• Skip to main content
  • Skip to after header navigation
  • Skip to site footer
ERN: Emerging Researchers National Conference in STEM

ERN: Emerging Researchers National Conference in STEM

  • About
    • About AAAS
    • About the NSF
    • About the Conference
    • Partners/Supporters
    • Project Team
  • Conference
  • Abstracts
    • Undergraduate Abstract Locator
    • Graduate Abstract Locator
    • Abstract Submission Process
    • Presentation Schedules
    • Abstract Submission Guidelines
    • Presentation Guidelines
  • Travel Awards
  • Resources
    • Award Winners
    • Code of Conduct-AAAS Meetings
    • Code of Conduct-ERN Conference
    • Conference Agenda
    • Conference Materials
    • Conference Program Books
    • ERN Photo Galleries
    • Events | Opportunities
    • Exhibitor Info
    • HBCU-UP/CREST PI/PD Meeting
    • In the News
    • NSF Harassment Policy
    • Plenary Session Videos
    • Professional Development
    • Science Careers Handbook
    • Additional Resources
    • Archives
  • Engage
    • Webinars
    • ERN 10-Year Anniversary Videos
    • Plenary Session Videos
  • Contact Us
  • Login

Detecting Over-Privileged Applications by Analyzing System Logs and System Information

Undergraduate #209
Discipline: Computer Sciences and Information Management
Subcategory: Computer Science & Information Systems

Lance A. Allison - Winston-Salem State University, NC


As mobile devices become increasingly powerful, so does the software they run. In recent years Android’s Google Play Store and Apple’s App Store have both surpassed 2 million downloadable applications. With so many applications available, it is no wonder that these stores can only perform a brief vetting process, using primarily a static analysis of code. This limited vetting process can lead to malicious applications that may be abusing their privileges or collecting personal information without the user’s knowledge. To counter these attacks Apple and Android both implement similar permission systems to limit an application’s access to files or personal data unless given consent by the user. Although, these are often overlooked by the average user and approved once and forgotten. Thus, the goal of this research is to create applications that can be installed on both mobile platforms that monitor applications in real time to detect over-privileged and over-active applications. This will give users the ability to see what applications are actively doing and can confirm their actions comply with their wishes. With the initial focus on the Android platform specifically, this research outlines methods used to record and access system logs, events, notifications and other information in real-time, along with steps to analyze and review this information for mobile devices on the go. A key method used and tested in this research is by calling and analyzing Android’s DumpSys service. DumpSys is essentially an image of all system information on a current device, including a wide range of information such as; CPU usage, memory allocation, system broadcasts, current permissions, and many other statistics. After recording a system dump this monitoring application will analyze and detect over-privileged applications This is done by comparing active system broadcasts and logs to the permissions that have been approved. Another method being tested which may be included in the final application involves a process of pulling individual logs for each application and then sharing these logs with the monitoring application. After the Android monitoring application is finished, there will be tests performed to analyze the power usage of said application running such a system, and to define an overall impact on battery performance. Future work will include an Apple iOS application that will perform the same actions of actively monitoring and analyzing application privileges, although this will require different methods.

References: F. Adrienne, Porter, C. Erika, H. Steve, S. Dawn, and W. David. Android permissions demystified. In Proceedings of ACM Conference on Computer and Communications Security (CCS), 2011.
Slavin, R., Wan, X., Hosseini, M., & Heste, J. (2016, May 14). Toward a framework for detecting privacy policy violations in android application code. ACM 38th IEEE International Conference on Software Engineering, 25-26. Retrieved from 2016 IEEE.

Funder Acknowledgement(s): This study was supported by NSF grant #1332531 that was awarded to Dr. Fuad.

Faculty Advisor: M. Muztaba Fuad, fuadmo@wssu.edu

Role: All of the research, with discussion meetings with my mentor, Dr. M Fuad.

Sidebar

Abstract Locators

  • Undergraduate Abstract Locator
  • Graduate Abstract Locator

This material is based upon work supported by the National Science Foundation (NSF) under Grant No. DUE-1930047. Any opinions, findings, interpretations, conclusions or recommendations expressed in this material are those of its authors and do not represent the views of the AAAS Board of Directors, the Council of AAAS, AAAS’ membership or the National Science Foundation.

AAAS

1200 New York Ave, NW
Washington,DC 20005
202-326-6400
Contact Us
About Us

  • LinkedIn
  • Facebook
  • Instagram
  • Twitter
  • YouTube

The World’s Largest General Scientific Society

Useful Links

  • Membership
  • Careers at AAAS
  • Privacy Policy
  • Terms of Use

Focus Areas

  • Science Education
  • Science Diplomacy
  • Public Engagement
  • Careers in STEM

Focus Areas

  • Shaping Science Policy
  • Advocacy for Evidence
  • R&D Budget Analysis
  • Human Rights, Ethics & Law

© 2023 American Association for the Advancement of Science