We summarize the limitations,
which invent the weaknesses, of Android security model and its app-market
ecosystem as follows:
W1: Android adopts an open market model with less unconfirmed
There are lot of other alternative app markets, which impose
no or limited app vetting process.
The security assurance is very limited on such apps.
There exist roads to introducing applications without
including application markets, for example, utilizing the adb tool from a connected
computer. While this gives Android clients more freedom to introduce
applications acquired from non market sources, it represents an additional
malware entry point, mainly to less security-aware users. Consequently, there
is a privileged probability for Android users to unintentionally install malicious
apps in association to those on other walled-garden based platforms.
W2: Android employs an install-time and to a certain extent
coarse-grained permission model:
The install-time permission is on an all-or-nothing foundation:
A user must award all permissions requested by an app, or the app’s installation
will not continue.
The cost of a set of requested permissions may not be fully tacit
by Android users, who have a tendency to simply endorse the permissions.
App developers are likely to swell their requested
Android permissions may not be adequately fine-grained. For
example, it cannot implement domain-based Internet access or partial selective
access to sensitive resources.
There is a need of runtime permission revocation, control
(e.g. replacement of accessed private information, and monitoring/auditing
tool. Hence, once the user installs an app on his/her device, the app can run
and use, or misuse, all its granted permissions. There are no user-accessible
mechanisms to monitor any uses of the permissions.