PRAST: Using Logic Bombs to Exploit the Android Permission Model and a Module Based Solution

Document Type

Conference Proceeding

Publication Date


Publication Title

MALWARE 2018 - Proceedings of the 2018 13th International Conference on Malicious and Unwanted Software

First Page


Last Page



Android, APKs, Dangerous Permissions, DEX, Logic Bombs, Malware, Mobile, OS, Permissions, Runtime Check


© 2018 IEEE. Android security implements a permission model to protect a user's most sensitive data. These permissions regulate an app's access to different aspects of the device, however, a fatal flaw of Android's permission model is that it relies on the discretion of the user to determine which apps are granted permissions and which are not with limited assistance in their choice from the device. As a result, a specialized type of malware known as a logic bomb has affected Android devices. These logic bombs are designed to execute malicious code when activated by triggers, and can be designed to take advantage of users who poorly vet their applications or even hide themselves inside applications that appear to be benign. On Android, logic bombs usually carry out malicious intent by violating permissions, using a permission for some activity the user never intended. We have found 18 different permissions that applications can violate to carry out some form of malicious intent, and have developed an app, called HyenaDroid, to violate each of these permissions and create logic bombs. This provides evidence that the current Android security revolving around permissions is in need of either an update to the permissions model, or an additional system to assist the user with navigating the Android permissions model. Our research also proposes such a system, PRAST. PRAST is designed as a modular system, combining a level of efficiency that can be run during the download on an Android device, along with the effectiveness and accuracy of external analysis systems.

This document is currently not available here.