A Novel Security Framework for Managing Android Permissions Using Blockchain Technology

Abstract

This article presents a new framework named ANDROSCANREG (Android Permissions Scan Registry) that allows to extract and analyze the requested permissions in an Android application via a decentralized and distributed system. This framework is based on the emerging technology Blockchain whose potential is approved in the matter of transparency, reliability, security and availability without resorting to a central processing unit judged of trust. ANDROSCANREG consists of two Blockchains, the first one (PERMBC) will handle analysis, validation and preparation of the raw results so that they will persist in the second Blockchain of Bitcoin already existing (BTCBC), which will assume the role of a Registry of recovered permissions and will save the permissions history of each version of the applications being scanned via financial transactions, whose wallet source, recipient wallet and transaction value have a precise meaning. An example of a simulation will be presented to describe the different steps, actors, interactions and messages generated by the different entity of ANDROSCANREG.