honeypot on android
TRANSCRIPT
-
8/19/2019 Honeypot on Android
1/19
1
CHAPTER 1
OVERVIEW OF THE APP
1.1 Honeypot
A Honeypot is something that is designed to attract and trap something for its own means and
use. It will sit idle listening and waiting for something of interest to trigger its sensors and
cause a reaction that will produce some information or physical grabbing of its target. The
idea of the Honeypot is all around us, in the natural and un-natural world, even though we
may not see them at first glance. Honeypot are not a new thing but where we are today we
have had to take the natural eamples and adapt them to work for the unnatural application.
1.1.1 Honeypot on Android
In Android, a Honeypot is a little different, but as was said already can be almost the same
depending on the implementation of it that is used. !hat the Honeypot does in android is
monitoring applications activity, it will sit idle listening and waiting for monitoring
bookmarked application in that had installed in the phone. "o that it will detect activity
information which the application installed are interact and grant for access of phone
function, services or data as well.
It will keep on recording the trace left of bookmarked suspicious application. In short,
honeypot on android is a trap set to detect android application in order to collect data, or in
some manner we can take further action to counteract attempts at unauthori#ed use of the
manifest permission by the applications installed. "ince every application is shown, and
which application seems granted a lot of irrespective permission, hence it can determine and
bookmark that suspicious application.
-
8/19/2019 Honeypot on Android
2/19
$
The application will be observed. %nowing our application permissions can help us
better safeguard our privacy and security and prevent unauthori#ed charges. There are a lot of
information collected as a proof and hence we can prevent before seriously loss or harmed
since we know the application irrespective intention, so we can get to know that and take
further action in order to protect our confidential data and unauthori#ed access such as
uninstall the malicious application.
-
8/19/2019 Honeypot on Android
3/19
&
CHAPTER 2
SCOPE OF THE APP
2.1 Project Scope
The application is aimed to be used by the people who want to read and understand more
about their application.
The application is a monitoring tool to help users knowing their application
permissions. It will list out the application permission granted in the different way. The users
are allowed to select the type of view according to the predefined category.
The application is then displays the content to the users. The users can click the
application button to get the detail of the application. If user not trust the applications
installed, user can bookmark the suspicious application to observe it, force close it or
uninstall the application.
The application also provide a suspicious application list which application
bookmarked as suspicious is under observation. The trace left by the application when it
access to the system function is recorded as a proof to discovering the suspicious malicious
intent. However, the application will not warn the user but it keeping recording the
information until it was stop by user.
This application will be developed and tested in laptop by using 'clipse (ars and
tested by Android )irtual *evice (anager. This is a simulator which same with the android
system, so this application is able to be use by android based phone.
-
8/19/2019 Honeypot on Android
4/19
+
CHAPTER 3
MAJOR FEATRES OF THE APP
3.1 E!o"#tion$ry prototypin% &ode"
The evolutionary prototyping obective is to deliver a working system with high satisfaction
level to the end users. In the methodology, the system will be developed through a series of
increments of function because In 'volutionary rototyping, developers can focus themselves
to develop parts of the system that they understand instead of working on developing a whole
system.
igure &.1/ 'volutionary prototyping model. (Source: Chip.” Prototyping Model”. Pg. 48-
49.)
-
8/19/2019 Honeypot on Android
5/19
0
3.1.1 Initi$tion p'$(e
This is the first phase which involves researching and analy#ing the reuirement for the
proect based on a given time period. The problem statement, proect aim, obective, proect
scope, proect ustification and proposal organi#ation had been all well-planned.
3.1.2 An$"y(i( p'$(e
The main activity at this phase is discussed about collect information and system
reuirements through researches from other eisting application. "everal similar systems had
been selected to be compared to find out more ideas and function that can implement in the
proposed proect. The net step is to study how to use the 'clipse for developing android
application. "ince a lot of research has to be done in order to learn to operate the software. A
lot of learning schedule has been planned. The 'clipse supports a few types of programming
languages in order to make a working application. It reuires 'tensible (arkup 2anguage
34(25 file to create the user interface for the application. The learning process is then
continued to learn how to connect the functional button to the 6ava 2anguage. The 6ava
language is used to set the task of the process to be eecuted. The concept of honeypot has to
be analysis and prepared to design in the net stage.
3.1.3 )e(i%n p'$(e
After analysis phase, the maor function of the application is determined and hence that the
designing of the application interface has to be start. The interface is design one by one based
on the application function. Hence, the application interface may easily achieve the function
and obective of the proect. The Interface is aim to be simple and straight forward without
any decoration. The interface is design part by part based on the application function. The
interfaces designed should have a few buttons for users to select which button clicked will
bring users to screen with certain content. The content of the page is first retrieve from the
android system. This application does not need to use Internet access. Hence, the use case
-
8/19/2019 Honeypot on Android
6/19
7
diagram is plotted. The net implementation is to classify the data accordingly. This will
allow users to read and understand the content easily. The application is display in 'nglish
only.
3.1.* I&p"e&ent p'$(e
Implementation is the stage where the physical design of the application is translated into
code. 'ach specification developed during the last stage will be implemented into the overall
application structure. If any problem with the design are discovered the proect will return to
the design stage and create a revised design. The process will then continue checking that
each of the previously implemented features can be satisfied within the new design
framework. In implement phase, activity diagram and class diagram for the application is
plotted.
3.1.+ Te(tin% p'$(e
*uring the testing stage each function implemented in the implementation stage is checked
against its specification to ensure that it performs the correct action. roect test plan is
prepared for the detailed testing in testing phase. The application had been developed and
should test before deliver to the users. The testing is divided into two parts. The first part is to
test the application to check the error and bug that might be in the coding. This testing will be
done by the developer. "econd part of the testing is to ensure the application fulfill the proect
reuirements of the users. The result will influence developer to take any further action to add
or delete any function to the application. *uring the testing stage each function implemented
in the implementation stage is checked against its specification to ensure that it performs the
correct action.
-
8/19/2019 Honeypot on Android
7/19
8
3.1., Prototype p'$(e
The feedback from tester will be analy#ed and the new action will be taken in the net
prototype. 'ach prototype shall be improved and the follow of application will also be
improved in every prototype. !ith the increasing of iteration, the application is to be
determining how successful each part was and to suggest improvements for the future.
3.2 H$rd-$re $nd (ot-$re re/#ire&ent $nd de!e"op&ent p"$tor&
The Honeypot on Android reuires hardware and software to be develop and testing. 9oth
hardware and software has to be able to match with each other to make the application to be
able to run. The list if reuirement is as follow/
3.2.1 H$rd-$re $nd (ot-$re re/#ire&ent
Sot-$re Speciic$tion
!indow :
'clipse (ars
Android "oftware *evelopment %it3"*%5
Android )irtual *evice3A)*5 (anager
*roiddraw
Table &.1/ "oftware specification and reuirement for Honeypot on Android
-
8/19/2019 Honeypot on Android
8/19
:
H$rd-$re Speciic$tion
;omputer
Android *evicesTable &.$/ Hardware specification and reuirement for Honeypot on Android
3.2.2 Pro%r$&&in% 0$n%#$%e
The language will be implement to develop this application is 6ava and 4(2. The 'clipse
(ars reuires 6ava language to develop the android application. 4(2 is used to develop the
user interface for the application and is then connected to 6ava language to set the function of
each button, image button and tet view. "
-
8/19/2019 Honeypot on Android
9/19
=
OPERATI EVIROMET
*.1 Android Arc'itect#re
igure +.1/ Android/ Architecture diagram as presented by >oogle. (Source:
www.google/android architecture)
The basic layer is the 2inu kernel. The whole Android ?" is built on top of the 2inu +.$
%ernel with some further architectural changes made by >oogle. It is this 2inu that interacts
with the hardware and contains all the essential hardware drivers. *rivers are programs that
control and communicate with the hardware. or eample, consider the 9luetooth function.
All devices have 9luetooth hardware in it. Therefore the kernel must include a 9luetooth
driver to communicate with the 9luetooth hardware.
The net layer is the Android@s native libraries. It is this layer that enables the device
to handle different types of data. These libraries are written in c or ; language and are
http://www.google/androidhttp://www.google/android
-
8/19/2019 Honeypot on Android
10/19
1B
specific for a particular hardware. "ome of the important native libraries include the
following/
"urface (anager/ It is used for compositing window manager with off-screen buffering.
?ff-screen buffering means you can@t directly draw into the screen, but your drawings go to
the off screen buffer. There it is combined with other drawings and form the final screen the
user will see. (edia framework/ (edia framework provides different media codecs
allowing, the recording and playback of different media formats.
"
-
8/19/2019 Honeypot on Android
11/19
11
COMPARATIVE ST)
+.1 Re(e$rc' on e4i(tin% (i&i"$r $pp"ic$tion
Desearch on the eisting monitoring application is intended to review the concepts,
functionality and features of the approach contained in the euivalent of a Honeypot on
Android and process improvements that will be built into the Honeypot on Android.
+.1.1 $SpotC$t
igure 0.1/ a"pot;at (ain (enu
a"pot;at can monitor installed application by permission to help in find and uninstall
malicious application. This is a free application available in the market which are able to
-
8/19/2019 Honeypot on Android
12/19
1$
shows all your android application permissions, services that cost you money. The application
is providing us to bookmark permissions which you want to monitor. "o that we are easier to
read and understand the permission granted to every application. It can view application
permission in & forms. That is list application by permission, 2ist application by bookmarks
permission and list all application installed. 2ist application by permission provide us a way
easier to bookmark the concerning permission or the permission that cost you money or
accessing your private data. 2ist application by bookmarks permission is provide a way easier
to view the bookmarked permissions. There is also having a warm warning for the
application which has granted the permission being bookmarked. !hile list application is a
interface to shows all application installed in the phone. This interface provide user to have
an overview of all application being installed.
+.1.2 Per&i((ion Monitor Free
igure 0.$/ ermission (onitor ree (ain interface
ermission monitor free is a free application available in the market. It allows us to monitor
our applications based on our preferences. ?nce installed, we can define suspicious
permissions and permission sets. The net time we install an application with those
suspicious permission sets, the monitor will notify us. "o that we will never need to check
-
8/19/2019 Honeypot on Android
13/19
1&
permissions of applications we want to download. The application provides & maor button in
the interface that is 2ist application, list permissions, and monitor settings. 2ist of application
providing an overview of the application installed in our device hence every click on the icon
displayed in the interface will bring us to another interface which shows all the detail of the
application. In the interface, we are able to manage the application by force close the
application, open the application or uninstall the application. The 2ist of permission provides
us an overview of all permissions. !hen click on the permission list, the list will epand and
display the icon of the application which is granted such permission. !hile monitor setting is
used to create a permission set which the application will monitor those application
bookmarked, when the new application installed with those suspicious permissions sets, the
monitor will notify us.
+.2 S#&&$ry o (i&i"$r e4i(tin% $pp"ic$tion
In conclusion, permission monitor free has the following features/
i. 2ist all applications
ii. 2ist permissions and show applications who use them.iii. "et up monitor to check installed and Eor updated applications
iv. ;heck all installed applications for suspicious applications
v. Fotify user when suspicious application is installed.
a"pot;at has the following features.
i. 2ist all applications
ii. 2ist permissions by grouping to permissions category and show applications
who use them.
iii. 9ookmark permissions categories that interest you the most so that you can
monitor and review it easily.
iv. ;heck all installed applications for suspicious applications with protection
level indicators and grouping of permissions category.
v. Fotify user when suspicious application is installed with protection level
indicator
CHAPTER ,
-
8/19/2019 Honeypot on Android
14/19
1+
)ESI
,.1 (e5c$(e di$%r$&
igure 7.1/ Cse-case diagram
i. *isplay application
This function is to display all the application installed in the device.
ii. *isplay permission
This function is to display all the group of permission by category
iii. *isplay bookmarked application
This function is to display all the application which is bookmarked by user.
iv. (anage application
This function provide user to manage the application by uninstall the application, or
-
8/19/2019 Honeypot on Android
15/19
10
force stop the application.
v.
-
8/19/2019 Honeypot on Android
16/19
17
The interface is designed to display all the application installed in the devices. The Image
buttons shown in the figure 7.& is representing the icon of the application installed in user
device. This interface allows users to have a overview of all the application installed and
click to the application icon to view the specific application detail and manage the application
which will be shown in igure 7.+.
igure 7.&/ Apps list interface
,.2.3 App"ic$tion det$i" inter$ce
This is the interface where the user can manage the application by three options. Those are
force close, bookmark or uninstall the application. orce close button is used to close the
application immediately. 9ookmark button is used to bookmark those suspicious application
to monitor and uninstall button is to uninstall the application form the device immediately.
9esides that, the white field will show up the permission granted for this application. This
provides user an easier way to view the permission of application installed.
-
8/19/2019 Honeypot on Android
17/19
18
igure 7.+/ Application detail interface
,.2.* App"ic$tion "i(t per&i((ion inter$ce
The permission list interface is the interface to show all the permission of the application by
group of category, user can click on any group of the permission and the permission group
will epand its sub item in below of it. After click on the category of permission group, the
interface will be shown in igure 7.7.
igure 7.0/ ermission list interface
-
8/19/2019 Honeypot on Android
18/19
1:
,.2.+ Per&i((ion "i(t inter$ce de(i%n cont. de(i%n
This is the permission list interface after click on the category of permission group.
!hen the category of permission group is clicked, the permission group is epanded and the
application icon with those permission will show up. The icon of the application is also can
be clicked so that it will bring user to the application detail interface in igure 7.+
igure 7.7/ ermission list interface cont. interface
,.2., 6oo7&$r7ed "i(t
The bookmarked list interface is displaying all the application that is bookmarked by user.
This interface provide the information about the application trace of accessing the phone
function. Cser can view through the application and when user had decided to uninstall the
application, user can click on the icon, the application will bring user to the application detail
interface in the igure 7.+ where user can manage this application whether to uninstall it or
force close it.
-
8/19/2019 Honeypot on Android
19/19
1=
igure 7.8/ 9ookmarked list interface