Analysis And Improvement Of Android Application Access Control Mechanism

Since the official release in2007, Android develops very rapidly in Mobile Internet as the role of an open-source mobile operating system. In2010, It catches up with iOS which developed by Apple in the aspect of market sharing. The development of Android is inseparable from the support of its open source community, its openness helps it attract a large number of end-users and application develops.However, with the rapid development, Android exposes some security issuses, including its own vulnerabilities and attack cases. Its own vulnerabilities include information disclosure via log IPC (Inter-process Communication), unprotected Broadcast Receiver, intent injection attacks and no restricted operation of SDcard. Some current attack cases are list below:high SMS transmission, malicious depletion of battery resources, the leakage of private information via Bluetooth or the like. Android has to face the challenges from the security after it has a large number of user groups. Only can it do well in aspect of security to own users’trust that it can own more marketing and go further.This paper focuses on the security of Android and aimes at the Android application access control mechanism. Through research of some materials aboard and a detailed analisis of the Android application access control mechanism, we find out the inadequacies of the mechanism. This paper mainly solves the problem that some applications from third-party markets applying for excessive or dangerous permissions during the installation.This paper designes and realizes an Android application security assessment method based on permission model which can find out the potentially malicious application by verify the permission information carried by APK file before installation. If judged malicious, users can determine to abord the installation. Such improvement can reduce the danger towards users of Android equipment caused by malicious applications.This paper describes the module of the malicious applications judgement that is beyond to the Android application access control mechanism and meanwhile analyzes the principal and key points of the realization of the module.