Malicious Android application for security testing

Abstract

The growing popularity of mobile device artifacts brings data security issues with themselves. Sensitive personal data on mobile phones have already become an open target for malicious third-party developers. The lack of digital literacy of the users enables not only the spiteful developers but also companies to acquire personal data through application permissions. This study investigates the implementation and designing of a prototype Android application to discover what kind of user data is possible to get by application permissions. The prototype application obtains private user data such as contact names, contact numbers, SMS messages, last location coordinates, email account ID, last picture and le (optional), calendar events, and lastly, call logs. Users will see the collected data on a webpage. This thesis's outcome can be used as a good sample of demonstrate permission issues and improve consumers' digital security awareness.