Yi Zhong,Mengyu Shi,Jiawei He,Chunrong Fang,Zhenyu Chen

DOI: https://doi.org/10.1002/spe.3257

2023-01-01

Abstract:Android's high market share and extensive functionality make its security a significant concern. Research reveals that many security issues are caused by insecure coding practices. As a poor design indicator, code smell threatens the safety and quality assurance of Android applications (apps). Although previous works revealed specific problems associated with code smells, the field still lacks research reflecting Android features. Moreover, the cost and time limit developers to repairing numerous smells timely. We conducted a study, including Def inition, D etection, and I mpact Q uantification for Android code smell (DefDIQ): (1) define 15 novel code smells in Android from a security programming perspective and provide suggestions on how to eliminate or mitigate them; (2) implement DACS (Detect Android Code Smell) to automatically detect the custom code smells based on ASTs; (3) investigate the correlation between individual smells with DACS detection results, select suitable code smells to construct fault counting models, then quantify their impact on quality, and thereby generating code smell repair priorities. We conducted experiments on 4575 open‐source apps, and the findings are: (i) Lin's CCC between DACS and manual detection results reaches 0.9994, verifying the validity; (ii) the fault counting model constructed by zero‐inflated negative binomial is superior to negative binomial (AIC = 517.32, BIC = 522.12); some smells do indicate fault‐proneness, and we identify such avoidable poor designs; (iii) different code smells have different levels of importance and the repair priorities constructed provide a practical guideline for researchers and inexperienced developers.

Mohammad Ghafari,Pascal Gadient,Oscar Nierstrasz

DOI: https://doi.org/10.1109/SCAM.2017.24

2020-06-02

Abstract:The ubiquity of smartphones, and their very broad capabilities and usage, make the security of these devices tremendously important. Unfortunately, despite all progress in security and privacy mechanisms, vulnerabilities continue to proliferate. Research has shown that many vulnerabilities are due to insecure programming practices. However, each study has often dealt with a specific issue, making the results less actionable for practitioners. To promote secure programming practices, we have reviewed related research, and identified avoidable vulnerabilities in Android-run devices and the "security code smells" that indicate their presence. In particular, we explain the vulnerabilities, their corresponding smells, and we discuss how they could be eliminated or mitigated during development. Moreover, we develop a lightweight static analysis tool and discuss the extent to which it successfully detects several vulnerabilities in about 46,000 apps hosted by the official Android market.

Cryptography and Security,Software Engineering

Pascal Gadient,Mohammad Ghafari,Patrick Frischknecht,Oscar Nierstrasz

DOI: https://doi.org/10.1007/s10664-018-9673-y

2018-12-10

Abstract:Android Inter-Component Communication (ICC) is complex, largely unconstrained, and hard for developers to understand. As a consequence, ICC is a common source of security vulnerability in Android apps. To promote secure programming practices, we have reviewed related research, and identified avoidable ICC vulnerabilities in Android-run devices and the security code smells that indicate their presence. We explain the vulnerabilities and their corresponding smells, and we discuss how they can be eliminated or mitigated during development. We present a lightweight static analysis tool on top of Android Lint that analyzes the code under development and provides just-in-time feedback within the IDE about the presence of such smells in the code. Moreover, with the help of this tool we study the prevalence of security code smells in more than 700 open-source apps, and manually inspect around 15% of the apps to assess the extent to which identifying such smells uncovers ICC security vulnerabilities.

Cryptography and Security,Software Engineering

Xiao-Chuan MIAO,Rui WANG,Lei XU,Wei-Feng ZHANG,Bao-Wen XU

DOI: https://doi.org/10.13328/j.cnki.jos.005177

2017-01-01

Abstract:Android system dominates the mobile operating systems at present.Compared with iOS system,Android system is more open and has lots of third-party markets with loose audit mechanism.Therefore,there are more malwares in Android platform.In this paper,an Android security analysis based on sensitive path identification,which includes the static analysis and machine learning methods,is presented.Firstly,since malicious behaviors in malwares have their trigger conditions,the definition of sensitive path is provided.Secondly,a method is proposed to generate the inter-component call graph based on APK files base in the fact that there are a lot of inter-component call relations in Android applications.Thirdly,since the sensitive paths cannot be directly used as features,a method is designed to abstract the sensitive paths.Finally,493 applications APK files are collected from Android markets and the existing data sets,such as Google Play,Wandoujia and Drebin,to construct a benchmark.Experiments indicate that the proposed method has higher accuracy (97.97％) than the method based on API-feature (90.47％),and its precision,recall and F-measure are also better than API-feature method.Furthermore,the scale of the APK file has influence to the experiment results,especially in analyzing time (when the APK files are within 0-4MB,the average analyzing time is 89 seconds;and when the files become larger,the time increases significantly).

Jinran Du,Huajun Chen,Weijie Zhong,Zhen Liu,Aidong Xu

DOI: https://doi.org/10.1109/icsai.2018.8599356

2018-01-01

Abstract:With the rapid spread of wireless networks and 4G networks, the application of mobile intelligent terminals has become more and more widespread. At the same time, there are more and more malicious software for mobile terminals, especially for the Android platform. Aiming at the detection problem of Android malicious code, a dynamic and static combined Android malicious code detection model based on SVM was proposed. Firstly, the dynamic and static features of Android program are extracted. Then, these features were vectored, used for the training and testing of SVM (Support vector machine). As shown in the experiments, the correct detection rate of Android malware is as high as 94.38%, recall rate achieving 98.46%, proved the effectiveness of the method.

Sarra Habchi,Naouel Moha,Romain Rouvoy

DOI: https://doi.org/10.48550/arXiv.2010.07121

2020-10-14

Abstract:Object-oriented code smells are well-known concepts in software engineering that refer to bad design and development practices commonly observed in software systems. With the emergence of mobile apps, new classes of code smells have been identified by the research community as mobile-specific code smells. These code smells are presented as symptoms of important performance issues or bottlenecks. Despite the multiple empirical studies about these new code smells, their diffuseness and evolution along change histories remains unclear. We present in this article a large-scale empirical study that inspects the introduction, evolution, and removal of Android code smells. This study relies on data extracted from 324 apps, a manual analysis of 561 smell-removing commits, and discussions with 25 Android developers. Our findings reveal that the high diffuseness of mobile-specific code smells is not a result of releasing pressure. We also found that the removal of these code smells is generally a side effect of maintenance activities as developers do not refactor smell instances even when they are aware of them.

Software Engineering

Xin Su,Qingbo Gong,Yi Zheng,Xuchong Liu,Kuan-Ching Li

DOI: https://doi.org/10.1155/2020/3658795

2020-03-10

Abstract:Recently, brain-machine interfacing is very popular that link humans and artificial devices through brain signals which lead to corresponding mobile application as supplementary. The Android platform has developed rapidly because of its good user experience and openness. Meanwhile, these characteristics of this platform, which cause the amazing pace of Android malware, pose a great threat to this platform and data correction during signal transmission of brain-machine interfacing. Many previous works employ various behavioral characteristics to analyze Android application (or app) and detect Android malware to protect signal data secure. However, with the development of Android app, category of Android app tends to be diverse, and the Android malware behavior tends to be complex. This situation makes existing Android malware detections complicated and inefficient. In this paper, we propose a broad analysis, gathering as many behavior characteristics of an app as possible and compare these behavior characteristics in several metrics. First, we extract static and dynamic behavioral characteristic from Android app in an automatic manner. Second, we explain the decision we made in each kind of behavioral characteristic we choose for Android app analysis and Android malware detection. Third, we design a detailed experiment, which compare the efficiency of each kind of behavior characteristic in different aspects. The results of experiment also show Android malware detection performance of these behavior characteristics combine with well-known machine learning algorithms.

Christopher S. Gates,Ninghui Li,Hao Peng,Bhaskar Sarma,Yuan Qi,Rahul Potharaju,Cristina Nita-Rotaru,Ian Molloy

DOI: https://doi.org/10.1109/tdsc.2014.2302293

2014-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:One of Android's main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it presents the risk information of each app in a “stand-alone” fashion and in a way that requires too much technical knowledge and time to distill useful information. We discuss the desired properties of risk signals and relative risk scores for Android apps in order to generate another metric that users can utilize when choosing apps. We present a wide range of techniques to generate both risk signals and risk scores that are based on heuristics as well as principled machine learning techniques. Experimental results conducted using real-world data sets show that these methods can effectively identify malware as very risky, are simple to understand, and easy to use.

Guangwu Hu,Bin Zhang,Xi Xiao,Weizhe Zhang,Long Liao,Ying Zhou,Xia Yan

DOI: https://doi.org/10.3390/e23111489

2021-11-10

Abstract:Insecure applications (apps) are increasingly used to steal users' location information for illegal purposes, which has aroused great concern in recent years. Although the existing methods, i.e., static and dynamic taint analysis, have shown great merit for identifying such apps, which mainly rely on statically analyzing source code or dynamically monitoring the location data flow, identification accuracy is still under research, since the analysis results contain a certain false positive or true negative rate. In order to improve the accuracy and reduce the misjudging rate in the process of vetting suspicious apps, this paper proposes SAMLDroid, a combined method of static code analysis and machine learning for identifying Android apps with location privacy leakage, which can effectively improve the identification rate compared with existing methods. SAMLDroid first uses static analysis to scrutinize source code to investigate apps with location acquiring intentions. Then it exploits a well-trained classifier and integrates an app's multiple features to dynamically analyze the pattern and deliver the final verdict about the app's property. Finally, it is proved by conducting experiments, that the accuracy rate of SAMLDroid is up to 98.4%, which is nearly 20% higher than Apparecium.

Ya Pan,Xiuting Ge,Chunrong Fang,Yong Fan

DOI: https://doi.org/10.1109/ACCESS.2020.3002842

IF: 3.9

2020-01-01

IEEE Access

Abstract:Android malware has been in an increasing trend in recent years due to the pervasiveness of Android operating system. Android malware is installed and run on the smartphones without explicitly prompting the users or without the user's permission, and it poses great threats to users such as the leakage of personal information and advanced fraud. To address these threats, various techniques are proposed by researchers and practitioners. Static analysis is one of these techniques, which is widely applied to Android malware detection and can detect malware quickly and prohibit malware before installation. To provide a clarified overview of the latest work in Android malware detection using static analysis, we perform a systematic literature review by identifying 98 studies from January 2014 to March 2020. Based on the features of applications, we first divide static analysis in Android malware detection into four categories, which include Android characteristic-based method, opcode-based method, program graph-based method, and symbolic execution-based method. Then we assess the malware detection capability of static analysis, and we compare the performance of different models in Android malware detection by analyzing the results of empirical evidence. Finally, it is concluded that static analysis is effective to detect Android malware. Moreover, there is a preliminary result that neural network model outperforms the non-neural network model in Android malware detection. However, static analysis still faces many challenges. Thus, it is necessary to derive some novel techniques for improving Android malware detection based on the current research community. Moreover, it is essential to establish a unified platform that is used to evaluate the performance of a series of techniques in Android malware detection fairly.

Ali Muzaffar,Hani Ragab Hassen,Hind Zantout,Michael A Lones

2024-08-26

Abstract:The popularity of Android means it is a common target for malware. Over the years, various studies have found that machine learning models can effectively discriminate malware from benign applications. However, as the operating system evolves, so does malware, bringing into question the findings of these previous studies, many of which report very high accuracies using small, outdated, and often imbalanced datasets. In this paper, we reimplement 18 representative past works and reevaluate them using a balanced, relevant, and up-to-date dataset comprising 124,000 applications. We also carry out new experiments designed to fill holes in existing knowledge, and use our findings to identify the most effective features and models to use for Android malware detection within a contemporary environment. We show that high detection accuracies (up to 96.8%) can be achieved using features extracted through static analysis alone, yielding a modest benefit (1%) from using far more expensive dynamic analysis. API calls and opcodes are the most productive static and TCP network traffic provide the most predictive dynamic features. Random forests are generally the most effective model, outperforming more complex deep learning approaches. Whilst directly combining static and dynamic features is generally ineffective, ensembling models separately leads to performances comparable to the best models but using less brittle features.

Machine Learning,Cryptography and Security

Zhen-yu ZHANG,Dong-lai ZHU,Zhe-min YANG,Min YANG

DOI: https://doi.org/10.3969/j.issn.1000-1220.2019.08.037

2019-01-01

Abstract:Anti-analysis techniques refers to a series of mechanisms to evade program analysis. Benign application authors use anti-a-nalysis techniques to protect their application from cracking by other developers,while malware authors use anti-analysis techniques to evade detection. However,there isn′t any systematic study on the influence of anti-analysis techniques on the security of Android eco-system. To conduct this study,we design and implement AATPacker,which can apply dynamic code loading,anti-emulator,anti-debug and integrity check techniques to APK files automatically. We are the first to evaluate the anti-anti-analysis ability of the commercial packing services. We conduct our experiment on 239 application samples which are hardened from 31 original samples with different combinations of anti-analysis techniques by AATPacker. We observed that current anti-anti-analysis researches are not fully used,and using anti-analysis techniques will dramatically hinder the security check in Android ecosystem. By applying anti-analysis techniques, the detection rate of malware significantly decreased;on the other side,benign application was falsely detected. Among all the anti-a-nalysis techniques,dynamic code loading has the greatest impact on the security of Android ecosystem.

Aakanshi Gupta,Nidhi Kumari Chauhan

DOI: https://doi.org/10.1007/s13369-021-06077-6

IF: 2.807

2021-09-01

Arabian Journal for Science and Engineering

Abstract:Code smells instigate due to the consistent adoption of bad programming and implementation styles during the evolution of the software which adversely affects the software quality. They are essentially focused and prioritized for their effective removal based on their severity. The study proposed a hybrid approach for inspecting the severity based on the code smell intensity in Kotlin language and comparing the code smells which are found equivalent in Java language. The research work is examined on five common code smells that are complex method, large class long method, long parameter list, string literal duplication, and too many methods over 30 open-source systems (15 Kotlin/15 Java). The experiment compares different machine learning algorithms for the computation of human-readable code smell detection rules for Kotlin, where the JRip algorithm proved to be the best machine learning algorithm with 96% and 97% of overall precision and accuracy, validated at 10-fold cross-validation. Further, the severity of code smell at the class level is evaluated for prioritization of applications written in Kotlin and Java language. Moreover, the process of severity computation is semiautomated using the CART model, and thus, metric-based severity classification rules are achieved. The experimentation provides a complete understanding of prioritization of code smells in Kotlin and Java and helps to attain prioritized refactoring which will enhance the utilization of resources and minimize the overhead rework cost.

multidisciplinary sciences

FAN Ming,LIU Ting,LIU Jun,LUO Xiapu,YU Le,GUAN Xiaohong,Le YU,Xiaohong GUAN,Ming FAN,Xiapu LUO,Ting LIU,Jun LIU

DOI: https://doi.org/10.1360/ssi-2019-0149

2020-07-31

Scientia Sinica Informationis

Abstract:Android has become the most popular mobile operating system in the past ten years due to its three main advantages, namely, the openness of source code, richness of hardware selection, and millions of applications (apps). It is of no surprise that Android has become the major target of malware. The rapid increase in the number of Android malware poses big threats to smart phone users such as financial charges, information collection, and remote control. Thus, the in-depth study of the security issues of mobile apps is of great importance to the sound development of the smart phone ecosystem. We first introduce the existing problems and challenges of malware analysis, and then summarize the widely-used benchmark datasets. After that, we divide the existing malware analysis methods into three categories, including signature-based methods, machine learning-based methods, and behavior-based methods. We further summarize the techniques used in each method, and compare and analyze the advantages and disadvantages of different techniques. Finally, combined with our own research foundation in malware analysis, we explore and discuss future research directions and challenges.

Zhiqiang Wang,Gefei Li,Zihan Zhuo,Xiaorui Ren,Yuheng Lin,Jieming Gu

DOI: https://doi.org/10.1155/2022/1289175

IF: 1.968

2022-02-24

Security and Communication Networks

Abstract:Android has become the most popular mobile intelligent operating system with its open platform, diverse applications, and excellent user experience. However, at the same time, more and more attackers take Android as the primary target. The application store, which is the main download source for users, still does not have a complete security authentication mechanism. Given the above problems, we designed an Android application classification model based on multiple semantic features. Firstly, we use analysis tools to automatically extract the application’s dynamic and static features into the text document and use variance and chi-square tests to optimize the features. Combined with natural language processing (NLP), we transform the feature file into a two-dimensional matrix and use the convolution neural network (CNN) to learn features efficiently. Also, to make the model satisfy more application scenarios, we design a dynamic adjustment method according to user requirements, the number of features, and other indicators. The experimental results demonstrate that the detection accuracy of malware is 99.3921%. We also measure this model’s performance in detecting a malware family and benign application, with the classification accuracy of 99.5614% and 99.9046%, respectively.

computer science, information systems,telecommunications

Aakanshi Gupta,Bharti Suri,Deepanshu Sharma,Sanjay Misra,Luis Fernandez-Sanz

DOI: https://doi.org/10.1038/s41598-024-67660-z

2024-07-26

Abstract:In the digitization era, the battery consumption factor plays a vital role for the devices that operate Android software, expecting them to deliver high performance and good maintainability.The study aims to analyze the Android-specific code smells, their impact on battery consumption, and the formulation of a mathematical model concerning static code metrics hampered by the code smells. We studied the impact on battery consumption by three Android-specific code smells, namely: No Low Memory Resolver (NLMR), Slow Loop (SL) and Unclosed Closable, considering 4,165 classes of 16 Android applications. We used a rule-based classification method that aids the refactoring ideology. Subsequently, multi-linear regression (MLR) modeling is used to evaluate battery usage against the software metrics of smelly code instances. Moreover, it was possible to devise a correlation for the software metric influenced by battery consumption and rule-based classifiers. The outcome confirms that the refactoring of the considered code smells minimizes the battery consumption levels. The refactoring method accounts for an accuracy of 87.47% cumulatively. The applied MLR model has an R-square value of 0.76 for NLMR and 0.668 for SL, respectively. This study can guide the developers towards a complete package for the focused development life cycle of Android code, helping them minimize smartphone battery consumption and use the saved battery lives for other operations, contributing to the green energy revolution in mobile devices.

Xi Xiao,Peng Fu,Xianni Xiao,Yong Jiang,Qing Li,Runiu Lu

DOI: https://doi.org/10.1109/iccsnt.2015.7490915

2015-01-01

Abstract:Malware in Android has enjoyed a prevalence as Android has taken up a primary market in the mobile devices. In this paper, Adaptive Regularization Of Weights (AROW) and Support Vector Machine (SVM) are used to identify malware with both the static and dynamic analysis. Permissions, control flow graphs and system calls are taken as the application's classification features. Single features, the combination of permissions and control flow graphs, and the combination of the three features are all analyzed thoroughly. Compared with the previous work, AROW and SVM with the combination of the features could increase the TPR and decrease the FPR. Furthermore, the results of AROW and SVM are profoundly evaluated in this paper. As regard to the single features, SVM could perform better with the feature of permissions or system calls, while AROW provides a better result with control flow graphs. For the combination of the features, AROW gives a better result than SVM.

Dimitri Prestat,Naouel Moha,Roger Villemaire,Florent Avellaneda

DOI: https://doi.org/10.1109/tse.2024.3363223

IF: 7.4

2024-01-01

IEEE Transactions on Software Engineering

Abstract:Code smells are the result of poor design choices within software systems that complexify source code and impede evolution and performance. Therefore, detecting code smells within software systems is an important priority to decrease technical debt. Furthermore, the emergence of mobile applications (apps) has brought new types of Android-specific code smells, which relate to limitations and constraints on resources like memory, performance and energy consumption. Among these Android-specific smells are those that describe inappropriate behaviour during the execution that may negatively impact software quality. Static analysis tools, however, show limitations for detecting these behavioural code smells and properly detecting behavioural code smells requires considering the dynamic behaviour of the apps. To dynamically detect behavioural code smells, we hence propose three contributions : (1) A method, the Dynamics method, a step-by-step method for the specification and dynamic detection of Android behavioural code smells; (2) A tool, the Dynamics tool, implementing this method on seven code smells; and (3) A validation of our approach on 538 apps from F-Droid with a comparison with the static analysis detection tools, aDoctor and Paprika, from the literature. Our method consists of four steps: (1) the specification of the code smells, (2) the instrumentation of the app, (3) the execution of the apps, and (4) the detection of the behavioural code smells. Our results show that many instances of code smells that cannot be detected with static detection tools are indeed detected with our dynamic approach with an average precision of 92.8% and an average recall of 53.4%.

engineering, electrical & electronic,computer science, software engineering

Yiming Jing,Gail-Joon Ahn,Ziming Zhao,Hongxin Hu

DOI: https://doi.org/10.1109/tdsc.2014.2366457

2015-09-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Mobile operating systems, such as Apple's iOS and Google's Android, have supported a ballooning market of feature-rich mobile applications. However, helping users understand and mitigate security risks of mobile applications is still an ongoing challenge. While recent work has developed various techniques to reveal suspicious behaviors of mobile applications, there exists little work to answer the following question: are those behaviors necessarily inappropriate? In this paper, we seek an approach to cope with such a challenge and present a continuous and automated risk assessment framework called RiskMon that uses machine-learned ranking to assess risks incurred by users' mobile applications, especially Android applications. RiskMon combines users' coarse expectations and runtime behaviors of trusted applications to generate a risk assessment baseline that captures appropriate behaviors of applications. With the baseline, RiskMon assigns a risk score on every access attempt on sensitive information and ranks applications by their cumulative risk scores. Furthermore, we demonstrate how RiskMon supports risk mitigation with automated permission revocation. We also discuss a proof-of-concept implementation of RiskMon as an extension of the Android mobile platform and provide both system evaluation and usability study of our methodology.

computer science, information systems, software engineering, hardware & architecture