Mobile device security is becoming increasingly important as the number of devices that are used continues to grow and has surpassed one billion active devices globally. In this thesis, we will investigate the security of Android ad supported apps, security vulnerabilities that have been identified in the way those ads are delivered to the device and improvements that can be made to protect the privacy of the end user. To do this, we will discuss the Android architecture and the ecosystems of apps and ads on those devices. To better understand the threats to mobile devices, a threat analysis will be conducted, investigating the different attack vectors that devices are susceptible to. This will also include a survey of existing work that has been conducted within the realm of Android security and web based exploits. The specific attacks that are detailed in this research are addJavascriptInterface attacks against a WebView used to display an ad and information leakage from the ad URL request. These attack vectors are discussed in detail with applicability and feasibility studies conducted. The results of these attacks will be analyzed with a discussion of the methodology used to obtain them. In order to combat such attacks, there will also be discussion of potential solutions to mitigate the threats of attack from a variety of angles, to include steps that users can take to protect themselves as well as changes that should be made to the Android operating system itself. / Master of Science
| Identifer | oai:union.ndltd.org:VTETD/oai:vtechworks.lib.vt.edu:10919/51231 |
| Date | 27 January 2015 |
| Creators | Tate, Jeremy |
| Contributors | Electrical and Computer Engineering, Clancy, Thomas Charles III, Lou, Wenjing, Levy, David S. |
| Publisher | Virginia Tech |
| Source Sets | Virginia Tech Theses and Dissertation |
| Detected Language | English |
| Type | Thesis |
| Format | ETD, application/pdf |
| Rights | In Copyright, http://rightsstatements.org/vocab/InC/1.0/ |
Page generated in 0.0027 seconds