Table 1 - uploaded by Suhaib Mujahid
Content may be subject to copyright.
List of missed permissions and the number of apps the permissions are missed. Others present all permission types that appears just one time.
Source publication
Wearable devices are becoming increasingly popular. These wearable devices run what is known as wearable apps. Wearable apps are packaged with handheld apps, that must be installed on the accompanying handheld device (e.g., phone).
Given that wearable apps are tightly coupled with the handheld apps, any wearable permission must also be requested in...
Context in source publication
Similar publications
The paper describes the system innovation process to translate an innovation challenge on macro societal level ('How can technological innovations assist in an appropriate manner to enable elderly people to remain living in their own home for a longer time?') , to a concrete customisation challenge on micro level ('How can the customisation of a tr...
Citations
... En el mundo actual, las aplicaciones móviles desempeñan un papel central en nuestras rutinas diarias, brindándonos una amplia gama de servicios y funciones. [3] Estos avances tecnológicos nos permiten monitorear y gestionar diversas actividades, como ubicación, contacto, etc., [4] Sin embargo, con el aumento en la cantidad de datos personales que se manejan a través de estas aplicaciones, surge la preocupación por la privacidad y la seguridad de los usuarios. La protección de la información personal se convierte en una prioridad clave para garantizar la confianza y el uso responsable de las aplicaciones móviles. ...
... Esta investigación resalta la importancia de garantizar una integración adecuada entre aplicaciones móviles y vestibles para una experiencia óptima del usuario. [4] pero tiene la desventaja que no se tiene un conocimiento certero si estas anomalías son causadas por algún tipo de malware. ...
Resumen Este trabajo se enfoca en analizar el creciente papel de las aplicaciones móviles y la importancia de proteger la privacidad de los usuarios, explora la sinergia entre las aplicaciones móviles y los dispositivos wearables, se lleva a cabo un análisis de seguridad en una aplicación certificada y autenticada, donde su código está comprometido mediante técnicas de inyección de código malicioso con el objetivo de detectarlo y evaluar su alcance. El análisis propuesto se realiza mediante técnicas de evaluación estática. Los resultados obtenidos muestran que al inyectar código malicioso podría generar riesgos en la seguridad de la información del cualquier usuario. Abstract This work focuses on analyzing the growing role of mobile applications and the importance of protecting users' privacy. It explores the synergy between mobile applications and wearable devices. A security analysis is carried out on a certified and authenticated application, where its code is compromised using malicious code injection techniques in order to detect and assess its scope. The proposed analysis is conducted using static evaluation techniques. The obtained results demonstrate that injecting malicious code could pose risks to the information security of any user. 1. Introducción al análisis de dispositivos móviles En el mundo actual, las aplicaciones móviles desempeñan un papel central en nuestras rutinas diarias, brindándonos una amplia gama de servicios y funciones.[3] Estos avances tecnológicos nos permiten monitorear y gestionar diversas actividades, como ubicación, contacto, etc.,[4] Sin embargo, con el aumento en la cantidad de datos personales que se manejan a través de estas aplicaciones, surge la preocupación por la privacidad y la seguridad de los usuarios. La protección de la información personal se convierte en una prioridad clave para garantizar la confianza y el uso responsable de las aplicaciones móviles. En este contexto, también emergen los dispositivos wearables, que amplían aún más las capacidades de estas aplicaciones y su interacción con los usuarios [3]. Pero no todo es ventaja, por desgracia los dispositivos wearables, tienen brechas de seguridad, así como el software que controla a estos dispositivos. 2. Trabajos relacionados Los trabajos relacionados desempeñan un papel crucial en el proceso de la investigación científica al proporcionar el contexto, justificación y apoyo necesario para el nuevo estudio. A continuación se resumen algunos trabajos relacionados con esta investigación. 2.1. Detecting Wearable App Permission Mismatches: A Case Study on Android Wear El uso de dispositivos wearables está en aumento, impulsando la popularidad de las aplicaciones vestibles que se ejecutan en ellos. Estas aplicaciones están estrechamente vinculadas con las aplicaciones móviles en el dispositivo acompañante, y los permisos requeridos deben ser solicitados tanto en la versión móvil como en la wearable. Sin embargo, algunos desarrollos pueden presentar un desajuste de permisos, llevando a errores y bloqueos en las aplicaciones vestibles. En este trabajo, se propone una técnica para detectar estos desajustes y se realiza un estudio de caso en 2,409 aplicaciones gratuitas de Android Wear, identificando 73 aplicaciones vestibles con este problema. Esta investigación resalta la importancia de garantizar una integración adecuada entre aplicaciones móviles y vestibles para una experiencia óptima del usuario.[4] pero tiene la desventaja que no se tiene un conocimiento certero si estas anomalías son causadas por algún tipo de malware.
... Researchers can gain insight into the user experience and provide guidance that can improve the product. While there is some prior study in wearable apps [35,37,40], it has largely focused on the developer's perspective. Few studies have analyzed user feedback on wearable software. ...
The growing availability of applications (apps) for smart gadgets has been phenomenal in recent years. Both independent developers and multinational corporations are working to boost their app ratings in order to stay competitive in the mobile app industry. Therefore, it is crucial to consider apps from the perspective of the end user. In recent years, there has been a meteoric rise in the use of wearable apps. However, there have been surprisingly few investigations of the difficulties inherent with wearable apps. The purpose of this research is to mine user evaluations in order to get an understanding of consumer concerns about wearable apps. In this paper, fifteen app issues have been identified. Then we applied the DEMATEL (Decision Making Trial and Evaluation Laboratory) method to analyse the wearable app issues (WIs) and divide these issues into cause-and-effect groups. To begin, multiple experts assess the direct relationships between influential issues in wearable apps. The evaluation results are presented as spherical fuzzy numbers (SFN). Secondly, convert the linguistic terms into SFN. Thirdly, based on DEMATEL, the cause-effect classifications of issues are obtained. Finally, the issues in the cause category are identified as WIs in wearable apps. The outcome of the research is compared with the other variants of DEMATEL, like rough Z-number-based DEMATEL and spherical fuzzy DEMATEL, and the comparative results suggest that spherical fuzzy DEMATEL is the most suitable method to analyse the interrelationship of different issues in wearable apps. The outcome of this work definitely assists the app and software industry in the successful identification of the issues on which professionals and project managers could really focus.
... Mujahid et al. [11] also studied wearable app permission problems in Android Wear apps and reviewed the effect on the functionality of the app. Many wearable apps have a permission mismatch problem that allows malicious apps to request permission to access personal information not required for app functionality. ...
... 7 AndroWarn: https://github.com/maaaaz/androwarn (Accessed: 2018-[11][12] ...
Wearable apps, specifically smartwatch apps, require permissions to access sensors, user profiles, and the Internet. These permissions, although not crucial for many mobile apps, are essential for health and fitness apps, as well as other wearable apps to work efficiently. Access to data on wearable devices enables malicious apps to extract personal user information. Moreover, benevolent apps can be utilized by attackers if they send private information insecurely. Many studies have examined privacy issues in smartphone apps, and very little has been done to identify and evaluate these issues in wearable smartwatch apps. Since wearable apps can reside either on the phone and watch or both, with all devices capable of accessing the Internet directly, a different dimension to information leakage is presented due to diverse ways in which these devices collect, store and transmit data.
... In other words, when an API method is invoked within the code but the current Android platform does not support the referred method. Problems related to the permission mechanism have also been targeted [61,60]. However, those techniques are specific for the interaction between wearable apps with the same mobile app, only verifying if both apps have shared the same set of permissions. ...
With the ever-increasing popularity of mobile devices over the last decade, mobile apps and the frameworks upon which they are built frequently change. This rapid evolution leads to a confusing jumble of devices and applications utilizing differing features even within the same framework. For Android apps and devices, representing over 80% of the market share, mismatches between the version of the Android operating system installed on a device and the version of the app installed, can lead to several run-time crashes, providing a poor user experience. This thesis presents GAINDroid, an analysis approach, backed with a classloader based program analyzer, that automatically detects three types of mismatches to which an app may be vulnerable across versions of the Android API it supports. Unlike all prior techniques that focus on identifying a particular problem, such as callback APIs issues, GAINDroid has the potential to greatly increase the scope of the analysis by automatically and effectively analyzing various sources of incompatibilities that may lead an app to crash at run-time. We applied GAINDroid to 3,590 real-world apps and compared the results of our analysis against state-of-the-art tools. The experimental results demonstrate its ability to outperform the existing analysis techniques in terms of both the number and type of mismatches correctly identified as well as run-time performance of the analysis. Adviser: Hamid Bagheri
... Wearable apps: Multiple work studied availability and adoption of wearable apps [3,11,12] by analyzing app metadata, source codes and binaries, app-store reviews and permissions. In contrast, we focus on the network communications initiated by SIM-enabled wearables and use the traffic characteristics to study user and app behaviors. ...
Recent advances are driving wearables towards stand-alone devices with cellular network support (e.g. SIM-enabled Apple Watch series-3). Nonetheless, a little has been studied on SIM-enabled wearable traffic in ISP networks to gain customer insights and to understand traffic characteristics. In this paper, we characterize the network traffic of several thousand SIM-enabled wearable users in a large European mobile ISP. We present insights on user behavior, application characteristics such as popularity and usage, and wearable traffic patterns. We observed a 9% increase in SIM-enabled wearable users over a five month observation period. However, only 34% of such users actually generate any network transaction. Our analysis also indicates that SIM-enabled wearable users are significantly more active in terms of mobility, data consumption and frequency of app usage compared to the remaining customers of the ISP who are mostly equipped with a smartphone. Finally, wearable apps directly communicate with third parties such as advertisement and analytics networks similarly to smartphone apps.
... We call this case permission mismatch problem. Implication: As a result, a wearable app that suffers from the permission mismatch problem cannot grant its permissions which may lead to one of the following problems; 1) the wearable app fails to be installed on the wearable device, 2) throws a security exception and/or crash the app [25]. Additionally, the permission mismatch problem is particularly problematic since: 1) it does not raise compilation errors or print any log messages; 2) it runs normally on the emulator or any wearable devices using Android Debug Bridge (adb); 3) it is not automatically detected as a problem by the IDEs, including Android Studio; and 4) it is hard to catch since it affects only the devices that run with API level lower than 23. ...
Wearable devices are becoming increasingly popular ; these devices host software that is known as wearable apps. Wearable apps could be packaged alongside handheld apps, hence they must be installed on the accompanying device (e.g., smartphone). This device dependency causes both apps to be also tightly coupled. Most importantly, when a wearable app is distributed by embedded it in a handheld app, Android Wear platform requires to include the wearable permission also in the handheld app which is error-prone. In this paper, we defined two permission issues related to wearable apps-namely permission mismatches and superfluous features. To study the permission related issues, we propose a technique to detect permission issues in wearable apps. We implement our technique in a tool called PERMLYZER, which automatically detects these permission issues from an app's APK. We run PERMLYZER on a dataset of 2,724 apps that have embedded wearable version and 339 standalone wearable app. Our result shows that I) 6% of wearable apps that request permissions are suffering from the permission mismatching problem; II) out of the apps that requires underlying features, 523 (52.4%) of handheld apps and 66 (80.5%) of standalone wearable apps have at least one superfluous feature; III) all the studied apps missed a declaration of underlying features for one or more of their permissions, which shows that developers may not know the mapping between the permissions they request and the hardware features. Additionally, in a survey of wearable app developers, all of the developers that responded mention that having a tool like PERMLYZER, that detect permission related issues would be useful to them. Our results contribute to the understanding of permissions related issues in wearable apps, in particular, proposing a technique to detect permission mismatch and superfluous features.
Wearable devices based on the Android system are developing rapidly, but the research on their application security is still lacking. Therefore, this paper designs an Android wearable application security analysis system-PMMSA. PMMSA first conducts permission matching analysis of smartphone and wearable device applications to ensure the safety of application installation. Secondly, it performs malicious application similarity analysis on wearable endpoint applications to ensure the security of application usage. In the study of malicious application similarity analysis, due to the small number of Android wearable applications, this paper proposes a binary adjacency (BA) oversampling method to expand the number of applications. In addition, we propose the C-M-KNN model to compare the similarity of wearable devices and malicious applications, which uses KNN as the base analysis method. To reduce the detection time, we introduce the mean center strategy. We also introduce convolutional neural networks to improve the accuracy of MC strategies. The experimental results on Google Play Store and VirusShare datasets show that 41 apps have permission mismatch, and the false positive rate of benign samples of Android wearable apps is 1.55%.
