Research Article Open Access

VULHUNTER: An Update Based Privilege Escalation Checker for Applications

Abstract

With the increasing demand for smart phones, the vulnerability to security attacks has also been increased. Our objective is to develop an application that shields or verifies any attacks on the user’s device in the form of updates. Google added a new layer of security to the Android Market, dubbed Bouncer that will scan apps for evidence of malware. The effort will automatically scan new and existing apps as well as developer accounts, without disrupting the user experience of Android Market or requiring developers to go through an application approval process. Once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and Trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. But, there still exist vulnerabilities despite the layer of bouncer, through which an application certified by the bouncer can attack the user’s data confidentiality. Our system aims at handling the previously mentioned vulnerability up to a greater extent. Also, the check must be internally done for every new update installed, so that, there is no misuse of the access rights previously assigned to it. The user must initially accept that they have read the declarations and warnings even before the installation of updates. This is a measure to ensure that the user is informed about the details of the usage of the application and the properties that the application is trying to use in the user’s device.

Ramachandra Reddy Avula

To read the full article Download Full Article