Vulnerabilities in Android Apps Permissions A critical look at the implicit and explicit intent mechanism for communication between app and their components and its associated security challenges. Frank Laud Boateng 1 , Joseph Kobina Panford 2 , James Ben Hayfron-Acquah 3 1 Kwame Nkrumah University of Science and Technology, Kumasi, Ghana 2,3 Senior Lecturers, Kwame Nkrumah University of Science and Technology, Kumasi, Ghana Abstract – Modern smartphones provide application developers an interface to develop custom apps that are installed by users and expand their telecommuting needs from the home, office and on the go, with this flexibility. These third party apps may store some user’s very sensitive and private information whose leakage or breach of such privacy into public domain or some authorised persons may have access to this private information could cause some irreparable damage in some cases, cooperate espionage when users use their personal smartphone for cooperate task and having access to cooperate networks can also be compromise when user’s smartphone is besieged by a hacker or Trojan propagation. Keywords: vulnerability; collude apps; Android; Intent; smartphone; permissions; apps; IPC/ICC; iBAP; iBAPChecker; API I. INTRODUCTION Smartphones, Tablets, and Personal Digital Assistance (PDA) are the next generation telecommuting devices, though they have been here since the early 90’s. in recent years, smartphone combing telephony and mobile computing have emerged as a popular trend in consumer electronics in the history of technology. A long time ago phones were just phone that only could make calls and receive call and nothing else, and computers were stationary devices, not possible to move them around without having to disassembled and reassemble to its new location, and sometimes might got damage in the process. Modern smartphones provide app developers a standard interface to develop custom apps that are installed by user’s and to expand their telecommuting needs from on the go. Google Play Store, and other similar market serves as the repository where users can go and download these apps, though some has price for purchases, but majority of the apps in these markets are completely free. Smartphones and mobile devices are a category of mobile devices that provides advance technology and computing capabilities beyond a typical feature mobile phone. Smartphones nowadays are running a complete Operating System (OS) that provides a standardize interface for third- party app developers to create custom and off-the-shell app that can be downloaded from various app markets such as Today’s smartphone device can combine utility, mobility and entertainment owing to device features and functionalities such as 2G, 3G, 4G, Long Term Evolution (LTE), touch screen technology, accelerometer, Global Positioning System (GPS) and over 1.7Ghz of processing power, and 5G in recent months, which is still been in the testing stage and are on trials in some parts of the world, which promises to change the face of connectivity of devices. Recent smartphones support some sophisticated varieties of applications both online and offline can be either purchase or downloaded free from app markets. However, these free and in some rare cases purchased have the potential to compromise and pose as a security challenge, risk or breach on a user’s smartphone in their daily transactions and interactions such as mobile banking, online purchases and shopping and recent report of mobile money theft from user’s phones without their consents, in this regard has prompt researcher in the technology security and user privacy to dig deeper into these territory, because there is a corresponding growth in the amount of both private (personal) and cooperate (work) data stored unprotected on these smartphones. Smartphones are not only use in placing call and receiving calls, but could also be used for some other communication features such as sending and receiving Short Message Service (SMS), instant messaging apps such as WhatApp, SnapChat, Facebook Messenger and the likes, as well as sending and receiving Multimedia Message Service (MMS), video conferencing capabilities, browsing the Internet, playing games both online and offline and the use of some apps to track location by a built-in GPS, and also the use of some third-party apps to undertake some online transaction International Journal of Computer Science and Information Security (IJCSIS), Vol. 17, No. 7, July 2019 93 https://sites.google.com/site/ijcsis/ ISSN 1947-5500