Permission analysis of mobile applications

Abstract

Mobile phone applications emerged with the introduction of smartphones. Various applications are installed in users’ phones following their interests and satisfying their basic daily needs, app stores are available to allow users to download and install them on their devices. App stores may be a platform for attackers, they can hide malwares and malicious Trojan in applications and upload them, under such assumption mobile phone users can download applications without questioning their level of security .mobile apps require some permission to be granted before being installed. Users have either to grant these accesses to the app and proceed with the installation or reject these permissions and abort the installation of the app. Other permissions can be granted after the installation of the app and users. can disable them. Some of these permissions may be needed for the correct functionality of the application and other times are not even related to the app functioning needs. The risks of the granted permissions may vary from privacy violation and data trading to controlling and using the phone as botnet in criminal acts both cyber and physical crimes. The aim of this thesis is 1) enlighten users about the risks related to permission grants and their misuse cases, 2) investigate the permission accesses of 17 well known phone applications, 3) establish an application that would check the risky permission accesses of installed applications and enables the user to prevent them.