e-Infrastructure and e-Services for Developing Countries. 11th EAI International Conference, AFRICOMM 2019, Porto-Novo, Benin, December 3–4, 2019, Proceedings

Research Article

Analysis of the Impact of Permissions on the Vulnerability of Mobile Applications

  • @INPROCEEDINGS{10.1007/978-3-030-41593-8_1,
        author={Gouayon Koala and Didier Bassol\^{e} and Aminata Zerbo/Saban\^{e} and Tegawend\^{e} Bissyand\^{e} and Oumarou Si\^{e}},
        title={Analysis of the Impact of Permissions on the Vulnerability of Mobile Applications},
        proceedings={e-Infrastructure and e-Services for Developing Countries. 11th EAI International Conference, AFRICOMM 2019, Porto-Novo, Benin, December 3--4, 2019, Proceedings},
        proceedings_a={AFRICOMM},
        year={2020},
        month={2},
        keywords={Permission abuse Vulnerability Privilege exploit Security},
        doi={10.1007/978-3-030-41593-8_1}
    }
    
  • Gouayon Koala
    Didier Bassolé
    Aminata Zerbo/Sabané
    Tegawendé Bissyandé
    Oumarou Sié
    Year: 2020
    Analysis of the Impact of Permissions on the Vulnerability of Mobile Applications
    AFRICOMM
    Springer
    DOI: 10.1007/978-3-030-41593-8_1
Gouayon Koala1,*, Didier Bassolé1,*, Aminata Zerbo/Sabané1,*, Tegawendé Bissyandé1,*, Oumarou Sié1,*
  • 1: Université Joseph Ki-Zerbo
*Contact email: gouayonkoala1@gmail.com, dbassole@gmail.com, aminata.sabane@gmail.com, tegawende.bissyande@fasolabs.org, oumarou.sie@gmail.com

Abstract

In this paper, we explored the potential risks of authorizations unexplained by benign apps in order to maintain the confidentiality and availability of personal data. More precisely, we focused on the mechanisms for managing risk permissions under Android to limit the impact of these permissions on vulnerability vectors. We analyzed a sample of forty (40) apps developed in Burkina Faso and identified abuses of dangerous authorizations in several apps in relation to their functional needs. We also discovered combinations of dangerous permissions because it exposes the confidentiality of the data. This analysis allowed us to establish a link between permissions and vulnerabilities, as a source of risk of data security. These risks facilitate exploits of privileges that should be reduced. We have therefore proposed the need to coordinate resolution mechanisms to the administrators, developers, users to better guide the required permissions by benign apps on Android.