Efficient Protection of Android Applications through User Authentication Using Peripheral Devices

Android applications store large amounts of sensitive information that may be exposed and exploited. To prevent this security risk, some applications such as Syrup and KakaoTalk use physical device values to authenticate or encrypt application data. However, by manipulating these physical device val...

Full description

Saved in:
Bibliographic Details
Published in:Sustainability 2018-04, Vol.10 (4), p.1290
Main Authors: Kim, Jinseong, Jung, Im
Format: Article
Language:English
Subjects:
Data processing
Electronic commerce
Mobile operating systems
Security
Security aspects
Smartphones
Social networks
Sustainability
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Android applications store large amounts of sensitive information that may be exposed and exploited. To prevent this security risk, some applications such as Syrup and KakaoTalk use physical device values to authenticate or encrypt application data. However, by manipulating these physical device values, an attacker can circumvent the authentication by executing a Same Identifier Attack and obtain the same application privileges as the user. In our work, WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup were subjected to the Same Identifier Attack, and it was found that an attacker could gain the same privileges as the user, in all five applications. To solve such a problem, we propose a technical scheme-User Authentication using Peripheral Devices. We applied the proposed scheme to a Nexus 5X smartphone running Android version 7.1 and confirmed that the average execution time was 0.005 s, which does not affect the other applications’ execution significantly. We also describe the security aspects of the proposed scheme and its compatibility with the Android platform and other applications. The proposed scheme is practical and efficient in terms of resource usage; therefore, it will be useful for Android users to improve Android application security.
ISSN:2071-1050
2071-1050
DOI:10.3390/su10041290