Zhang Lei,Zhemin Yang,Yuyu He,Zhenyu Zhang,Zhiyun Qian,Geng Hong,Yuan Zhang,Min Yang

DOI: https://doi.org/10.1145/3243734.3243843

2018-01-01

Abstract:Android integrates an increasing number of features into system services to manage sensitive resources, such as location, medical and social network information. To prevent untrusted apps from abusing the services, Android implements a comprehensive set of access controls to ensure proper usage of sensitive resources. Unlike explicit permission-based access controls that are discussed extensively in the past, our paper focuses on the widespread yet undocumented input validation problem. As we show in the paper, there are in fact more input validations acting as security checks than permission checks, rendering them a critical foundation for Android framework. Unfortunately, these validations are unstructured, ill-defined, and fragmented, making it challenging to analyze. To this end, we design and implement a tool, called Invetter, that combines machine learning and static analysis to locate sensitive input validations that are problematic in system services. By applying Invetter to 4 different AOSP codebases and 4 vendor-customized images, we locate 103 candidate insecure validations. Among the true positives, we are able to confirm that at least 20 of them are truly exploitable vulnerabilities by constructing various attacks such as privilege escalation and private information leakage.

Yuhong Nan,Zhemin Yang,Min Yang,Shunfan Zhou,Yuan Zhang,Guofei Gu,Xiaofeng Wang,Limin Sun

DOI: https://doi.org/10.1109/tifs.2016.2631949

IF: 7.231

2017-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Identifying sensitive user inputs is a prerequisite for privacy protection in mobile applications. When it comes to today’s program analysis systems, however, only those data that go through well-defined system Application Program Interface (system controlled resources) can be automatically labeled. In this paper, we show that this conventional approach is far from adequate, as most sensitive inputs are actually entered by the user at an app’s runtime. In this paper, we inspect 13,072 top apps from Google Play, and find that 38.69% of them involve sensitive user inputs. Just like system controlled resources, these data are also exposed to a series of privacy leakage threats. For these sensitive user inputs, manually marking them involves a lot of efforts, impeding a large-scale, automated analysis of apps to defend against potential privacy leakage. To address this important issue, we present UIPicker, an adaptable framework for automatic identification of sensitive user inputs as the first step. UIPicker is designed to detect the semantic information within the application layout resources and the program code, and further analyze it for the locations where security-critical information may show up. This approach can support a variety of existing security analysis on mobile apps. We evaluate our approach over randomly selected popular apps on Google Play. UIPicker is able to accurately label sensitive user inputs most of the time, with 94.0% precision and 96.0% recall.

Yajin Zhou,Xuxian Jiang

2013-01-01

Abstract:In this paper, we systematically study two vulnerabilities and their presence in existing Android applications (or “apps”). These two vulnerabilities are rooted in an unprotected Android component, i.e., content provider, inside vulnerable apps. Because of the lack of necessary access control enforcement, affected apps can be exploited to either passively disclose various types of private in-app data or inadvertently manipulate certain security-sensitive in-app settings or configurations that may subsequently cause serious system-wide side effects (e.g., blocking all incoming phone calls or SMS messages). To assess the prevalence of these two vulnerabilities, we analyze 62, 519 apps collected in February 2012 from various Android markets. Our results show that among these apps, 1, 279 (2.0%) and 871 (1.4%) of them are susceptible to these two vulnerabilities, respectively. In addition, we find that 435 (0.7%) and 398 (0.6%) of them are accessible from official Google Play and some of them are extremely popular with more than 10, 000, 000 installs. The presence of a large number of vulnerable apps in popular Android markets as well as the variety of private data for leaks and manipulation reflect the severity of these two vulnerabilities. To address them, we also explore and examine possible mitigation solutions.

Tien-Duy B. Le,Lingfeng Bao,David Lo,Debin Gao,Li

DOI: https://doi.org/10.1109/iceccs2018.2018.00014

2018-01-01

Abstract:Android is the most widely used mobile operating system with billions of users and devices. The popularity of Android apps have enticed malware writers to target them. Recently, Jamrozik et al. proposed an approach, named Boxmate, to mine sandboxes to protect Android users from malicious behaviors. In a nutshell, Boxmate analyzes the execution of an app, and collects a list of sensitive APIs that are invoked by that app in a monitoring phase. Then, it constructs a sandbox that can restrict accesses to sensitive APIs not called by the app. In such a way, malicious behaviors that are not observed in the monitoring phase - occurring, for example, due to malicious code injection during an attack - can be prevented. Nevertheless, Boxmate only focuses on a specific API type (i.e., sensitive APIs); it also ignores parameter values of many API methods and requested permissions during the execution of a target app. As a result, Boxmate is not able to detect malicious behaviors in many cases. In this work, we address the limitation of Jamrozik et al.'s work by considering input parameters of many different types of API methods for mining a more comprehensive sandbox. Given a benign app, we first extract a list of Android permissions that the app may request during its execution. Next, we leverage an automated test case generation tool, named Droidbot, to generate a rich set of GUI test cases for exploring behaviors of the app. During the execution of these test cases, we analyze the execution of four different types of API methods. Furthermore, we record input parameters to these API methods, and classify those into four different categories. We leverage the collected parameter values, and the list of requested permissions to create a sandbox that can protect users from malicious behaviors. Our experiments on 25 pairs of real benign and malicious apps show that our approach is more effective than the coarse-and fine-grained variants of Boxmate by 267.37% and 81.64% in terms of F-measure respectively.

Yang Min,Yang Zhemin,Nan Yuhong,Zhou Shunfan,Zhang Yuan

2015-01-01

Abstract:The invention belongs to the technical field of program information security detection and particularly relates to a method for identifying permission-irrelevant private data in an Android application program. The method comprises four stages of data preprocessing, privacy related text analysis, non-permission privacy related interface element identification and static code information stream analysis based filtration; and mainly aiming at the permission-irrelevant private data in the Android application program outside the protection range of a permission model of an Android system, a machine learning technology and a conventional static information stream analysis technology are combined for identification. The private data can be marked as a sensitive data source by identifying the private data, and a basis is provided for monitoring and protection of the private data by further combination of a conventional static information stream analysis and detection technology or a dynamic stain information tracking and detection technology, so that the leakage risk of the private data of a user is lowered.

Xiao-Chuan MIAO,Rui WANG,Lei XU,Wei-Feng ZHANG,Bao-Wen XU

DOI: https://doi.org/10.13328/j.cnki.jos.005177

2017-01-01

Abstract:Android system dominates the mobile operating systems at present.Compared with iOS system,Android system is more open and has lots of third-party markets with loose audit mechanism.Therefore,there are more malwares in Android platform.In this paper,an Android security analysis based on sensitive path identification,which includes the static analysis and machine learning methods,is presented.Firstly,since malicious behaviors in malwares have their trigger conditions,the definition of sensitive path is provided.Secondly,a method is proposed to generate the inter-component call graph based on APK files base in the fact that there are a lot of inter-component call relations in Android applications.Thirdly,since the sensitive paths cannot be directly used as features,a method is designed to abstract the sensitive paths.Finally,493 applications APK files are collected from Android markets and the existing data sets,such as Google Play,Wandoujia and Drebin,to construct a benchmark.Experiments indicate that the proposed method has higher accuracy (97.97％) than the method based on API-feature (90.47％),and its precision,recall and F-measure are also better than API-feature method.Furthermore,the scale of the APK file has influence to the experiment results,especially in analyzing time (when the APK files are within 0-4MB,the average analyzing time is 89 seconds;and when the files become larger,the time increases significantly).

Aimin Zhang,Yi He,Yong Jiang

DOI: https://doi.org/10.1109/pccc.2016.7820625

2016-01-01

Abstract:Android has become the largest-selling operating system for smartphones, and thousands of new Android applications are developed and published everyday. However, quality, not quantity, is the real mobile application problem. The robustness of Android applications are worrisome as many of them always have crash bugs. It's unrealistic to rely on developers' experience to eliminate them all. There are so many input sources and we cannot assume developers will check all data from them properly. And some Android system services suffer denial-of-service attacks because of crash bugs due to their poor input validation. Crash bugs not only degrade user experience but also may raise security issues. In this paper, we propose a heuristic approach which combines static analysis and semi-random input generation to detect crash bugs related to input data processing in Android applications. We present techniques for automatic generating input data, injecting them to an application, producing structured trace information. We perform experiments on 100 Android applications and find 28 of them have crash bugs due to their poor input validation. We believe our study and techniques also have the potential to release developers from boring testing tasks to a certain extent and help developers improve quality of their Android applications.

Benjamin Andow,Akhil Acharya,Dengfeng Li,William Enck,Kapil Singh,Tao Xie

DOI: https://doi.org/10.1145/3098243.3098247

2017-01-01

Abstract:Mobile applications frequently request sensitive data. While prior work has focused on analyzing sensitive-data uses originating from well-defined API calls in the system, the security and privacy implications of inputs requested via application user interfaces have been widely unexplored. In this paper, our goal is to understand the broad implications of such requests in terms of the type of sensitive data being requested by applications. To this end, we propose UiRef (User Input REsolution Framework), an automated approach for resolving the semantics of user inputs requested by mobile applications. UiRef's design includes a number of novel techniques for extracting and resolving user interface labels and addressing ambiguity in semantics, resulting in significant improvements over prior work. We apply UiRef to 50,162 Android applications from Google Play and use outlier analysis to triage applications with questionable input requests. We identify concerning developer practices, including insecure exposure of account passwords and non-consensual input disclosures to third parties. These findings demonstrate the importance of user-input semantics when protecting end users.

Yuhong Nan,Min Yang,Zhemin Yang,Shunfan Zhou,Guofei Gu,XiaoFeng Wang

2015-01-01

Abstract:Identifying sensitive user inputs is a prerequisite for privacy protection. When it comes to today's program analysis systems, however, only those data that go through well-defined system APIs can be automatically labelled. In our research, we show that this conventional approach is far from adequate, as most sensitive inputs are actually entered by the user at an app's runtime: in our research, we inspect 17, 425 top apps from Google Play, and find that 35.46% of them involve sensitive user inputs. Manually marking them involves a lot of effort, impeding a large-scale, automated analysis of apps for potential information leaks. To address this important issue, we present UIPicker, an adaptable framework for automatic identification of sensitive user inputs. UIPicker is designed to detect the semantic information within the application layout resources and program code, and further analyze it for the locations where security-critical information may show up. This approach can support a variety of existing security analysis on mobile apps. We further develop a runtime protection mechanism on top of the technique, which helps the user make informed decisions when her sensitive data is about to leave the device in an unexpected way. We evaluate our approach over 200 randomly selected popular apps on Google-Play. UIPicker is able to accurately label sensitive user inputs most of the time, with 93.6% precision and 90.1% recall.

Wenqi Bu,Minhui Xue,Lihua Xu,Yajin Zhou,Zhushou Tang,Tao Xie

DOI: https://doi.org/10.1145/3106237.3117764

2017-08-21

Abstract:Despite recent progress in program analysis techniques to identify vulnerabilities in Android apps, significant challenges still remain for applying these techniques to large-scale industrial environments. Modern software-security providers, such as Qihoo 360 and Pwnzen (two leading companies in China), are often required to process more than 10 million mobile apps at each run. In this work, we focus on effectively and efficiently identifying vulnerable usage of Internet sockets in an industrial setting. To achieve this goal, we propose a practical hybrid approach that enables lightweight yet precise detection in the industrial setting. In particular, we integrate the process of categorizing potential vulnerable apps with analysis techniques, to reduce the inevitable human inspection effort. We categorize potential vulnerable apps based on characteristics of vulnerability signatures, to reduce the burden on static analysis. We flexibly integrate static and dynamic analyses for apps in each identified family, to refine the family signatures and hence target on precise detection. We implement our approach in a practical system and deploy the system on the Pwnzen platform. By using the system, we identify and report potential vulnerabilities of 24 vulnerable apps (falling into 3 vulnerability families) to their developers, and some of these reported vulnerabilities are previously unknown. The apps of each vulnerability family in total have over 50 million downloads. We also propose countermeasures and highlight promising directions for technology transfer.

Weiping WEN,Yang TANG,Li SHEN

DOI: https://doi.org/10.3969/j.issn.1671-1122.2016.08.004

2016-01-01

Abstract:In the era of intelligent mobile terminal, because of the characteristics of openness and free of charge, Android has become one of the major operation systems on the market. However, a large number of Android viruses, Trojans and malicious software have been serious threats to the privacy and property securities of smart phone users. In the Android operation system, although it is necessary to apply the authorities to the system for sensitive operations, and there are some system modules related to authority control, malicious software can use the system vulnerabilities or third party program vulnerabilities to carry out the attack. To meet the need of Android applications sensitive behaviors detection, this paper analyzes the popular applications behaviors detection tools in the Android system, designs and implements an Android applications dynamic detection system. The system can monitor the Android applications sensitive behaviors in real time, and provides help for the detection of malicious programs.

Xiaoyu Sun,Xiao Chen,Li Li,Haipeng Cai,John Grundy,Jordan Samhi,Tegawendé F. Bissyandé,Jacques Klein

DOI: https://doi.org/10.48550/arXiv.2210.10997

2022-10-20

Abstract:Security of Android devices is now paramount, given their wide adoption among consumers. As researchers develop tools for statically or dynamically detecting suspicious apps, malware writers regularly update their attack mechanisms to hide malicious behavior implementation. This poses two problems to current research techniques: static analysis approaches, given their over-approximations, can report an overwhelming number of false alarms, while dynamic approaches will miss those behaviors that are hidden through evasion techniques. We propose in this work a static approach specifically targeted at highlighting hidden sensitive operations, mainly sensitive data flows. The prototype version of HiSenDroid has been evaluated on a large-scale dataset of thousands of malware and goodware samples on which it successfully revealed anti-analysis code snippets aiming at evading detection by dynamic analysis. We further experimentally show that, with FlowDroid, some of the hidden sensitive behaviors would eventually lead to private data leaks. Those leaks would have been hard to spot either manually among the large number of false positives reported by the state of the art static analyzers, or by dynamic tools. Overall, by putting the light on hidden sensitive operations, HiSenDroid helps security analysts in validating potential sensitive data operations, which would be previously unnoticed.

Cryptography and Security,Software Engineering

Zhe Liu,Chunyang Chen,Junjie Wang,Mengzhuo Chen,Boyu Wu,Xing Che,Dandan Wang,Qing Wang

DOI: https://doi.org/10.48550/arXiv.2310.15657

2023-10-24

Abstract:Mobile applications have become a ubiquitous part of our daily life, providing users with access to various services and utilities. Text input, as an important interaction channel between users and applications, plays an important role in core functionality such as search queries, authentication, messaging, etc. However, certain special text (e.g., -18 for Font Size) can cause the app to crash, and generating diversified unusual inputs for fully testing the app is highly demanded. Nevertheless, this is also challenging due to the combination of explosion dilemma, high context sensitivity, and complex constraint relations. This paper proposes InputBlaster which leverages the LLM to automatically generate unusual text inputs for mobile app crash detection. It formulates the unusual inputs generation problem as a task of producing a set of test generators, each of which can yield a batch of unusual text inputs under the same mutation rule. In detail, InputBlaster leverages LLM to produce the test generators together with the mutation rules serving as the reasoning chain, and utilizes the in-context learning schema to demonstrate the LLM with examples for boosting the performance. InputBlaster is evaluated on 36 text input widgets with cash bugs involving 31 popular Android apps, and results show that it achieves 78% bug detection rate, with 136% higher than the best baseline. Besides, we integrate it with the automated GUI testing tool and detect 37 unseen crashes in real-world apps from Google Play.

Software Engineering

Yang Min,Yang Zhemin,Zhang Lei,He Yuyu,Zhang Yuan

2020-01-01

Abstract:The invention belongs to the technical field of program dynamic analysis and testing, and particularly relates to a self-adaptive text input generation method based on natural language processing andmachine learning. The method comprises the steps of extracting constraint information based on a UI structure and machine learning, firstly obtaining UI interface information in an Android applicationdynamic test in real time, extracting generated text information, identifying all constraint information by utilizing a machine learning method, and binding the constraint information with a corresponding input box; performing constraint information analysis based on natural language processing, performing multi-classification on the extracted constraint information by using a CNN-RNN classifier,performing corresponding analysis processing on constraints belonging to different classification categories by using a natural language processing method, and extracting constraint components related to text input; and converting the constraint information into an input format of a character string generator based on generation of text input of the character string solver, and filling the inputformat into an input box. The method can help to dynamically test and analyze tools and improve the code coverage rate and the detection rate of privacy, vulnerabilities and the like during testing.

Xin Su,Qingbo Gong,Yi Zheng,Xuchong Liu,Kuan-Ching Li

DOI: https://doi.org/10.1155/2020/3658795

2020-03-10

Abstract:Recently, brain-machine interfacing is very popular that link humans and artificial devices through brain signals which lead to corresponding mobile application as supplementary. The Android platform has developed rapidly because of its good user experience and openness. Meanwhile, these characteristics of this platform, which cause the amazing pace of Android malware, pose a great threat to this platform and data correction during signal transmission of brain-machine interfacing. Many previous works employ various behavioral characteristics to analyze Android application (or app) and detect Android malware to protect signal data secure. However, with the development of Android app, category of Android app tends to be diverse, and the Android malware behavior tends to be complex. This situation makes existing Android malware detections complicated and inefficient. In this paper, we propose a broad analysis, gathering as many behavior characteristics of an app as possible and compare these behavior characteristics in several metrics. First, we extract static and dynamic behavioral characteristic from Android app in an automatic manner. Second, we explain the decision we made in each kind of behavioral characteristic we choose for Android app analysis and Android malware detection. Third, we design a detailed experiment, which compare the efficiency of each kind of behavior characteristic in different aspects. The results of experiment also show Android malware detection performance of these behavior characteristics combine with well-known machine learning algorithms.

Wei XIAO,Yuan ZHANG,Min YANG

2017-01-01

Abstract:Intent is the built-in communication scheme among Android applications.If the receiver of an intent does not validate malformed data properly,the process that holds it will crash.To automatically diagnose this kind of vulnerability,we design and implement IntentChecker which leverages both static and dynamic analysis techniques.IntentChecker statically examines the data flow paths from the received intent and identifies this kind of vulnerability within the path,without requiring the application's source code.Besides,IntentChecker extracts key features of the detected vulnerabilities,and dynamically verifies these vulnerabilities.To analyze large-scale of applications in app-store efficiently,IntentChecker could schedule the analysis resources only on the most vulnerable code sections.This optimization greatly accelerates the analysis process without significantly impacting the effectiveness.The experiments on largescale applications show that about 19％ of popular applications are vulnerable and the detection only costs 15s per application on average.

Xiaoyu Sun,Xiao Chen,Kui Liu,Sheng Wen,Li Li,John Grundy

DOI: https://doi.org/10.1109/issre52982.2021.00058

2021-10-01

Abstract:While extremely valuable to achieve advanced functions, mobile phone sensors can be abused by attackers to implement malicious activities in Android apps, as experimentally demonstrated by many state-of-the-art studies. There is hence a strong need to regulate the usage of mobile sensors so as to keep them from being exploited by malicious attackers. However, despite the fact that various efforts have been put in achieving this, i.e., detecting privacy leaks in Android apps, we have not yet found approaches to automatically detect sensor leaks in Android apps. To fill the gap, we designed and implemented a novel prototype tool, Seeker, that extends the famous FlowDroid tool to detect sensor-based data leaks in Android apps. Seeker conducts sensor-focused static taint analyses directly on the Android apps' bytecode and reports not only sensor-triggered privacy leaks but also the sensor types involved in the leaks. Experimental results using over 40,000 real-world Android apps show that Seeker is effective in detecting sensor leaks in Android apps, and malicious apps are more interested in leaking sensor data than benign apps.

Zhemin Yang,Min Yang

DOI: https://doi.org/10.1109/WCSE.2012.26

2012-01-01

Software Engineering

Abstract:With the growing popularity of Android platform, Android application market becomes a major distribution center where Android users download apps. Unlike most of the PC apps, Android apps manipulates personal information such as contract and SMS messages, and leakage of such information may cause great loss to the Android users. Thus, detecting information leakage on Android is in urgent need. However, till now, there is still no complete vetting process applied to Android markets. State-of-the-art approaches for detecting Android information leakage apply dynamic analysis on user site, thus they introduce large runtime overhead to the Android apps. This paper proposes a new approach called Leak Miner, which detects leakage of sensitive information on Android with static taint analysis. Unlike dynamic approaches, Leak Miner analyzes Android apps on market site. Thus, it does not introduce runtime overhead to normal execution of target apps. Besides, Leak Miner can detect information leakage before apps are distributed to users, so malicious apps can be removed from market before users download them. Our evaluation result shows that Leak Miner can detect 145 true information leakages inside a 1750 app set.

FAN Ming,LIU Ting,LIU Jun,LUO Xiapu,YU Le,GUAN Xiaohong,Le YU,Xiaohong GUAN,Ming FAN,Xiapu LUO,Ting LIU,Jun LIU

DOI: https://doi.org/10.1360/ssi-2019-0149

2020-07-31

Scientia Sinica Informationis

Abstract:Android has become the most popular mobile operating system in the past ten years due to its three main advantages, namely, the openness of source code, richness of hardware selection, and millions of applications (apps). It is of no surprise that Android has become the major target of malware. The rapid increase in the number of Android malware poses big threats to smart phone users such as financial charges, information collection, and remote control. Thus, the in-depth study of the security issues of mobile apps is of great importance to the sound development of the smart phone ecosystem. We first introduce the existing problems and challenges of malware analysis, and then summarize the widely-used benchmark datasets. After that, we divide the existing malware analysis methods into three categories, including signature-based methods, machine learning-based methods, and behavior-based methods. We further summarize the techniques used in each method, and compare and analyze the advantages and disadvantages of different techniques. Finally, combined with our own research foundation in malware analysis, we explore and discuss future research directions and challenges.

Junjie Tang,Xingmin Cui,Ziming Zhao,Shanqing Guo,Xinshun Xu,Chengyu Hu,Tao Ban,Bing Mao

DOI: https://doi.org/10.1109/icst.2017.56

2017-01-01

Abstract:In the Android system design, any app can start another app's public components to facilitate code reuse by sending an asynchronous message called Intent. In addition, Android also allows an app to have private components that should only be visible to the app itself. However, malicious apps can bypass this system protection and directly invoke private components in vulnerable apps through a class of newly discovered vulnerability, which is called next-intent vulnerability. In this paper, we design an intent flow analysis strategy which accurately tracks the intent in smali code to statically detect next-intent vulnerabilities efficiently and effectively on a large scale. We further propose an automated approach to dynamically verify the discovered vulnerabilities by generating exploit apps. Then we implement a tool named NIVAnalyzer and evaluate it on 20,000 apps downloaded from Google Play. As the result, we successfully confirms 190 vulnerable apps, some of which even have millions of downloads. We also confirmed that an open-source project and a third-party SDK, which are still used by other apps, have next intent vulnerabilities.