Enck, Ongtang, and McDaniel present a methodology for certifying mobile phone applications during the installation process. During the installation process, the application is classified according to its behavior and possibly suspicious activities--for example, accessing a global positioning system (GPS) location and sending it over the Internet.

Android’s standard security decisions are primarily based on the application’s packet manifest--permissions may or may not be granted to applications, as requested. The authors defined the security rules using their Kirin Security Language; for instance, a rule may state that a certain application must not be debugged by another application. To validate their method, they analyzed existing applications and found that several applications, such as GPS-tracking programs, violate some of their rules and are thus classified as potentially dangerous. If installed in secret, tracking GPS locations and sending them over the Internet can be maliciously used for spying. The researchers also discovered some security flaws; for instance, in their early versions, Android applications created short message service (SMS) text messages that appeared to have been received over the cellular network when in fact they had been created locally.

In summary, Enck, Ongtang, and McDaniel present three main ideas in this paper: they describe a methodology for implementing additional security features in Android; they show how applications can be dynamically certified; and they provide and validate some rules that may be used to characterize the behavior of applications on mobile devices. This paper is for readers who are interested in “practical mobile phone security.”