1

CHAPTER 1

OVERVIEW OF THE APP

1.1

Honeypot

A Honeypot is something that is designed to attract and trap something for its own means and
use. It will sit idle listening and waiting for something of interest to trigger its sensors and
cause a reaction that will produce some information or physical grabbing of its target. The
idea of the Honeypot is all around us, in the natural and un-natural world, even though we
may not see them at first glance. Honeypot are not a new thing but where we are today we
have had to take the natural examples and adapt them to work for the unnatural application.

1.1.1

Honeypot on Android

In Android, a Honeypot is a little different, but as was said already can be almost the same
depending on the implementation of it that is used. What the Honeypot does in android is
monitoring applications activity, it will sit idle listening and waiting for monitoring
bookmarked application in that had installed in the phone. So that it will detect activity
information which the application installed are interact and grant for access of phone
function, services or data as well.
It will keep on recording the trace left of bookmarked suspicious application. In short,
honeypot on android is a trap set to detect android application in order to collect data, or in
some manner we can take further action to counteract attempts at unauthorized use of the
manifest permission by the applications installed. Since every application is shown, and
which application seems granted a lot of irrespective permission, hence it can determine and
bookmark that suspicious application.

2
The application will be observed. Knowing our application permissions can help us
better safeguard our privacy and security and prevent unauthorized charges. There are a lot of
information collected as a proof and hence we can prevent before seriously loss or harmed
since we know the application irrespective intention, so we can get to know that and take
further action in order to protect our confidential data and unauthorized access such as
uninstall the malicious application.

3
CHAPTER 2

SCOPE OF THE APP

2.1

Project Scope

The application is aimed to be used by the people who want to read and understand more
about their application.
The application is a monitoring tool to help users knowing their application
permissions. It will list out the application permission granted in the different way. The users
are allowed to select the type of view according to the predefined category.
The application is then displays the content to the users. The users can click the
application button to get the detail of the application. If user not trust the applications
installed, user can bookmark the suspicious application to observe it, force close it or
uninstall the application.
The application also provide a suspicious application list which application
bookmarked as suspicious is under observation. The trace left by the application when it
access to the system function is recorded as a proof to discovering the suspicious malicious
intent. However, the application will not warn the user but it keeping recording the
information until it was stop by user.
This application will be developed and tested in laptop by using Eclipse Mars and
tested by Android Virtual Device Manager. This is a simulator which same with the android
system, so this application is able to be use by android based phone.

4
CHAPTER 3

MAJOR FEATURES OF THE APP

3.1

Evolutionary prototyping model

The evolutionary prototyping objective is to deliver a working system with high satisfaction
level to the end users. In the methodology, the system will be developed through a series of
increments of function because In Evolutionary Prototyping, developers can focus themselves
to develop parts of the system that they understand instead of working on developing a whole
system.

Figure 3.1: Evolutionary prototyping model. (Source: Chip. Prototyping Model. Pg. 4849.)

5
3.1.1

Initiation phase

This is the first phase which involves researching and analyzing the requirement for the
project based on a given time period. The problem statement, project aim, objective, project
scope, project justification and proposal organization had been all well-planned.

3.1.2

Analysis phase

The main activity at this phase is discussed about collect information and system
requirements through researches from other existing application. Several similar systems had
been selected to be compared to find out more ideas and function that can implement in the
proposed project. The next step is to study how to use the Eclipse for developing android
application. Since a lot of research has to be done in order to learn to operate the software. A
lot of learning schedule has been planned. The Eclipse supports a few types of programming
languages in order to make a working application. It requires Extensible Markup Language
(XML) file to create the user interface for the application. The learning process is then
continued to learn how to connect the functional button to the Java Language. The Java
language is used to set the task of the process to be executed. The concept of honeypot has to
be analysis and prepared to design in the next stage.

3.1.3

Design phase

After analysis phase, the major function of the application is determined and hence that the
designing of the application interface has to be start. The interface is design one by one based
on the application function. Hence, the application interface may easily achieve the function
and objective of the project. The Interface is aim to be simple and straight forward without
any decoration. The interface is design part by part based on the application function. The
interfaces designed should have a few buttons for users to select which button clicked will
bring users to screen with certain content. The content of the page is first retrieve from the
android system. This application does not need to use Internet access. Hence, the use case

6
diagram is plotted. The next implementation is to classify the data accordingly. This will
allow users to read and understand the content easily. The application is display in English
only.

3.1.4

Implement phase

Implementation is the stage where the physical design of the application is translated into
code. Each specification developed during the last stage will be implemented into the overall
application structure. If any problem with the design are discovered the project will return to
the design stage and create a revised design. The process will then continue checking that
each of the previously implemented features can be satisfied within the new design
framework. In implement phase, activity diagram and class diagram for the application is
plotted.

3.1.5

Testing phase

During the testing stage each function implemented in the implementation stage is checked
against its specification to ensure that it performs the correct action. Project test plan is
prepared for the detailed testing in testing phase. The application had been developed and
should test before deliver to the users. The testing is divided into two parts. The first part is to
test the application to check the error and bug that might be in the coding. This testing will be
done by the developer. Second part of the testing is to ensure the application fulfill the project
requirements of the users. The result will influence developer to take any further action to add
or delete any function to the application. During the testing stage each function implemented
in the implementation stage is checked against its specification to ensure that it performs the
correct action.

3.1.6

Prototype phase

The feedback from tester will be analyzed and the new action will be taken in the next
prototype. Each prototype shall be improved and the follow of application will also be
improved in every prototype. With the increasing of iteration, the application is to be
determining how successful each part was and to suggest improvements for the future.

3.2

Hardware and software requirement and development platform

The Honeypot on Android requires hardware and software to be develop and testing. Both
hardware and software has to be able to match with each other to make the application to be
able to run. The list if requirement is as follow:

3.2.1

Hardware and software requirement

Software Specification
Window 8
Eclipse Mars
Android Software Development Kit(SDK)
Android Virtual Device(AVD) Manager
Droiddraw
Table 3.1: Software specification and requirement for Honeypot on Android

8
Hardware Specification
Computer
Android Devices
Table 3.2: Hardware specification and requirement for Honeypot on Android

3.2.2

Programming Language

The language will be implement to develop this application is Java and XML. The Eclipse
Mars requires Java language to develop the android application. XML is used to develop the
user interface for the application and is then connected to Java language to set the function of
each button, image button and text view. SQL is used to connect the application with the
application. This is important to ensure the application display the right result for each
process.

CHAPTER 4

OPERATING ENVIRONMENT

4.1

Android Architecture

Figure 4.1: Android: Architecture diagram as presented by Google. (Source:

www.google/android architecture)
The basic layer is the Linux kernel. The whole Android OS is built on top of the Linux 4.2
Kernel with some further architectural changes made by Google. It is this Linux that interacts
with the hardware and contains all the essential hardware drivers. Drivers are programs that
control and communicate with the hardware. For example, consider the Bluetooth function.
All devices have Bluetooth hardware in it. Therefore the kernel must include a Bluetooth
driver to communicate with the Bluetooth hardware.
The next layer is the Android's native libraries. It is this layer that enables the device
to handle different types of data. These libraries are written in c or C++ language and are

10
specific for a particular hardware. Some of the important native libraries include the
following:
Surface Manager: It is used for compositing window manager with off-screen buffering.
Off-screen buffering means you can't directly draw into the screen, but your drawings go to
the off screen buffer. There it is combined with other drawings and form the final screen the
user will see.

Media framework: Media framework provides different media codecs

allowing, the recording and playback of different media formats.

SQLite: SQLite is the database engine used in android for data storage purposes
WebKit: It is the browser engine used to display HTML content
OpenGL: Used to render 2D or 3D graphics content to the screen
Android Runtime consists of Dalvik Virtual machine and Core Java libraries.
Dalvik Virtual Machine is a type of JVM used in android devices to run apps and is optimized
for low processing power and low memory environments. Unlike the JVM, the Dalvik Virtual
Machine doesn't run .class files, instead it runs .dex files. .dex files are built from class file at
the time of compilation and provide higher efficiency in low resource environments
Application Framework are the blocks that our applications directly interacts with.
These programs manage the basic functions of phone like resource management, voice call
management etc. As a developer, you just consider these are some basic tools with which we
are building our applications. Important blocks of Application framework are:
Activity Manager: Manages the activity life cycle of applications
Content Providers: Manage the data sharing between applications
Telephony Manager: Manages all voice calls. We use telephony manager if we want to access
voice calls in our application.
Location Manager: Location management, using GPS or cell tower
Resource Manager: Manage the various types of resources we use in our Application
Applications are the top layer in the Android architecture and this is where our
applications are going to fit. Several standard applications come pre-installed with every
device, such as:

SMS client app

Dialer
Web browser
Contact manage
CHAPTER 5

11

COMPARATIVE STUDY

5.1

Research on existing similar application

Research on the existing monitoring application is intended to review the concepts,

functionality and features of the approach contained in the equivalent of a Honeypot on
Android and process improvements that will be built into the Honeypot on Android.

5.1.1

aSpotCat

Figure 5.1: aSpotCat Main Menu

aSpotCat can monitor installed application by permission to help in find and uninstall
malicious application. This is a free application available in the market which are able to

12
shows all your android application permissions, services that cost you money. The application
is providing us to bookmark permissions which you want to monitor. So that we are easier to
read and understand the permission granted to every application. It can view application
permission in 3 forms. That is list application by permission, List application by bookmarks
permission and list all application installed. List application by permission provide us a way
easier to bookmark the concerning permission or the permission that cost you money or
accessing your private data. List application by bookmarks permission is provide a way easier
to view the bookmarked permissions. There is also having a warm warning for the
application which has granted the permission being bookmarked. While list application is a
interface to shows all application installed in the phone. This interface provide user to have
an overview of all application being installed.

5.1.2

Permission Monitor Free

Figure 5.2: Permission Monitor Free Main interface

Permission monitor free is a free application available in the market. It allows us to monitor
our applications based on our preferences. Once installed, we can define suspicious
permissions and permission sets. The next time we install an application with those
suspicious permission sets, the monitor will notify us. So that we will never need to check

13
permissions of applications we want to download. The application provides 3 major button in
the interface that is List application, list permissions, and monitor settings. List of application
providing an overview of the application installed in our device hence every click on the icon
displayed in the interface will bring us to another interface which shows all the detail of the
application. In the interface, we are able to manage the application by force close the
application, open the application or uninstall the application. The List of permission provides
us an overview of all permissions. When click on the permission list, the list will expand and
display the icon of the application which is granted such permission. While monitor setting is
used to create a permission set which the application will monitor those application
bookmarked, when the new application installed with those suspicious permissions sets, the
monitor will notify us.

5.2

Summary of similar existing application

In conclusion, permission monitor free has the following features:

i.
ii.
iii.
iv.
v.

List all applications

List permissions and show applications who use them.
Set up monitor to check installed and /or updated applications
Check all installed applications for suspicious applications
Notify user when suspicious application is installed.

aSpotCat has the following features.

i.
ii.

List all applications

List permissions by grouping to permissions category and show applications

iii.

who use them.

Bookmark permissions categories that interest you the most so that you can

iv.

monitor and review it easily.

Check all installed applications for suspicious applications with protection

v.

level indicators and grouping of permissions category.

Notify user when suspicious application is installed with protection level
indicator
CHAPTER 6

14

DESIGN

6.1

Use-case diagram

Figure 6.1: Use-case diagram

i.

Display application

This function is to display all the application installed in the device.

ii.

Display permission

This function is to display all the group of permission by category

iii.

Display bookmarked application

This function is to display all the application which is bookmarked by user.

iv.

Manage application

This function provide user to manage the application by uninstall the application, or

15
force stop the application.
v.

6.2

Quit

Application user interface design

There are total of 6 interface is designed in this application for different purpose. The first
interface is the main menu.

6.2.1 Main menu interface

The main menu display four button which is apps list, permission list, bookmarked list and
quit. Users can select by clicking the button labeled with the description. Every click of the
button will bring user to the different interface.

Figure 6.2: Main menu

6.2.2

Apps list interface

16
The interface is designed to display all the application installed in the devices. The Image
buttons shown in the figure 6.3 is representing the icon of the application installed in user
device. This interface allows users to have a overview of all the application installed and
click to the application icon to view the specific application detail and manage the application
which will be shown in Figure 6.4.

Figure 6.3: Apps list interface

6.2.3

Application detail interface

This is the interface where the user can manage the application by three options. Those are
force close, bookmark or uninstall the application. Force close button is used to close the
application immediately. Bookmark button is used to bookmark those suspicious application
to monitor and uninstall button is to uninstall the application form the device immediately.
Besides that, the white field will show up the permission granted for this application. This
provides user an easier way to view the permission of application installed.

17

Figure 6.4: Application detail interface

6.2.4

Application list permission interface

The permission list interface is the interface to show all the permission of the application by
group of category, user can click on any group of the permission and the permission group
will expand its sub item in below of it. After click on the category of permission group, the
interface will be shown in Figure 6.6.

Figure 6.5: Permission list interface

18
6.2.5

Permission list interface design cont. design

This is the permission list interface after click on the category of permission group.
When the category of permission group is clicked, the permission group is expanded and the
application icon with those permission will show up. The icon of the application is also can
be clicked so that it will bring user to the application detail interface in Figure 6.4

Figure 6.6: Permission list interface cont. interface

6.2.6

Bookmarked list

The bookmarked list interface is displaying all the application that is bookmarked by user.
This interface provide the information about the application trace of accessing the phone
function. User can view through the application and when user had decided to uninstall the
application, user can click on the icon, the application will bring user to the application detail
interface in the Figure 6.4 where user can manage this application whether to uninstall it or
force close it.

19

Figure 6.7: Bookmarked list interface