Malicious Android Applications: Risks and Exploitation

According to a Gartner study (Gartner, 11/2010), Android is now the No. 2 worldwide mobile operating system and will challenge Symbian for No.1 position by 2014. In addition to Android's large market share, the number of Android applications is growing at a fast rate. There are currently more than 100,000 Android applications available (Techeye, 26/11/2010).With the increasing numbers of applications available for Android; spyware is becoming a real concern. Several malicious applications, ranging from fake banking applications to an SMS Trojan embedded into a fake media player, have already been discovered on the Android Market since the beginning of this year. However, there are other forms of malware that may also emerge. What about hiding spyware in the background of a well-known application? For example, imagine an application claiming to be the latest version of a famous Twitter client, which actually runs spyware in the background and uploads all private data to the attacker.The purpose of this paper will be to explore a new form of Android spyware development using reverse engineering techniques and provide real case attack scenarios. Reverse engineering will be used, because most users do not check the permissions of the applications loaded onto their mobile device. Even security professionals admit they do not often check permissions of their Facebook or TweetCaster applications.