II INTERNATIONAL SCIENTIFIC CONFERENCE OF YOUNG RESEARCHERS

618 

Qafqaz University

AZƏRBAYCAN 

According to the February 2014 statistics, Android has the greatest OS market share on both smartphones and tablets. If 

Android affect millions of people worldwide who use their devices for personal reasons. In addition, more and more 

corporations and governments are offering their employees corporately administrated Android devices. Therefore, using 

Android insecurely can also devastate corporations and governments - costing them millions or even billions. 

Technically speaking, Android is a Linux distribution, because it is built on the Linux kernel. Therefore, we set a 

number of user accounts for our friends and people we work with. We set limited permissions on their accounts. They can 

download files from the Internet to their own folders only. They can read, write, and delete files from their own folders 

only. They may not uninstall any applications without our root passwords. They may only view their own files in their own 

folders. Finally, they may not change any OS settings or configurations. 

The odd thing about Android is, instead of actual people having user accounts with associated permissions, the 

applications themselves each have their own sets of "user permissions." In Android, instead of people having user accounts, 

and permissions, apps have user accounts and permissions. Each app, including Android OS components, has its own 

unique user account. 

Regardless of version of Android, every time you install an Android app (an APK file), the Google Play will show you 

which permissions the app asks for. Usually, you cannot select which permissions you grant to an app. You usually can only 

decide whether or not to install an app, based on the permissions it asks for. All versions of Android are designed so you 

cannot change the permissions granted to the apps you have installed without doing some degree of hacking. 

Due to the weakness in Android's permission architecture, apps could gain access to functionality without a user’s 

knowledge or consent, upload personal data - such as private photos or documents to a remote server. There are more than 

135 official permissions, and it has been a challenge in communicating the actual scope of each permission to both the 

developers and users. This creates rooms for exploitations; malicious applications disguise themselves amongst the 

hundreds of thousands of normal ones. 

When you download an app from Google Play Store, you see an alert that explains what information that app will be 

able to access once you install it on your phone; for instance, the alert will indicate whether the app needs to access your 

contacts list, or connect to the Internet. An app cannot use any part of the phone that it does not have permission to access, 

and the developer sets these permissions when it first submits the app to the Play store. 

Even if you were to read the alert, you may not come away with much information. The permissions list can be 

extremely unclear and unhelpful. An app can request permission to use network connection, for example, but the user is 

never sure what it's actually using that connection for. 

In late February 2012, the