Android-based IoT Platform Applications Update Permission Management
android mini project topics
Analysis flowchart for change of permissions before and after the update The first step in the analysis sequence to compare permissions before and after the application update is to find the AndroidManifest.xml file and then perform an analysis on the file. The persmissions used by before and after an application the update are first identified based on the analyzed information. After this, the same, deleted, and added permissions in the versions of before and after application the update are checked through the identified information. Figure 2 below shows an analysis flow chart to analyze the permission differences before and after the update. Permission analysis for before and after application the update consists of four steps. The detailed analysis process is as follows.
a.Input of the application information before and after the update -Input two versions of the application to analyze before and after application the update.
b.Search of the AndroidManifest.xml -Search for the AndroidManifest.xml file to analyze permissions for both versions of the application. During this process, find each AndroidManifest.xml file for before and after application the update
c.Check the permissions used by before and after application the update -Analyze the AndroidManifest.xml file found in step 2 to check and list permissions used in before and after application the update d.Identify permission differences for before and after application the update -Based on the analyzed information above, the same, deleted, and added permissions during the update process are identified. android mini project topics Based on the permission information identified through the analysis, respond to security threats such as indiscriminate data collection and data leakage by recognizing them in advance that may occur in Android-based IoT devices.
Source code for permission analysis before and after the update Python version 3.5.3 is used to analyze the permissions of the application used in the Android-based IoT platform environment. Search the AndroidManifest.xml file inside the application based on both of the application input information. Analyze both AndroidManifest.xml files to identify the same and changed permissions before and after the update. The content of the source code is explained as follows Table 2.a.Line 01~02: -The variable pwd1 and pwd2 contain the top-level directory name for analyzing both versions of the application. b.Line 04~12: -Find the AndroidManifest.xml file in the application using the variable pwd1 and pwd2. Generally, the AndroidManifest.xml file is in “/app/src/main/” but sometimes it is not. Therefore, do not always search the same path but search all paths inside the application to find the AndroidManifest.xml file. If the AndroidManifest.xml file is found, open the AndroidManifest.xml file in read mode using the update_before and update_after variable to analyze the information in the AndroidManifest.xml file. c.Line 14~19: -Check the phrase “android.permission” by reading a file line by line. In case permissions are provided by Android, the phrase basically starts with “android.permission”. When this phrase is found, include the permission before and after the update in the update_before and update_after list respectively and identify the deleted or added permissions based on the list information. The identified permissions are kept sorted for the ease of use later.
Analysis results When the analysis of two versions of the application is completed, the same permissions before and after the update are first printed out on screen. Next, the deleted and newly added permissions after the update are printed out in order. Figure 2 shows the results of analyzing the permissions of before and after application the update. Permissions from [1] through [3] in Figure 2 show the same permissions that exist in both versions of before and after application the update. [4] through [6] indicate permissions that existed in the version of before application the update but were deleted after the update. [7] – [14] shows newly added permissions that did not exist in the version of before application the update but were added in the update process. The permissions that have been deleted or added after the update can be identified through the analysis.
Security threats IoT devices can carry out malicious activities such as collecting personal information indiscriminately or leaking personal information when permissions not related to performing certain functions are added during the update process. To prevent IoT devices from performing such malicious activities, there is a need to analyze threats that may arise from permissions to be added during the application update. Information on permissions that exist in many applications that perform malicious activities has been continuously analyzed through many researches. Table 3 below shows the list of permissions that exist in the malicious applications that have been previously studied [4, 5, 9, 10]. It is sorted in the order most used of permission in the malicious application. Restrictions on the use of permissions in the process of analyzing security threats should be considered since there may be restrictions on using permissions according to IoT devices. https://codeshoppy.com/android-projects-titles-ieee.html Based on the previously researched permission information and the results analyzed in section 3.3, it is necessary to respond to security threats in advance by analyzing them that may occur due to added permissions while updating an application. For example, if an IoT device that provides temperature or humidity asks permissions to control the location information or the device, it is necessary to respond to security threats that can arise from this.