Professional Documents
Culture Documents
I.
INTRODUCTION
Using the third party technique, the traditional drivedownload gives another space for vulnerabilities. The attack
actually attracts the users to download feature-rich or
interesting app that will lead users to the attack of
malicious [27]. As an example, users click to the
advertisement link, then will be directed through to the
malicious website. This website asking for accessing the
location permission of the users phone and then will direct
through to fake Android Market to download the
applications.
There are some of the vulnerabilities arise from the
concept of sharing the UID that discussed before. Recent
studies stated that the permission systems suffer the problem
of the where developers requesting more unwanted
permissions than what needed [30]. Permission redelegation happened when an application that has
permissions is performing a privilege task on behalf of an
application without that permission [30]. This is when there
two different applications that are sharing the same user ID.
The sharing user ID causes each of the applications can
easily to access to the both resources. This threat is mainly
important for web browsers. Figure 4 shown the permission
delegation process.
IV.
CONCLUSION