AN EXPERIMENTAL MALWARE FOR SMARTPHONES

Abstract

Android operating system has become one of the platforms developers used to introduce their malicious activities into the smartphone world through Android Applications (App). Although the Google Play Store implements security countermeasures against Android malware, these measures have vulnerabilities. A major weakness is that users often accept all requested permissions as mandatory when installing an application, without understanding the risks. This gives developers the basis to achieve their illicit actions. The aim of the study is to develop a malware application for identification and to exploit vulnerabilities within the android operating system. The work adopted the object-oriented analysis and design methodology (OOAD). Context diagram was used to represent data flow in the malware application and Sequence diagram was used to show the interactions between objects in the application and the sequential order that those interactions occurred. Further, a randomized algorithm was used for the detailed design. The work developed a malware application that kept track of user tasks but at the background modified contacts list causing inconveniences to the user. The malware application replaced the contact list with random strings from set of alphanumeric characters. The malware application simulated a real-world cyber threat, contacts modification, to uncover vulnerabilities that evade detection through conventional security approaches. By exploring this attack vector, the study provided empirical evidence of vulnerabilities that was exploited by the malicious application developed. This study contributed to the broader field of cyber security research by providing experimental evidence and insights into the specific vulnerabilities and attack vectors targeting Android operating system.