Download spybot - search & destroy to protect your privacy and computer system from spyware
Presentation By Deepak Katta Android Privacy. Outline Introduction Android Vs IoS Privacy Issues...
-
Upload
nathan-shepherd -
Category
Documents
-
view
221 -
download
2
Transcript of Presentation By Deepak Katta Android Privacy. Outline Introduction Android Vs IoS Privacy Issues...
Outline Introduction
Android Vs IoS
Privacy Issues
Spyware for Android
Samples of Spyware for Android
Attack Scenarios
Recommendations
References
IntroductionWhat is Privacy?
Should not use or disclose one’s private information without permission.
Introduction Now a days phones are having more features
similar to computer called smart phones.
With Smart Phone, we can: Text Instant Message Browse Internet Store and Share any type of Data Social Networking Can download any App Instantly and use it. And many more.
Smart phones are becoming hosts for sensitive data
IntroductionThese are the various Mobile Operating Systems
for Smart Phones:• IoS• Android• Windows• Symbian• Research in Motion (RiM – Blackberry)
Most of the smart phone users are going for either IoS or Android.
IntroductionGenerally, Attacker inject malicious code into
targeted smart phone and extract private and sensitive information.
Intrusion Detection System (IDS) is used to find such attacks but only known malwares can be found.
According to Charlie Miller, both Android and IoS provide Public Market like Android Market and App Store but they take different approaches to limit malicious Apps.
Code Signing: Android App Developers can use Self – Signing code on Android Apps.
App Source: Can download App from anywhere not only from market.
Removed App: Crowd Sourcing, Publish directly to market if more users complain delete from market and devices remotely.
Sandbox: Sandboxing is App Specific.
Code Signing: IoS App Developers must use code signing which is proposed from Apple.
App Source: Can be downloaded only from App Store.
Removed App: Reviewer committee checks the App before publishing and if any malicious found they will remove App.
Sandbox: All Apps have same access permissions.
Android Vs IoSMalicious users can develop Android Apps easily
because very little limits are imposed on Android App Development.
Another point is High Convenient makes low – security.
For this reason Android Privacy is serious concern.
Privacy IssuesIdentifiers Disclosure
Four Smart Phone Identifiers Phone Number International Mobile Equipment Identity (IMEI) International Mobile Subscriber Identity (IMSI) SIM Card Serial Number
Can Track the phone and Misuse the IMEI
SMS Misuse Basic functionality in smart phones. Authentication may be misused. Can send SMS to any number.
Privacy IssuesLocation Leakage
Most private information. Many Apps ask for location access like Maps and location
based searches.
Browser History Browsing history, cookies and passwords.
Root Exploits Jail Break Both Malicious user and Authorized user can use. Malicious user to gain root access of system. Authorized user for customizing their phone according to
their interest.
Spyware for AndroidAndroid OS is built upon the Linux Kernel and
supports most of its functionalities.
Android security mechanisms are based on Linux system.
Software Development for Android needs:Software Development Kit (SDK) – Tools for
developing programs.Emulator – To implement and test smart phone
App on computer. IDE – Allows users to run, compile and debug App.
Spyware for AndroidSpyware: Software or an App that can extract
user’s private information without any authentication.
Spyware silently extract user’s data and upload it to remote server.
We use only Android API to develop Spyware.
To reach Android Market Spyware can wilfully use self – signed APIs.
Samples of Spyware for Android
Phone Information Disclosure: getContentResolver ( ) – Returns ContentResolver
instance for user application package. getColumnIndex(String columnName) – to get index
of the given column getCount ( ) – Gives how many items are in Data Set.
Samples of Spyware for Android
Call log:Use API android.provider.CallLog.Calls which can
extract all details regarding call log.
Samples of Spyware for Android
Acquirement of E-mail:We use getAccount and getAccountsByType which
can list all types of accounts on the device.
Samples of Spyware for Android
Location Leakage:We use LocationManager class to extract location
informaion
Samples of Spyware for Android
Browsed HistoryWe use getAllVisitedUrls(ContentResover cr) which
returns the list of visited URLs.
Attack ScenariosSpyware can be developed and extract the
personal information of user.
IMEI can be misused.
Location Leakage of Celebrities is serious issue.
Blackmailing for money can be possible.
Anyone may use personal information for malicious activity.
RecommendationsFor Android:
Not to use crowd sourcing, replace it with source code examination and reviewer’s comments.
For Consumers:Often clean history records and sensitive data.Don’t download Apps from unauthorized sources.Use Anti Virus Software.
ReferencesANDROID PRIVACY by TE – EN WEI, ALBERT B.
JENG, HAHN-MING LEE, CHIH-HOW CHEN,CHIN-WEI TIEN.
Charlie Miller, “Mobile Attacks and Defense,” IEEE Security and Privacy.
Security in Computing 4/e by Charles P. Pfleeger.
All Images used in presentation are downloaded from Google images.