Issues and Solutions in android
Due to misuse of various app permissions, it is possible for various security threats. Among various threats, it is possible for Android applications to read messages, send messages. SMS is a common and basic functionality in traditional mobile and smartphone. All confidential information based on two-factor authentication has been sent as a text message. For example, various banks, online websites, etc., use two-factor authentications. The main objective of two-factor authentication is to increase the security and integrity for the users and to avoid various security attacks that are based on traditional username and password approach. But, even this method fails, if malware installed in a smartphone or due to over claim permission apps. If the hacker hacks username and password of the user using various hacking techniques, the first level of authentication are compromised and then the OTP (One Time Password) is being sent to the user. If the application or malware that is being installed in Smartphone then it is possible for the app or malware to read messages and send the information to the hacker without the knowledge of the user. So, even two-factor authentication fails .CodeShoppy
Application Downloads The Android applications can be downloaded from google play store and unknown sources. Android uses crowdsourcing  which is based on user comments and rating of the app. If enough users complain about the app, then it will be removed and deactivated remotely. The iOS applications can be downloaded only from iOS AppStore. It is not possible to download and install iOS applications other than AppStore. All the applications available in iOS have been properly checked for various security issues in the source code and after verifying it then it is available in the AppStore. B. Signing Technology Self Signing  is used in Android. The Android discharge framework requires that all applications introduced on client gadgets are carefully marked with declarations whose private keys are held by the designer of the applications. The endorsements permit the Android framework to recognize thecreator of an application and set up trust connections amongst designers and their applications. The endorsements are not used to control which applications the client can and can’t introduce. Code signing   used in iOS. It app assures users that it is from a known source and the app hasn’t been modified since it was last signed. Before publishing an app, the app has to be submitted to Apple Inc. for approval. Apple signs the app after checking the code for any malicious code. If an app is signed then, any changes to the app can be easily trackedInterprocess Communication Android supports interprocess communication among its applications  . Apple iOS does not support inter-process communication among its applications. D. Open Source and Closed Source Android is open source. In this guideline, open source programming implies the source code is made accessible on an all inclusive level. The thought is to open up the product to the general population, making a mass coordinated effort that outcomes in the product being continually upgraded, settled, enhanced, and developed. Apple’s iOS is closed source. With closed source software, the source code is firmly watched, regularly in light of the fact that it’s viewed as a prized formula that makes shortage and keeps the association aggressive. Such projects accompany limitations against changing the product or utilizing it in courses intended by the first makers. E. Memory Randomization It is a technique wherein the information about the application is stored on the disk in the random address which has been generated. This reduces the security threats since malicious code and attacker needs to find the exact location where the information is being stored. This technique is used by both iOS and Android OS. F. Storage Data of application is stored either in internal storage or external storage. For Android, the information can be stored in both built in storage and external storage. But, iOS does not support external storage. It has only internal storage to reduce various security threats and faster processing
Android shared user ID is one of the major reasons for misusing app permissions. Due to shared user ID permissions granted to one app can access permissions granted by another app if and only if both has the shared user ID value set same and signed by the same certificate. The users are not aware of which applications are misusing the permissions. In the proposed method, an Android security tool is developed. This procedure includes six steps xList all the applications based on its app ID that is its package name. xList all the applications for which shared User ID is set. xCompare all the applications with every shared User ID set app. xList the finalized apps. xProvides explicit notification to the user when the shared User ID app tries to access the permissions with other apps. xDisplay the resources used by shared user ID apps by the security tool app.Android is most widely used mobile operating system. Improvising the security of an Android OS is very important to safeguard the user’s privacy and confidential information. In this study, it was shown how to avoid misusing app permissionsThis study is conducted in “Christ University” under the guidance of Dr. Sumitra Binu, Prof. Joy Paulose and Dr. Rohini V as a partial requirement for the degree Master of Computer Applications.
Android operating system uses the permission-based model which allows Android applications to access user information, system information, device information and external resources of Smartphone. The developer needs to declare the permissions for the Android application. The user needs to accept these permissions for successful installation of an Android application. These permissions are declarations. At the time of installation, if the permissions are allowed by the user, the app can access resources and information anytime. It need not re-request for permissions again. Android OS is susceptible to various security attacks due to its weakness in security. This paper tells about the misuse of app permissions using Shared User ID, how two-factor authentications fail due to inappropriate and improper usage of app permissions using spyware, data theft in Android applications, security breaches or attacks in Android and analysis of Android, iOS and Windows operating system regarding its security