE CONCEPT In 2013 Android grew to a very large number: 87%. This was its share of the global smartphone market then. It also grew to an even larger one: 97%. This was Android’s share of global mobile malware. Source: Forbes, 2014
  • 11. LITERATURE REVIEW The literature analysis carried here for almost a decade (from 2005 to 2014) from acclaimed researchers of international repute, is intended to serve the global Mobile Computing Community – Developers and Users alike - who need to take more informed decisions regarding Mobile Security and Risks associated with it. 1. Reinfelder, Lena, Zinaida Benenson, and Freya Gassmann compared Android and iPhone users according to their security and privacy awareness when handling apps. Based on an online survey conducted with over 700 German respondents (mostly university students) they found out that Android users seem to be more aware of the risks associated with the app usage than iPhone users. 2. Daniel Tse attempted to give feasible solutions to improve Android’s security model from the user’s awareness level as well as technical level.
  • 12. LITERATURE REVIEW 3. According to Ryan Farmer (Senior Resourcer and Consultant, Acumin Consulting), there is no one-stop effective security measure that can be implemented on an Android device. He suggested that providing a suite of tools which can be installed on to a device, or offering an encrypted preloaded SD card, will ensure that exponential growth in mobile malware does not affect the organisation. 4. Research done by Yajin Zhou and Xuxian Jiang presented a systematic characterization of existing Android Malware. The results of this characterization of malware samples showed that (1) 86.0% of them repackage legitimate apps to include malicious payloads; (2) 36.7 contain platform-level exploits to escalate privelege; (3) 93.0% exhibit bot-like capability. Furthermore, evaluation with four existing mobile anti-virus software showed that the best case detects 79.6% of them the worst case detects only 20.2%.
  • 13. OBJECTIVES OF THE STUDY •To fill the research gaps and to sort out the emerging issues, the following objectives are defined: 1. To increase awareness and basic knowledge about the standard Android OS architecture and operation. 2. To identify the bottlenecks and loopholes in the Android Security Model. 3. To analyse the development of botnets and malwares against the current operating system and design its counterparts to defend system from same types, in the coming future.
  • 14. RESEARCH FINDINGS & CONCLUSIONS 1. On the basis of our study, we can easily conclude that Android security majorly depends on the user awareness. If the users are aware of how their smartphones can be attacked/broken into, they would perhaps have a more guarded and preventive approach. 2. Although, due to the open source nature of this platform, persistence of a malware for a longer time is much easier than that in other platforms. Lack in implementation of security checks for an application even being published on the Android Play Store makes it quite vulnerable.
  • 15. 3. We have analysed latest research to identify novel malware techniques that can be expected to come into action in the foreseeable future. 4. We have also identified major system level enhancements for the Android platform as well as novel countermeasures that can be used for countering these advanced attacks. RESEARCH FINDINGS & CONCLUSIONS
  • 16. FUTURE SCOPES & CHALLENGES This study will provide both developers and users alike, a deep insight into the workings and shortcomings of the Android OS along with the following points: 1. Restructuring/Modifying the Android Permissions Model : The permissions model is based on permissions, which are constructs that various APIs require calling apps to have before they will provide certain services, can be seen as a preventive factor. 2. Alpha-testing of suspicious applications on the Android Play Store is also an important issue to look into. 3. We hope to build a malware detection application in the coming future based on these malware attacks.
  • 17. REFERENCES [1] YAJIN, Z., AND XUXIAN, J. Dissecting android malware: Characterization and evolution. In Proceedings of the 33rd IEEE Symposium on Security and Privacy (may 2012).. [2] http://www.theinquirer.net/inquirer/news/2325812/androids-growth-to- slow-following-record-capture-of-80-percent-market-share-in-2013 [3] Tse, Daniel, et al. "STRATEGIES IN IMPROVING ANDROID SECURITY." (2014). [4] http://androidprogramz.blogspot.in/2012/06/architecture-of-android-in- order-to.html [5]http://www.techotopia.com/index.php/An_Overview_of_the_Android_ Architecture
  • 18. REFERENCES [6]http://www.acumin.co.uk/download_files/WhitePaper/android_white_pape r_2.pdf [7] Reinfelder, Lena, Zinaida Benenson, and Freya Gassmann. "Differences between Android and iPhone Users in Their Security and Privacy Awareness. "Trust, Privacy, and Security in Digital Business. Springer International Publishing, 2014. 156-167. [8] http://developer.android.com/tools/building/index.html [9] http://www.symantec.com/connect/blogs/future-mobile-malware [10] Gordon Kelly. “Report: 97% Of Mobile Malware Is On Android. This Is The Easy Way You Stay Safe”. Forbes, 2013. [11] Press Release, “Gartner Says Sales of Smartphones Grew 20 Percent in Third Quarter of 2014.” Gartner, 2014.

Editor's Notes

  1. 6
  2. 8
  3. 9
  4. 10
  5. 11
  6. 12