Vulnerabilities in Android OS: Challenges and Mitigation Techniques
- Conference paper
- First Online: 08 May 2022
- Cite this conference paper
- Nazish Nouman 11 ,
- Zain Noreen 11 &
- Fouzia Naz 11
Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 454))
Included in the following conference series:
- International Conference on Digital Technologies and Applications
1065 Accesses
Android is one of the most popular operating systems for smartphones. Although Android OS includes many salient features which include its open-source nature, and its affinity to be customizable but its security remains debatable. Android uses SE-Linux for its security model, which can be leveraged and easily manipulated if ignored. The rise in IoT, smart gadgets, and wearable devices that also use Android as their operating system can’t be ignored. Over the period many vulnerabilities have been discovered and exploited. This research paper focuses on some recent and most popular security vulnerabilities found in the android mobile operating system. The key contribution of this research includes the identification of mitigation techniques to overcome the challenges faced by its user The security of android devices can be significantly improved If mitigation techniques are applied effectively.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Subscribe and save.
- Get 10 units per month
- Download Article/Chapter or eBook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
- Available as PDF
- Read on any device
- Instant download
- Own it forever
- Available as EPUB and PDF
- Compact, lightweight edition
- Dispatched in 3 to 5 business days
- Free shipping worldwide - see info
Tax calculation will be finalised at checkout
Purchases are for personal use only
Institutional subscriptions
Similar content being viewed by others
Android Stack Vulnerabilities: Security Analysis of a Decade
The State of Android Security
The Android OS stack and its vulnerabilities: an empirical study
Smartphone unit shipments worldwide by operating system from 2016 to 2018 (in million units), Statista, September 2019. https://www.statista.com/statistics/309448/global-smartphone-shipments-forecast-operating-system/ . Accessed Sept 2019
Possemato, A., Aonzo, S., Balzarotti, D., Fratantonio: Trust, but verify A longitudinal analysis of Android OEM compliance and customization. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 87–102. IEEE (2021)
Google Scholar
Zakaria, S.N., Zolkipli, M.F.: Review on mobile attacks: operating system, threats, and solution. Borneo Int. J. eISSN 2636-9826 4 (2), 8–16 (2021)
Thomas, D., Beresford, A., Rice, A.: Security Metrics for the Android System. SPSM (2015)
Google. An Update to Nexus Devices. Google, August 2015. https://android.googleblog.com/2015/08/an-update-to-nexus-devices.html . Accessed Dec 2018
Mahalakshmi, K., Kavitha, K.: A comparative study on customers satisfaction towards android operating system and iphone operating system in moblie phone. Annals of the Romanian Society for Cell Biology, pp. 12337–12344 (2021)
Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on android. In: Information Security: 13th International Conference, Boca Raton, FL., pp. 346–360 (2010)
Shewale, H., Patil, S., Deshmukh, V., Singh, P.: Analysis of android vulnerabilities and modern exploitation techniques. Ictact J. Commun. Technol. 5 (1), 863–867 (2014)
Article Google Scholar
Robinson, S.: Strategy Analytics: Q1 2018 Smartphone Apps Processor Market Share: Chips with On-device Artificial Intelligence (AI) Grew Three-Fold. Business Wire, August 2018. https://www.businesswire.com/news/home/20180808005464/en/Strategy-Analytics-Q1-2018-Smartphone-Apps-Processor . Accessed Dec 2018
Thomas, D., Beresford, A., Coudray, T., Sutcliffe, T., Taylor, A.: The lifetime of android API vulnerabilities: case study on the JavaScript-to-Java interface. In: Christianson, Bruce, Švenda, Petr, Matyáš, Vashek, Malcolm, James, Stajano, Frank, Anderson, Jonathan (eds.) Security Protocols 2015. LNCS, vol. 9379, pp. 126–138. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26096-9_13
Chapter Google Scholar
Hamandi, K., Chehab, A., Elhajj, I., Kayssi, A.: Android SMS malware: vulnerability and mitigation. In: International Conference on Advanced Networking and Applications (2013)
Russel, J.: SMS Payment Virus Identified in China, 500,000 Android Device Infected. The Next Web (2012). http://thenextweb.com/asia/2012/08/19/stealth-sms-paymentmalware-identified-chinese-app-stores-500000-android-devicesinfected/ . Accessed Dec 2018
Osborne, C.: SMS malware firm ordered to compensate victims. ZDNet, September 2012. http://www.zdnet.com/sms-malware-firm-ordered-to-compensatevictims-7000003639/ . Accessed Dec 2018
Traynor, P., Enck, W., McDaniel, P., Porta, T.: Exploiting open functionality in SMSCapable cellular networks. J. Comput. Secur. 16 (6), 713–742 (2008)
Joshi, J., Parekh, C.: Android smartphone vulnerabilities: a survey. In: International Conference on Advances in Computing, Communication, & Automation (2016)
Umasanker. Analysis of latest vulnerabilities in android. In: International Conference on Advances in Computing, Communications, and Informatics (2017)
Rundle, M.: ‘Stagefright’ Android bug is the ‘worst ever discovered’. Wired UK, July 2015. https://www.wired.co.uk/article/stagefight-android-bug . Accessed Dec 2018
Mimoso, M.: Stagefright 2.0 Vulnerabilities Affect 1 Billion Android Devices. Threatpost Inc, October 2015. https://threatpost.com/stagefright-2-0-vulnerabilities-affect-1-billion-android-devices/114863/ . Accessed Dec 2018
Cimpanu, C.: New KRACK Attack Breaks WPA2 WiFi Protocol. Bleeping Computer, October 2017. https://www.bleepingcomputer.com/news/security/new-krack-attack-breaks-wpa2-wifi-protocol/ . Accessed Dec 2018
Warren, T.: 41 percent of Android phones are vulnerable to ‘devastating’ Wi-Fi attack. The Verge, October 2017. https://www.theverge.com/2017/10/16/16481252/wi-fi-hack-attack-android-wpa-2-details . Accessed Dec 2018
Chirgwin, R.: Man the harpoons: The KRACK-en reawakens in updated WPA2 attack. The Register, October 2018. https://www.theregister.co.uk/2018/10/05/krack_updated_wpa2_attack/ . Accessed Dec 2018
Burke, S.: Wi-Fi Alliance® introduces Wi-Fi CERTIFIED WPA3™ security. WiFi.org, June 2018. https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-wpa3-security . Accessed Dec 2018
Arm Security Updates. ARM Technologies. https://developer.arm.com/support/arm-security-updates . Accessed Dec 2018
Meltdown and Spectre. meltdownattack.com. https://meltdownattack.com/#faq-systems-meltdown . Accessed Dec 2018
Osborne, C.: Android ‘API breaking’ vulnerability leaks device data, allows user tracking. ZDNet, August 2018. https://www.zdnet.com/article/android-operating-system-vulnerability-leaks-device-data-allows-user-tracking/ . Accessed Dec 2018
Popper, B.: Google announces over 2 billion monthly active devices on Android. The Verge, May 2017
https://www.forbes.com/sites/daveywinder/2019/12/07/google-confirms-critical-android-8-9-and-10-permanent-denial-of-service-threat/#693ebf0466fe
Omar, M., Mohammed, D., Nguyen, V., Dawson, M., Banisakher, M.: Android application security. In: Research Anthology on Securing Mobile Technologies and Applications 2021, pp. 610–625. IGI Global
Garg, S., Baliyan, N.: Comparative analysis of Android and iOS from security viewpoint. Comput. Sci. Rev. 40 , 100372 (2021)
Ditton, S., Tekeoglu, A., Bekiroglu, K., Srinivasan, S.: A proof-of-concept denial of service attack against bluetooth IoT devices. In: 2020 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 1–6. IEEE (2020)
Download references
Author information
Authors and affiliations.
Mohammad Ali Jinnah University, Karachi, Pakistan
Nazish Nouman, Zain Noreen & Fouzia Naz
You can also search for this author in PubMed Google Scholar
Corresponding author
Correspondence to Nazish Nouman .
Editor information
Editors and affiliations.
Ecole Nationale des Sciences Appliquées, Fez, Morocco
Saad Motahhir
Faculty of Sciences, Sidi Mohamed Ben Abdellah University, Fez, Morocco
Badre Bossoufi
Rights and permissions
Reprints and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper.
Nouman, N., Noreen, Z., Naz, F. (2022). Vulnerabilities in Android OS: Challenges and Mitigation Techniques. In: Motahhir, S., Bossoufi, B. (eds) Digital Technologies and Applications. ICDTA 2022. Lecture Notes in Networks and Systems, vol 454. Springer, Cham. https://doi.org/10.1007/978-3-031-01942-5_25
Download citation
DOI : https://doi.org/10.1007/978-3-031-01942-5_25
Published : 08 May 2022
Publisher Name : Springer, Cham
Print ISBN : 978-3-031-01941-8
Online ISBN : 978-3-031-01942-5
eBook Packages : Intelligent Technologies and Robotics Intelligent Technologies and Robotics (R0)
Share this paper
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative
- Publish with us
Policies and ethics
- Find a journal
- Track your research
The Android Platform Security Model
Research areas.
Mobile Systems
Software Systems
Meet the teams driving innovation
Our teams advance the state of the art through research, systems engineering, and collaboration across Google.
IEEE Account
- Change Username/Password
- Update Address
Purchase Details
- Payment Options
- Order History
- View Purchased Documents
Profile Information
- Communications Preferences
- Profession and Education
- Technical Interests
- US & Canada: +1 800 678 4333
- Worldwide: +1 732 981 0060
- Contact & Support
- About IEEE Xplore
- Accessibility
- Terms of Use
- Nondiscrimination Policy
- Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
IMAGES
VIDEO
COMMENTS
1. Introduction. Google's Android is the most prevalent mobile platform among different smartphone platforms. Android's market share is ∼73% as of 2020 (Statcounter GlobalStats 2020).According to Google, there are ∼2.5 Bn active Android devices in 2019, making Android the most popular mobile platform amongst users (Liam, 2020).Growing mobile app markets have increased security threats and ...
Cai et al. presented a research paper on Android application execution approach. The authors looked at how malware behaved in Android apps in terms of execution pathways, structures, methodological scopes, and callbacks. In terms of the security platform, they observed the app execution structure.
Android's security model must strike a difficult balance between security, privacy, and usability for end users; provide assurances for app developers; and maintain system performance under tight hardware constraints. This paper aims to both document the assumed threat model and discuss its implications, with a focus on.
Three main types of models and algorithms used for Android malware detection are as follows: the first (1)- (6) is traditional machine learning models, the second are neural network and deep learning (7)- (8), and the third uses ensemble learning (9) which combines multiple classifiers to detect Android malware. Table 6.
The Android Platform Security Model (2023)∗ RENÉ MAYRHOFER, Google and Johannes Kepler University Linz, Austria JEFFREY VANDER STOEP, Google, Switzerland CHAD BRUBAKER, Independent, USA DIANNE HACKBORN, Google, USA BRAM BONNÉ, Google, Switzerland GÜLIZ SERAY TUNCAY, Google, USA ROGER PIQUERAS JOVER, Google, USA MICHAEL A. SPECTER, Google, USA Android is the most widely deployed end-user ...
The objectives of this paper are: 1. To identify different purposes of Android security assessment techniques. 2. To propose a taxonomy of Android security analysis approaches. 3. To present a Systematic Literature Review (SLR) of the state-of-the-art approaches in Android security domain using the proposed taxonomy. 4.
One paper statically analyzes high-risk methods in the Android operating system to identify potential system vulnerabilities but does not analyze apps [Huang et al. 2015a]. The end result of this paper analysis was a focused study in Android application security spanning the past 6 years of research. 4.
Similar observations also concern the behavior of users who tend to prioritize access to particular applications over the security issues. Amin et al. proposed an automated procedure of vulnerability detection in mobile (Android-based) applications. The results achieved in the aforementioned research have a complementary nature to those ...
This paper evaluates the SSL implementation in a recent set of Android applications and presents some of the most common missuses, to raise awareness to current and new developers to actually consider security as one of their main goals during the development life cycle of applications. Expand. 14. PDF. 1 Excerpt.
1.1. Motivation for work. This paper will report to various malware/malicious application detection methods and report findings in this area. Systematic literature review takes much time to complete but it provides all comprehensive information about the area and also leads towards the current research possibilities.
Smartphones have become pervasive due to the availability of office applications, Internet, games, vehicle guidance using location-based services apart from conventional services such as voice calls, SMSes, and multimedia services. Android devices have gained huge market share due to the open architecture of Android and the popularity of its application programming interface (APIs) in the ...
Academic Journal of Nawroz University (AJNU) 135. Android Security: A Review. Omar M. Ahmed 1 and Amira B. Sallow. 1 Department of Computer Science, Faculty of Science, Zakho University, Duhok ...
To overcome the research gaps, this paper provides a broad review of current Android security concerns, security implementation enhancements, significant malware detected during 2017-2021, and ...
figure. 1). This research stud y looks into the. various security vulnerabilities that the Android. operating s ystem faces. These issues includ e. malware infiltration, phishing schemes, and ...
on particular security issues, there remains little insight into broader security characteristics of smartphone ap-plications. This paper seeks to better understand smart-phone application security by studying 1,100 popular free Android applications. We introduce the ded decom-piler, which recovers Android application source code
This research paper focuses on some recent and most popular security vulnerabilities found in the android mobile operating system. The key contribution of this research includes the identification of mitigation techniques to overcome the challenges faced by its user The security of android devices can be significantly improved If mitigation ...
A horizontal study of popular free Android applications uncovered pervasive use/misuse of personal/ phone identifiers, and deep penetration of advertising and analytics networks, but did not find evidence of malware or exploitable vulnerabilities in the studied applications. The fluidity of application markets complicate smartphone security. Although recent efforts have shed light on ...
Mobile application security: malware threats and defenses. Abstract: Due to the quantum leap in functionality, the rate of upgrading traditional mobile phones to smartphones is tremendous. One of the most attractive features of smartphones is the availability of a large number of apps for users to download and install.
Abstract. Android is the most widely deployed end-user focused operating system. With its growing set of use cases encompassing communication, navigation, media consumption, entertainment, finance, health, and access to sensors, actuators, cameras, or microphones, its underlying security model needs to address a host of practical threats in a ...
Open Web Application Security Project (OWASP) lists the top 10 mobile applications security risks and vulnerabilities. Therefore, this paper investigates mobile applications vulnerabilities and ...
Any android developer can upload their application on the android market which can cause a security threat to any android device. These applications do not have to go through rigorous security checks. In this paper, a layered approach for android application development along with various cross-platform approaches is discussed. Moreover, a ...
Dr. K Srinivas et.al (8) in their paper "Android App for Women Safety" introduces a technique where the system has unusual ability to deliver messages to registered contacts continually until they ...
Systematic literature review of mobile application ...