Impact of Permission in Android on Data Security

Android is an application platform for mobile devices with an advance and moderate frequent feature of operating systems. It includes all software systems, software package frameworks, and core programs. This platformpermits to collect and verify important personal information concerning the user/client through untrusted apps. However, to install an application, the device feature uses permissions that are allowed by the user. The user has an attribute to research permissions and aborts the setup if the permissions are unfriendly or unrestricted.Android permission analysis schemes play a major and important role in securing important information and privacy of usersfrom unbearablebehaviors of untrusted android permission apps within the aspect of securing purposes. This survey tries to handle and deal with the android permission application permissions related to security and privacy challenges. It includes various research articles published in computers and security, digital investigation, decision support systems, systems and software security, and information forensics journals in the last 10 years. The survey includes the subsequent prior considerations, analysis problems motivated by the theme, the methodology used, the ability of result analysis conducted, and mechanical man options thought-about for performance analysis.

promptly as much as they can.The internet has created multiple issues for clients for securing user's data privacy that includes threats and vulnerabilities.[9,10] from affected phones to premium-rate phone numbers without even knowledge of the user/client.Because of this, the user's data from mobile is being sent to unauthorized third parties without any permission fromthe user.[11,12].This researchadds the previous reviews and work by extending the scope of malware/vulnerabilities development and Android security issues.The permissions given by the defined smartphone are checked and compared, and these permissions are granted accordingly.This work consists of a detailed literature survey.Sections 2 and 3 discuss the background literature of permission analysis and its implementation in android.In Section 4, attacks are presented through permission techniques, and consequently, Section 5 deals with the methodology of permission analysis.Section 6 analyzes the approach for the literature review.In Sections 7 and 8, exclusion criteria and data extraction are studied, respectively.Section 9 discusses future research directions, and the last section finally concludes this paper.

Literature Survey :
Today Mobile Technology is being largely used in the world for different purposes which have advantages and disadvantages both [13].Since 2008 the usage of mobile technology has beendrastically increasedday by day includingimportant and personal data like a gallery, videos, debit card details, SMS messages, WhatsApp chat history, etc can be easily stored in the mobile memory [14].In the market,there are a variety of smartphones with different and moderate features of advanced operating systems.Google has given freeware license to the Android mobile operating system available in many smartphones through which they can easily install multiple apps.According to Google's information 1.3 million, Android devices are activated daily for different various purposes, but securing its privacy is an important and needed issue of today's [15].Gartner has reported in his prior that Google's Android has successfully grabbed 82% of the market during2016 [16].In 2016 total of 432 million mobile deviceshas been sold out from which 352 million mobiles were using advanced and moderate Android operating system features [17].With the great success and triumph of the Android operating system, it is also dragged and diverted to vulnerabilities and malicious/malware attacks of the third party by getting the access of privacy permission without an acknowledgment of user which becomes a more concerned area of different big organizations and companies.According to the Google Android Security Report, a total of 655 abrasive vulnerabilities/malicious were found in 2016 which has affected the daily life of users [18].A total of 316 vulnerabilities were found in the Android operating system in 2017 which is highercompared to any other operating system in smartphones [19].According to Cisco's report 98% of the malware target the Android platform [13].An increasing malware attacks day by day there should be a permission access application to secure client/user privacy data The venerable/malware attacks in any application either installed by the user or installed on another mobile without the user's permission are performing various functions without the user's knowledge [18].The main purpose of the third party/malware attacks is to access thepersonal data from the mobile devices, unlocking the mobile devices, sending and receiving SMS/MMS forknowledge ofconfidential information, making calls on the client's numbers and his friends for threat purposes, share the confidential important information through GPS [13,14].According to the previous studies, there are different researches carried out that characterize various existing.
According to previous research,there are also undertaken to characterize existing Android malware.A project named Android Malware Genome was undertaken to characterize existing Android malware [20].
According to previous research in 2022 the security impact of vendor customisations on Android devices by designing SEFA analysis framework..This tool performs several Android Malware can be categorized into different categories based on performing functions [21,22]like Spyware, Trojans, Virus, Phishing Apps, Bot Process, RootKits.As per prior research, the table represents a list of top 10 Android Malware Families with their descriptions and capabilities [23][24][25].
Here top 10 Android Malware Families are taken to study the most recent famous malware.

No Malware Family
Description Capability

2-Background Informationin Permission Analysis :
Static and dynamic analysis are two various types to detect malware.Somesignificant features are being removed from an app during static detectionand analyzed before the app is executed, [26,27] while in case of dynamic detection which is quite opposite to the static wherethe app is executed throughthe simulator and decided accordingly to the log files.[28,29] Both types have some advantages and disadvantages as briefedin Table 1.

Static analysis
We candetect malicious/venerablebehaviorsthrough code segments by static analysis.Although it needsa minimum duration period and resources as it does not get indulge in the execution of the applicationcompared to other analysis techniques for Android malware/malicious detection.[30,31].By using this technique, we can withdraw some important features without installing the application on a device or emulator.However, this technique has an indicative downside of code obfuscation and dynamic code loading.Code obfuscation makes the pattern matching unable of detecting unpredictably.On the hand side, the advantages of static analysis are that it can detect possible security violations, runtime errors, and logical inconsistencies [32,33] The permissions of API calls are usually used as static features as shown in Figure 1.The two main approaches for static analysis are signature-based and permission-based.

2.1.1Signature-based approach
This technique is also known as the misuse detection technique.The commercial anti-malware products are mostly used for the signature-based malware detection approaches.This technique gives an antique signature and removes all semantic patterns and formats.Signature-based recognition is very beneficial for the already known malware, but the biggest problem and disadvantage of this approach are that it cannot identify the unknown malware types and its source.Although the maximum malware sourcesremain undetected through this due to the incomplete signature database, while we have detected the malware, its variants are required to be instantly updated.[34,35]

Permission-based analysis
The permission-based analysis is required where permission requested by an application/user showsa major role in accessing rights.Permission is requested by the applications in their manifest file.Android permission overwhelms the required access to the application data.The data stored in the mobile cannot be accessed without the permission of the user/client.An important file is present in the root directory of AndroidManifest.XML, which stores all information related to the application of the Android system.[36,37].The permission process should be working effectively and smoothly before allowing the application to get the required asset.Specifically, agreement for any defined particular application in any case agreements for every single proclaimed permission is not required.It just verifies the show document and noof different records.[38,39].

2.1.3Resources Based Static Analysis
Resources used in the application arestored in aresource file named AndroidManifest.xmlfile which contains all requiredinformation [14].User interfaces modules hold resources of an application like menus, layout widgets,etc [14].The AndroidManifest.xml file is present in the APK file.User interaction from these user interfaces is needed in malware running in the background [14].So the user interfaces ll'be completely and properly analyzed.

Components Based Static Analysis
There are several componentsof AndroidApplications like Content Providers, Services, Intents, Activities, and Broadcast Receivers [14].Information related to these components is stored in the AndroidManifest.xmlfile.At the background services, there are some malware running, gaining information about activities, Receivers,and intents.[14].To analyze these components is also very much important for detecting malicious behavior and its sources

3-Dynamic analysis
By using dynamic analysis, we can test and evaluate data in real-time.The main purpose of this analysis is to repeatedly examine offline code and to detect the run-time error.By executing the application, we can evaluate the malware during dynamic analysis.[40,41].As we compare dynamic analysiswith static analysis, this approach is more baffled and intricate as resource action is performed in the real environment.This analysis could be beneficial inloadingthe required information to determine the application behavior during runtime.By using a dynamic behavioral detection method many machines like Sandbox, virtual machine, and other forms of operation environment are constructed.By stimulating the execution of the application, we can obtain an application behavior model [42,43].There are two main approaches for dynamic analysis: anomaly-based and taint based.

Anomaly-based detection
To detect malicious behavior, the function of this approach is reliable on the machine learning algorithm.By using features from the existing malware to train the model that predicts unknown malware.It requires a lot of effort and resource Applications (apps) installedfor identifying the malicious behavior in the system to perform an in-depth analysis of malware detection.The biggest disadvantage of this process is that, if it requires more system calls, then it classifies for the legitimate application. [44]

Taint analysis
Taint analysis checks the user's input and modifies the different variables accordingly.The only reason behind being one of the most used methods is that it focuses on those appsonly that are shared to get sensible important information.Dynamic taint analysis is a scientific technique that is used for this approach followed by Taint Droid.This technique is called taint, which marks the data of interest with an identifier.When information is being used, the taint stays with this information [45].The Train Droid provides a system-wide data stream for tracking Android.The multifeatured sensitive data like headphones, high pixelcamera, and GPS can also be tracked by this method.Taint Droid isused for tagging important and sensitive data and information.Through any channel, Taint Droidcan record the tagged data from the system.[46,47] The major withdraw of this system is that it cannot down track data that leaves and returns the channel.

Call graph construction
Established algorithmsignore open-package assumption utilization situations, which is the reason that the expansion code is not considered while separating remain private application.Therefore, the expansion code can deal and reply direct call conditions between library strategies that are not obvious from the class chain [48] The abbreviated call graphs for permission analysis is depicted in Figure 2. The UI string transitively calls toString() on every instance of painting JList.AbstractMap.toString() is called by giving the custom HashMap usage as substance, which does no supplant toString().This method repeats over the passage set and calls getValue() in every section.The essential thing of the section set is the aggressor's link case.Like this, it effectively calls Expression.GetValue() that brilliantly summons System.Set SecurityManager (null).To methodically discover exploitable callback executions, a static exam should watch that there is no assailant callable strategy present, which transitively calls sensitive support without appropriate cleaning or permission checks.In any case, the static examination desires to do furthermore not forget that calls to callbacks are made plans to all workable put stock in executions.
Cutting aspect name-chart calculations exclude a call part from name locales of Entry.GetValue() to the method Expression.GetValue().However, this part is needed to find out about the attack, which should be exhibited in the right ways.If this edge is incorporated, information flowtesting and searching for unguarded ways to delicate activities are empowered to distinguish the vulnerability. [49]

3-PERMISSION IMPLEMENTATION IN ANDROID APPLICATIONS
In the Android software program stack in which the Android framework degree, within the Android framework stage, a large portion of the contents are authorized.By using a supplementary series ID, some kind of permissions isdecided at the kernel level.It is allowed to use a supplementary organization ID if the application is part of a group to obtain all of the privileges of that particular institution [50,51].By using the permissions declared in the programs that take place to file, the organizations are arranged.

-ATTACK OF PERMISSION ESCALATION
The permission attacks are categorized and elaborated in Figure 4.There are two types of permission escalation attack Confused deputy attack and collision attack.Privileged benign applications are in unprotected interfacesthatexploit and declare the vulnerabilities/malware by confused deputy attack.[54].Tobuild a combined set of permissions, the collusion attack can be admitted by multiple applications.This allows us to represent malicious/malware actions by an unauthorized performance [10].There are two categories of collusion attacks (1)direct collision attack (2) indirect collusion attack.These two categories are used for interconnecting with each other.By using direct collusionway communication applications can be performed indirectly.Another category indirect collision attack is used where the application communicates with the third application.[55].Certain information that is like files, buffers, and input-output devices is holdingby overt channels.Shared preferences, UNIX socket communication, and system logs are few other examples of overt channels.[56,57].The covert channels are used objectsforcommunication which aremostly unplanned.These objects are applied for covert channels with the Android's middleware layer bypass.At last, it is observed that the low throughput of a covert channel is suitable to exchange private data and communication [38,58]

Static analysis-based approaches
Some major static analysis-based approaches from 2007 to 2019 are mentioned in Table 2.In 2014, Fang et al64 has investigated the various android security issues developed by permission-based mechanisms.They have also reviewed the workshop measurementon such issues based on their technical features.Android framework which is flexible fine-grained permission models can be improved by developing data-driven methods for strengthening the android securityrather than irrespective of the current model that is based on coarse-grained and inflexible permission models, Talha et al [59] has proposed a permission-based Android malware detection system called APK Auditor to maintain the consistency between application intentions and system implementations.The system uses a static analysis technique for classifying android applications into benign or malicious.This system consists of three different parts, 1-a signature database, 2-an android client, 3-a central server.The signature database stores to execute data on applications as well as analytical results, whereas the android client is used by the end-users to give application analysis requests.The central server manages the whole analysis process by communicating with the database and the android user.Song et al [60]has integrated the static detection method with the analysis framework where only the static detection method can result in a high false rate and also the scope is limited.The proposed approach consists of four filtering layers, namely, the message digest values, combining malicious permissions, the dangerous permissions, and dangerous intentions.Rashidi et al [61] has proposed RecDroid that provides a user-help-user environment for the android permission control.It is a crowdsourcing recommendation framework that combines the expert users' responses and then recommends it to the inexperienced and untrained users.Seshagiri et a [62]has proposed a static approach, namely, Amrita Malware Analyzer.This framework detects the malicious code by performing plaintext attacks using strings contained in the malicious web pages.Sokolova et al [63] has proposed a five-step methodology for finding the patterns of each category.The category patterns and key permissions are found using graph analysis metrics by modeling the required permissions as a graph.

No Research paper and year Application 1
Balzarotti et al [64]and 2007 Analysis of web-based applications.

2
Basin et al [65]and 2009 Automated analysis of security and design model 3 Stolpe[66] and 2010 derogation Permission-based on the notion.

4
Jeon et al [67]and 2012 Fine-grained permissions in Android applications 5 Zhou Jiang [68] and 2012 To identify certainly malware application

6
Zhang et al [69] and 2013 Screening undesirable behaviors in android apps 7 Fang et al [70] and 2014 To refer the concerns in android security 8 Talha et aI [59]and 2015 Static analysis to portray method characterize Android applications 9 Song et Rashidi et aI [61] and 2016 Real-time expert recommendations Incorporated static location an examination system for Android 10 Rashidi et al [61]Real-time and 2016 Rashidi et al67 Real-time expert recommendations and 2016 11 Rashidi et al [61] and 2016 Real-time expert and 2016 12 Sokolova et aI [63] and 2017 Sokolova et al69 Android application classification and 2017 anomaly detection 13 Li et al [71] and 2018 Significant Permission IDentification (SigPID), a malware detection system based on permission usage analysis to cope 14 Liu et al [72]and 2019 Alde that influences the Xposed framework to accomplish analytics libraries in other apps TABLE 2 Analysis method based on static analysis

Dynamic analysis-based approaches
Some major dynamic analysis-based approaches from 2007 to 2019 are mentioned in Table 3.In 2013, Zhang et al [69] has proposed a dynamic analysis platform, namely, VetDroid.The VetDroid is used to have permission to use behaviors by identifying the valid authentication permission and Invalid authentication permission through verification of correct permission information.It is also used in detecting privacy leak, analyzing fine-grained causes of data leaks, and detecting susceptibility in regular applications.Min and Cao [73] have proposed a runtime-based behavior analysis system for detecting the android malware and venerability by privacy leak.According to research done, the traditional method, ie, the signature-based method is not good enough for malware detection.During the research 350 applications have been analyzed from a third party.Petsas et al [74] has investigated the anti-analysis techniques that can be used by malware rather than using dynamic analysis approaches.These techniques are based on three different categories, viz, static properties, dynamic heuristics, and VM-related complexities of the Android emulator.Further, they proposed some countermeasures like modifying emulator, accurate binary translation, and hardware-assisted virtualization for improving dynamic analysis resistance against VM detection evasion.Abah et al [75] has proposed a device monitoring system for an unrooted device.The system is used for collecting application data that is then used to feature vectors.These feature vectors briefed the behavior of application for detecting the malware/malicious.Ab Razak et al [76] has developed a behavior-based anomaly detection system to detect the deviation in the application's network behavior.The system is used to control network traffic by monitoring suspicious network activities.The semi-supervised machine learning techniques are used for learning the normal behavior of the application.The system is used to detect mobile malware that cannot be identified by a signature approach or by static or dynamic analysis method.Thanigaivelan et aI [77] have proposed a context-based dynamically reconfigurable access control system (CoDRA).The code uses feature-based policies that control resource access and policy granularity.The policy enforcement wasimplemented by combining application behavior and resource features.The code uses static as well as dynamic constraints, unlike the tradition that uses only static constraints on application activities.
1 Centonze et al [78] and 2007 Automatic identification of precise access control policies Zand and Ahmadian [79] and 2009 Application of homotopy analysis 2 Blaschke [80] and Image analysis for remote sensing Blaschke74 and Image analysis for remote sensing 3 Isohara et al [81] and 2011 Android malware detection based on kernel 4 Min and Cao [73] and 2012 Malware detection in Android by runtime based behavior analysis of dynamic 5 Amos et al [82]and 2013 Android malware identification by applying method machine learning classifiers 6 Petsas et al [83] and 2014 Hinder dynamic analysis of Android malware 7 Abah et al [75] and 2015 Anomaly-based malware detection 8 Ab Razak et al [76] And 2016 Application network behavior by the web application 9 Idrees et al [84] and 2017 Permission-and intent-based framework for identifying Android malware apps 10 hanigaivelan et al [77] and 2018 Context-based dynamically reconfigurable access control system for Android 11 hmad et al [14] StaDART and 2019 analyzes the arguments of reflection APIs without framework modification TABLE 3 Analysis method based on dynamic analysis

Methodology
In figure 5 shows the process of the Literature survey Called SLS (Systematic Literature Survey) this survey is completed with following  In the beginning, we identify the research questions and explore the topic which is covered in SLS and try to diagnose the relevant data  In the 2 nd step, we try to identify the keywords and search them which help us to find the most Important journals inside the magnitude of this SLS  The searching mechanism operates by two elements the first element is based on prominent generation storage facilities. 2 nd one highlights the methods of separation from leading perceptions which has two parts diaries and meeting paper. Expulsion stander is applied to the listed items to confine our analyses to exceptionally relevant papers, in this way sifting through papers of likely restricted intrigue  consequently, results from both the tests merge in the list of publications to survey.Conclusively, future research is discussed.

Research questions
RQ1.Identify the significant risk levels for permissions while considering the repetition of an event in spiteful and typical applications?
Ans -Few Android sanctions have been officially given by Google.To characterize, a threat level is an essential part of the Android permission.The danger level depends on the event of permission in the malware and programming sets.To assimilate spiteful activities, the risk level should be considered to be.
RQ2.In which situation a profile Android application be applying dangers provided acceptance on resources?Android integrates the chance to gather permission as indicated by the benefit to get to and to a specific station to capture messages being received by the client or to send messages for the benefit of the client the permission that enables the messages to the client.This gathering also contains permissions, which can be utilized to profit without their immediate association.In any case, amid the establishment, it is just the gathering, which is shown to the client, which implies that the client awards consents, for example, READ_SMS and others that are obscure.
RQ3.How machine learning and Android profiles help in malware detection?
Machine learning-based frameworks using Android profiles help in designing Android tests that categorize the rules as typical or malicious.
RQ4.What will be the security concerns?During the Analysis, two security features have a concern.Some broad measurements and possible smaller parts are collected for investigation furthermore security issues presented with best possible solutions

Search strategy
In the research strategy, keywords and data sets are used for finding the most suitable publications.

1)
Search keywords Analysis projects are formed by using search keywords, key aspects of permission analysis, and key aspects of static and dynamic analysis, which are used in our analysis.These search terms are shown in Table 4 2) Search data sets Data search is based on the storeroom and is additive by check beside top venues in Security.For collecting the substantial productions, a repository search is proposed and the best scene check applies just as the Verifying data process.

3) Repository search
Science Direct, Springer Link, IEEE Xplore Digital Library Web of Knowledge, Wiley Online Library, ACM Digital Library, Taylor and Francis, and Inderscience are the well-known Digital repositories to find the data sets of publications in the first attempt.Since now and again repository, the search engine highlighted a point of the enclosure to count hunt result meta-information download by a person.The pursuit string is taken into highlighting and emphasizing the point when we gather all relative metainformation of distributions.Science authorizes data gathering on the first thousand things from its inquiry items.Terribly, in search string which we established in advance; we get more than 10 000 results on this repository.

Top venue
We collect all applications in one account to ensure the repository search items are calculated in this paper.We have taken the main 27 venues for the SLR where 19 venues are from the software engineering and computer applications while the other eight venues are from the security and privacy field.Table 5

Proposed solution and conclusion
Permission-based analysis and fundamental characteristics of Android malware analysis are presented in this paper.Permission analysis is a progressing approach through which many security issues have been highlighted and rapidly developing application code statically.For this review, 100 research articles are gathered, which are already published in security and privacy journal and conferences for different programming languages with software engineering methodology.The Android permission protocol is having severe security implications because the real-world Android application study confirms the findings but the Android permission protocol has several flaws.The various cases permit the attacker to evade the permission checks entirely.Although, we have covered application permission-based malware a new type of malware family is developing as the android market is growing very fast.A large-scale study on the above topic might give more clarity to the subject.It is also required to study a category that includes users too so that permissions can categorize more precisely

Figure 3
illustrates that the Bluetooth, digitalcamera, and the Internet which need permissions canbe decided atthe kernel level.Communication list enforced inside the Android framework stage by group ID and other permissions such as SMS and MMS that are used in retrieving[52,53]

Static analysis Dynamic analysis Target code execution Not possible Possible Time required minimum maximum Benefits Minimum
cost and Minimum time required.Gives a profoundexamination and higher discovery rate with obscure malware locationDisadvantagesConstrained signature database and can identify within the scope of only known malware types.

Table 5
[85]cates these venues.The papers are taken from the IEEE Xplore, ACM, and Elsevier.In reality, the venues are not intensive on permission analysis of the Android[85]