honeypot on android

8/19/2019 Honeypot on Android

1/19

1

CHAPTER 1

OVERVIEW OF THE APP

1.1 Honeypot

A Honeypot is something that is designed to attract and trap something for its own means and

use. It will sit idle listening and waiting for something of interest to trigger its sensors and

cause a reaction that will produce some information or physical grabbing of its target. The

idea of the Honeypot is all around us, in the natural and un-natural world, even though we

may not see them at first glance. Honeypot are not a new thing but where we are today we

have had to take the natural eamples and adapt them to work for the unnatural application.

1.1.1 Honeypot on Android

In Android, a Honeypot is a little different, but as was said already can be almost the same

depending on the implementation of it that is used. !hat the Honeypot does in android is

monitoring applications activity, it will sit idle listening and waiting for monitoring

bookmarked application in that had installed in the phone. "o that it will detect activity

information which the application installed are interact and grant for access of phone

function, services or data as well.

It will keep on recording the trace left of bookmarked suspicious application. In short,

honeypot on android is a trap set to detect android application in order to collect data, or in

some manner we can take further action to counteract attempts at unauthori#ed use of the

manifest permission by the applications installed. "ince every application is shown, and

which application seems granted a lot of irrespective permission, hence it can determine and

bookmark that suspicious application.


2/19

$

The application will be observed. %nowing our application permissions can help us

better safeguard our privacy and security and prevent unauthori#ed charges. There are a lot of

information collected as a proof and hence we can prevent before seriously loss or harmed

since we know the application irrespective intention, so we can get to know that and take

further action in order to protect our confidential data and unauthori#ed access such as

uninstall the malicious application.


3/19

&

CHAPTER 2

SCOPE OF THE APP

2.1 Project Scope

The application is aimed to be used by the people who want to read and understand more

about their application.

The application is a monitoring tool to help users knowing their application

permissions. It will list out the application permission granted in the different way. The users

are allowed to select the type of view according to the predefined category.

The application is then displays the content to the users. The users can click the

application button to get the detail of the application. If user not trust the applications

installed, user can bookmark the suspicious application to observe it, force close it or

uninstall the application.

The application also provide a suspicious application list which application

bookmarked as suspicious is under observation. The trace left by the application when it

access to the system function is recorded as a proof to discovering the suspicious malicious

intent. However, the application will not warn the user but it keeping recording the

information until it was stop by user.

This application will be developed and tested in laptop by using 'clipse (ars and

tested by Android )irtual *evice (anager. This is a simulator which same with the android

system, so this application is able to be use by android based phone.


4/19

+

CHAPTER 3

MAJOR FEATRES OF THE APP

3.1 E!o"#tion$ry prototypin% &ode"

The evolutionary prototyping obective is to deliver a working system with high satisfaction

level to the end users. In the methodology, the system will be developed through a series of

increments of function because In 'volutionary rototyping, developers can focus themselves

to develop parts of the system that they understand instead of working on developing a whole

system.

igure &.1/ 'volutionary prototyping model. (Source: Chip.” Prototyping Model”. Pg. 48-

49.)


5/19

0

3.1.1 Initi$tion p'$(e

This is the first phase which involves researching and analy#ing the reuirement for the

proect based on a given time period. The problem statement, proect aim, obective, proect

scope, proect ustification and proposal organi#ation had been all well-planned.

3.1.2 An$"y(i( p'$(e

The main activity at this phase is discussed about collect information and system

reuirements through researches from other eisting application. "everal similar systems had

been selected to be compared to find out more ideas and function that can implement in the

proposed proect. The net step is to study how to use the 'clipse for developing android

application. "ince a lot of research has to be done in order to learn to operate the software. A

lot of learning schedule has been planned. The 'clipse supports a few types of programming

languages in order to make a working application. It reuires 'tensible (arkup 2anguage

34(25 file to create the user interface for the application. The learning process is then

continued to learn how to connect the functional button to the 6ava 2anguage. The 6ava

language is used to set the task of the process to be eecuted. The concept of honeypot has to

be analysis and prepared to design in the net stage.

3.1.3 )e(i%n p'$(e

After analysis phase, the maor function of the application is determined and hence that the

designing of the application interface has to be start. The interface is design one by one based

on the application function. Hence, the application interface may easily achieve the function

and obective of the proect. The Interface is aim to be simple and straight forward without

any decoration. The interface is design part by part based on the application function. The

interfaces designed should have a few buttons for users to select which button clicked will

bring users to screen with certain content. The content of the page is first retrieve from the

android system. This application does not need to use Internet access. Hence, the use case


6/19

7

diagram is plotted. The net implementation is to classify the data accordingly. This will

allow users to read and understand the content easily. The application is display in 'nglish

only.

3.1.* I&p"e&ent p'$(e

Implementation is the stage where the physical design of the application is translated into

code. 'ach specification developed during the last stage will be implemented into the overall

application structure. If any problem with the design are discovered the proect will return to

the design stage and create a revised design. The process will then continue checking that

each of the previously implemented features can be satisfied within the new design

framework. In implement phase, activity diagram and class diagram for the application is

plotted.

3.1.+ Te(tin% p'$(e

*uring the testing stage each function implemented in the implementation stage is checked

against its specification to ensure that it performs the correct action. roect test plan is

prepared for the detailed testing in testing phase. The application had been developed and

should test before deliver to the users. The testing is divided into two parts. The first part is to

test the application to check the error and bug that might be in the coding. This testing will be

done by the developer. "econd part of the testing is to ensure the application fulfill the proect

reuirements of the users. The result will influence developer to take any further action to add

or delete any function to the application. *uring the testing stage each function implemented

in the implementation stage is checked against its specification to ensure that it performs the

correct action.


7/19

8

3.1., Prototype p'$(e

The feedback from tester will be analy#ed and the new action will be taken in the net

prototype. 'ach prototype shall be improved and the follow of application will also be

improved in every prototype. !ith the increasing of iteration, the application is to be

determining how successful each part was and to suggest improvements for the future.

3.2 H$rd-$re $nd (ot-$re re/#ire&ent $nd de!e"op&ent p"$tor&

The Honeypot on Android reuires hardware and software to be develop and testing. 9oth

hardware and software has to be able to match with each other to make the application to be

able to run. The list if reuirement is as follow/

3.2.1 H$rd-$re $nd (ot-$re re/#ire&ent

Sot-$re Speciic$tion

!indow :

'clipse (ars

Android "oftware *evelopment %it3"*%5

Android )irtual *evice3A)*5 (anager

*roiddraw

Table &.1/ "oftware specification and reuirement for Honeypot on Android


8/19

:

H$rd-$re Speciic$tion

;omputer

Android *evicesTable &.$/ Hardware specification and reuirement for Honeypot on Android

3.2.2 Pro%r$&&in% 0$n%#$%e

The language will be implement to develop this application is 6ava and 4(2. The 'clipse

(ars reuires 6ava language to develop the android application. 4(2 is used to develop the

user interface for the application and is then connected to 6ava language to set the function of

each button, image button and tet view. "


9/19

=

OPERATI EVIROMET

*.1 Android Arc'itect#re

igure +.1/ Android/ Architecture diagram as presented by >oogle. (Source:

www.google/android architecture)

The basic layer is the 2inu kernel. The whole Android ?" is built on top of the 2inu +.$

%ernel with some further architectural changes made by >oogle. It is this 2inu that interacts

with the hardware and contains all the essential hardware drivers. *rivers are programs that

control and communicate with the hardware. or eample, consider the 9luetooth function.

All devices have 9luetooth hardware in it. Therefore the kernel must include a 9luetooth

driver to communicate with the 9luetooth hardware.

The net layer is the Android@s native libraries. It is this layer that enables the device

to handle different types of data. These libraries are written in c or ; language and are

http://www.google/androidhttp://www.google/android


10/19

1B

specific for a particular hardware. "ome of the important native libraries include the

following/

"urface (anager/ It is used for compositing window manager with off-screen buffering.

?ff-screen buffering means you can@t directly draw into the screen, but your drawings go to

the off screen buffer. There it is combined with other drawings and form the final screen the

user will see. (edia framework/ (edia framework provides different media codecs

allowing, the recording and playback of different media formats.

"


11/19

11

COMPARATIVE ST)

+.1 Re(e$rc' on e4i(tin% (i&i"$r $pp"ic$tion

Desearch on the eisting monitoring application is intended to review the concepts,

functionality and features of the approach contained in the euivalent of a Honeypot on

Android and process improvements that will be built into the Honeypot on Android.

+.1.1 $SpotC$t

igure 0.1/ a"pot;at (ain (enu

a"pot;at can monitor installed application by permission to help in find and uninstall

malicious application. This is a free application available in the market which are able to


12/19

1$

shows all your android application permissions, services that cost you money. The application

is providing us to bookmark permissions which you want to monitor. "o that we are easier to

read and understand the permission granted to every application. It can view application

permission in & forms. That is list application by permission, 2ist application by bookmarks

permission and list all application installed. 2ist application by permission provide us a way

easier to bookmark the concerning permission or the permission that cost you money or

accessing your private data. 2ist application by bookmarks permission is provide a way easier

to view the bookmarked permissions. There is also having a warm warning for the

application which has granted the permission being bookmarked. !hile list application is a

interface to shows all application installed in the phone. This interface provide user to have

an overview of all application being installed.

+.1.2 Per&i((ion Monitor Free

igure 0.$/ ermission (onitor ree (ain interface

ermission monitor free is a free application available in the market. It allows us to monitor

our applications based on our preferences. ?nce installed, we can define suspicious

permissions and permission sets. The net time we install an application with those

suspicious permission sets, the monitor will notify us. "o that we will never need to check


13/19

1&

permissions of applications we want to download. The application provides & maor button in

the interface that is 2ist application, list permissions, and monitor settings. 2ist of application

providing an overview of the application installed in our device hence every click on the icon

displayed in the interface will bring us to another interface which shows all the detail of the

application. In the interface, we are able to manage the application by force close the

application, open the application or uninstall the application. The 2ist of permission provides

us an overview of all permissions. !hen click on the permission list, the list will epand and

display the icon of the application which is granted such permission. !hile monitor setting is

used to create a permission set which the application will monitor those application

bookmarked, when the new application installed with those suspicious permissions sets, the

monitor will notify us.

+.2 S#&&$ry o (i&i"$r e4i(tin% $pp"ic$tion

In conclusion, permission monitor free has the following features/

i. 2ist all applications

ii. 2ist permissions and show applications who use them.iii. "et up monitor to check installed and Eor updated applications

iv. ;heck all installed applications for suspicious applications

v. Fotify user when suspicious application is installed.

a"pot;at has the following features.

i. 2ist all applications

ii. 2ist permissions by grouping to permissions category and show applications

who use them.

iii. 9ookmark permissions categories that interest you the most so that you can

monitor and review it easily.

iv. ;heck all installed applications for suspicious applications with protection

level indicators and grouping of permissions category.

v. Fotify user when suspicious application is installed with protection level

indicator

CHAPTER ,


14/19

1+

)ESI

,.1 (e5c$(e di$%r$&

igure 7.1/ Cse-case diagram

i. *isplay application

This function is to display all the application installed in the device.

ii. *isplay permission

This function is to display all the group of permission by category

iii. *isplay bookmarked application

This function is to display all the application which is bookmarked by user.

iv. (anage application

This function provide user to manage the application by uninstall the application, or


15/19

10

force stop the application.

v.


16/19

17

The interface is designed to display all the application installed in the devices. The Image

buttons shown in the figure 7.& is representing the icon of the application installed in user

device. This interface allows users to have a overview of all the application installed and

click to the application icon to view the specific application detail and manage the application

which will be shown in igure 7.+.

igure 7.&/ Apps list interface

,.2.3 App"ic$tion det$i" inter$ce

This is the interface where the user can manage the application by three options. Those are

force close, bookmark or uninstall the application. orce close button is used to close the

application immediately. 9ookmark button is used to bookmark those suspicious application

to monitor and uninstall button is to uninstall the application form the device immediately.

9esides that, the white field will show up the permission granted for this application. This

provides user an easier way to view the permission of application installed.


17/19

18

igure 7.+/ Application detail interface

,.2.* App"ic$tion "i(t per&i((ion inter$ce

The permission list interface is the interface to show all the permission of the application by

group of category, user can click on any group of the permission and the permission group

will epand its sub item in below of it. After click on the category of permission group, the

interface will be shown in igure 7.7.

igure 7.0/ ermission list interface


18/19

1:

,.2.+ Per&i((ion "i(t inter$ce de(i%n cont. de(i%n

This is the permission list interface after click on the category of permission group.

!hen the category of permission group is clicked, the permission group is epanded and the

application icon with those permission will show up. The icon of the application is also can

be clicked so that it will bring user to the application detail interface in igure 7.+

igure 7.7/ ermission list interface cont. interface

,.2., 6oo7&$r7ed "i(t

The bookmarked list interface is displaying all the application that is bookmarked by user.

This interface provide the information about the application trace of accessing the phone

function. Cser can view through the application and when user had decided to uninstall the

application, user can click on the icon, the application will bring user to the application detail

interface in the igure 7.+ where user can manage this application whether to uninstall it or

force close it.


19/19

1=

igure 7.8/ 9ookmarked list interface

honeypot on android

Documents