Table of Contents Author Guidelines Submit a Manuscript
Mobile Information Systems
Volume 2018 (2018), Article ID 6020461, 9 pages
https://doi.org/10.1155/2018/6020461
Research Article

The Dangers of Rooting: Data Leakage Detection in Android Applications

Department of Computer Science, Università degli Studi di Milano, Via Comelico 39/41, 20135 Milano, Italy

Correspondence should be addressed to Andrea Visconti

Received 31 July 2017; Revised 11 October 2017; Accepted 28 November 2017; Published 1 February 2018

Academic Editor: Jinglan Zhang

Copyright © 2018 Luca Casati and Andrea Visconti. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

Mobile devices are widely spread all over the world, and Android is the most popular operative system in use. According to Kaspersky Lab’s threat statistic (June 2017), many users are tempted to root their mobile devices to get an unrestricted access to the file system, to install different versions of the operating system, to improve performance, and so on. The result is that unintended data leakage flaws may exist. In this paper, we (i) analyze the security issues of several applications considered relevant in terms of handling user sensitive information, for example, financial, social, and communication applications, showing that 51.6% of the tested applications suffer at least of an issue and (ii) show how an attacker might retrieve a user access token stored inside the device thus exposing users to a possible identity violation. Notice that such a token, and a number of other sensitive information, can be stolen by malicious users through a man-in-the-middle (MITM) attack.