Evaluating System Security in Android
We plan to adjust a demonstration based on a user’s request. Users can choose demonstration type from the two options: experience the application on our smartphone or install the application on their Android OS device. For the first option Google Nexus 4 smartphone with Android version 5.1.1 is used. The smartphone is not rooted, bootloader is locked. We show our application and explain how it works using this smartphone. Second option is more interactive. Our poster contains a QR-code with the link to our application at Google Play store. Users can scan this QR-code, download and install the application to their smartphones. We assist users with the application download and installation. We also explain how to use the application and guide users through the process. The application and the library is written in JAVA, using Android Studio IDE and Android SDK. android project app ideas 2019 Minimum Android API level 21 was chosen, which allows to run application and library on devices with Android OS version 5.0 and above. Users can evaluate important system parameters of their Android OS device independently or to perform complex security evaluation. The application displays status of each parameter and presents a detailed explanation why this parameter is important from the security perspective. In addition, the application allows to simulate various parameter’s values and to show their influence on an overall security level. The application is based on our security library, which can be used with other applications. The main screen (see Fig.1) of the application contains check-boxes for each parameter. Also, a user can select a check box for the complex evaluation and in this case, other check-boxes will be unselected. In addition, the main screen contains a button that starts the evaluation process, a button that clears results, and a button that allows a user to simulate evaluation. After the application is started, “Clear results” button is disabled. After a user has pressed the “Start evaluation” button they see a circular progress bar while the evaluation is performed. After evaluation has been finished, the user is presented the results for each parameter and the overall security level if the complex evaluation has been performed. https://codeshoppy.com/android-projects-titles-ieee.html In addition, recommendations how to improve system security are given. A user can click on each parameter and read detailed explanation in a new screen. From the “details” screen, a user can access corresponding system settings and change them. After an evaluation has been finished the “Clear results” button becomes enabled. The user can clear results and perform an evaluation process again. Users can open a simulation screen if they press “Simulation” button. In this screen, a user can simulate (turn on or off) each parameter and see how it affects the overall security score.
In this demonstration, we use only system’s parameters for a security evaluation. These parameters and their possible values are presented in Table 1. “Basic integrity” and “Android compatibility” values are provided by Google SafetyNet library  and include various parameters of the device, such as bootloader state (locked or unlocked) and root access. “Android compatibility testing” has more strict rules than “basic integrity” test. SafetyNet is a part of the Android OS and does not require downloading additional libraries. The list of potentially harmful applications is also provided by SafetyNet library. Screen lock is a very important security mechanism that prevents unauthorized access to the system. Screen lock can be a password, PIN code or graphical pattern. Without screen lock, a non-legitimate user can access very private information or install malware. Enabled “Unknown sources” setting increases chances of installing malware. It allows to install applications not only from Google Play, which uses special techniques to prevent a malware installation. Enabled “Developer option menu” setting may lead to a security violations and should not be turned on all the time. This setting allows to use the Android Debug Bridge (ADB), through which a user may access protected partitions and modify system parameters. In addition, ADB allows to install applications from the unknown sources even if “Unknown sources” setting is disabled. Newer versions of the OS do not have vulnerabilities that were discovered in the previous versions and, thus, are more secured. It is very important to keep the Android OS updated. It is likely that hackers would attack an older version of the OS because more vulnerabilities have been discovered. More details about these parameters and their justification can be found in . Fig.2 presents the structure of the proposed application. Security evaluation library has functions to evaluate each parameter independently or perform the complex evaluation. In the case of the complex evaluation, library returns an object (container) that contains values of each parameter and the security score.