Android spyware disease and medication

摘要

Android-based smartphones are gaining significant advantages on its counterparts in terms of market share among users. The increasing usage of Android OS make it ideal target for attackers. There is an urgent need to develop solutions that guard the user's privacy and can monitor, detect and block these Eavesdropping applications. In this paper, two proposed paradigm are presented. The first proposed paradigm is a spyware application to highlight the security weaknesses “disease”. The spy-ware application has been used to deeply understand the vulnerabilities in the Android operating system, and to study how the spy-ware can be developed to abuse these vulnerabilities for intercepting victim's privacy such as received SMS, incoming calls and outgoing calls. The spy-ware abuses the Internet service to transfer the intercepted information from victim's cell phone illegally to a cloud database. The Android OS permission subsystem and the broadcast receiver subsystem contribute to form a haven for the spy-ware by granting it absolute control to listen, intercept and track the victim privacy. The second proposed paradigm is a new detection paradigm “medication” based on fuzz testing technique to mitigate known vulnerabilities. In this proposal, anti-spy-ware solution “DroidSmartFuzzer” has been designed. The implementation of the anti-spy-ware application has been used to mitigate the risks of the mentioned attacks. It should be noted that the proposed paradigm “DroidSmart-Fuzzer” and its fuzzing test cases are designed not only to catch the proposed spy-ware application but also to catch any similar malicious application designed to intercept one or more of the listed privacies.