which is suitable for memory and
are lot of other alternative app markets, which impose no or limited app vetting
security assurance is very limited on such apps.
exists infrastructure to introducing applications without including application
markets, for example, utilizing the adb tool from a connected computer. While
this gives Android clients more free will to introduce applications acquired
from non market sources, it represents an additional malware entry point,
mainly to less security-aware users. Consequently, there is a privileged
probability for Android users to unintentionally install malicious apps in
association to those on other walled-garden based platforms.
2: App developers
could be strange with the delicate aspects of Android ICC, which may escort to involuntary
disclosure of apps’ private interfaces and data.
3: There is an
absence of partition or confinement system for outsider libraries, such as
advertisement and analytics (A) libraries that are restricted within
apps. Consequently, outsider libraries cannot be prohibited from abusing the approved
permissions of their host apps. On the other hand, ill-behaving host apps may interfere
with the libraries such as, by performing inappropriate ad display or click
4: An Android
device has quite a lot of identifiers that can be used as a unique device ID, such
as IMEI, hardware serial number or Android system ID .Since Android devices are
prone to private information leakage, if this device ID is also leaked,
external parties can trail the user easily. In addition, there exist likely
security weaknesses outside of the Android middleware that could negotiate the
security of an Android device.
app can invoke native code through JNI. This may cause security issues due to widely-known
memory corruption bugs in low-level languages (e.g. C or C++) third-party
native libraries are able to neglect the approved permissions of their host
app. In addition, native code may be deliberately employed by malware writers
to evade Android-level analysis techniques and monitoring tools.
6: Android apps are
comparatively easier to reverse engineer compared to native apps in desktop
environment, for example Windows and UNIX executables: Since
hardware-independent Dalvik byte code files bond to an immense pact of information
of the original Java sources. Moreover, UI layouts and string literals of an
app are characteristically stored as detach resource files in XML format. As a
result, Android apps can be subject to app repackaging, including for malware injection.
employs an install-time and to a certain extent coarse-grained permission
install-time permission is on an all-or-nothing foundation: A user must award all
permissions requested by an app, or the app’s installation will not continue.
cost of a set of requested permissions may not be tacit by Android users, who
have a propensity to simply approve the permissions.
developers are likely to swell their requested permissions.
permissions may not be adequately fine-grained. For example, it cannot
implement domain-based Internet access or partial selective access to sensitive
is a need of runtime permission revocation, control (e.g. replacement of
accessed private information, and monitoring tools. Hence, once the user
installs an app on his/her device, the app can run and use, all its granted
permissions. There are no user-accessible mechanisms to monitor any uses of the
8: Android does not
have a configurable, runtime ICC control for the accompanying purposes:
evade an app from accessing any open interfaces of another app, regardless of
the former having obtained the required permissions at its install time. Along
with weakness, this lack of runtime inter-app access control can direct to data
outflow and perplexed deputy problems.
prevent an app from intercepting an intent broadcast, and possibly stopping its
propagation afterwards. By intercepting system-event broadcasts, a malicious
app is able to stealthily intercept important system events that contain
sensitive information, such as an incoming call or SMS.
To segregate apps and avert them from communicating via ICC and other shared