Yajin Zhou,Xinwen Zhang,Xuxian Jiang,Vincent W. Freeh

DOI: https://doi.org/10.1007/978-3-642-21599-5_7

2011-01-01

Abstract:Smartphones have been becoming ubiquitous and mobile users are increasingly relying on them to store and handle personal information. However, recent studies also reveal the disturbing fact that users' personal information is put at risk by (rogue) smartphone applications. Existing solutions exhibit limitations in their capabilities in taming these privacy-violating smartphone applications. In this paper, we argue for the need of a new privacy mode in smartphones. The privacy mode can empower users to flexibly control in a fine-grained manner what kinds of personal information will be accessible to an application. Also, the granted access can be dynamically adjusted at runtime in a fine-grained manner to better suit a user's needs in various scenarios (e.g., in a different time or location). We have developed a system called TISSA that implements such a privacy mode on Android. The evaluation with more than a dozen of information-leaking Android applications demonstrates its effectiveness and practicality. Furthermore, our evaluation shows that TISSA introduces negligible performance overhead.

Marco Pistoia

DOI: https://doi.org/10.1145/2810103.2812703

2015-10-12

Abstract:Program analysis has become an essential tool to verify the correctness of programs before these are deployed to end users' computers and devices. Detecting security problems in today's mobile applications by just relying on manual code inspection is unrealistic. Testing is also limited because there is often no guarantee that all the possible paths of execution of an application are tested under all the possible inputs, and so false negatives may arise. Static analysis is a very promising solution but suffers from the dual problem of false positives. A combination of static and dynamic analysis mitigates the disadvantages that arise when static and dynamic analysis are executed individually and is, therefore, the recommended solution to detect and correct application-level cyber security attacks in mobile applications. This tutorial presents both static and dynamic analysis approaches to enforce privacy of mobile applications, and includes a hands-on lab that teaches the audience how to use create a static-analysis solution that verifies the integrity and confidentiality of the data managed by the program itself.

Che Li,Yue Zhou,Shuang Li,Yaru Deng,Meng Zhang,Kanghui Wang

DOI: https://doi.org/10.1109/ICIS51600.2021.9516873

2021-06-23

Abstract:Privacy protection is a vital part of information security. However, the excessive collections and uses of personal information have intensified in the area of mobile apps (applications). To comprehend the current situation of APP personal information security problem of APP, this paper uses a combined approach of static analysis technology, dynamic analysis technology, and manual review to detect and analyze the installed file of mobile apps. 40 mobile apps are detected as experimental samples. The results demonstrate that this combined approach can effectively detect various issues of personal information security problem in mobile apps. Statistics analysis of the experimental results demonstrate that mobile apps have outstanding problems in some aspects of personal information security such as privacy policy, permission application, information collection, data storage, etc.

Computer Science

Songyang Wu,Yong Zhang,Bo Jin,Wei Cao

DOI: https://doi.org/10.1109/icct.2017.8359970

2017-01-01

Abstract:The permission model is an essential Android mechanism for resisting security threats: android malware can do very little if the user denies its requests for permissions. However, the recent literatures show that certain vulnerable applications with insufficiently enforced privileges may lead to critical permissions leakage via inter-application interaction. Malicious applications can trick these vulnerable applications to perform actions that are beyond their given privileges. This study proposes an efficient approach for the analysis of permission leakage vulnerabilities in Android inter-process communications; this approach identifies suspicious vulnerable paths based on an analysis of control-flow and dataflow. We handle the unsafe control flows over inter-component communication and asynchronous calls through Android callbacks, which is the major difference from previous related studies. The proposed system was evaluated using 550 real-world Android applications and the experiment result demonstrated the practicality of our method.

Mugdha Khedkar

DOI: https://doi.org/10.48550/arXiv.2303.09606

2023-03-16

Software Engineering

Abstract:Many Android applications collect data from users. When they do, they must protect this collected data according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the General Data Protection Regulation (GDPR). App developers have limited tool support to reason about data protection throughout their app development process. Although many Android applications state a privacy policy, privacy policy compliance checks are currently manual, expensive, and prone to error. One of the major challenges in privacy audits is the significant gap between legal privacy statements (in English text) and technical measures that Android apps use to protect their user's privacy. In this thesis, we will explore to what extent we can use static analysis to answer important questions regarding data protection. Our main goal is to design a tool based approach that aids app developers and auditors in ensuring data protection in Android applications, based on automated static program analysis.

Mugdha Khedkar,Eric Bodden

DOI: https://doi.org/10.48550/arXiv.2402.07889

2024-02-12

Software Engineering

Abstract:Android applications collecting data from users must protect it according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the General Data Protection Regulation (GDPR). Since app developers are not legal experts, they find it difficult to write privacy-aware source code. Moreover, they have limited tool support to reason about data protection throughout their app development process. This paper motivates the need for a static analysis approach to diagnose and explain data protection in Android apps. The analysis will recognize personal data sources in the source code, and aims to further examine the data flow originating from these sources. App developers can then address key questions about data manipulation, derived data, and the presence of technical measures. Despite challenges, we explore to what extent one can realize this analysis through static taint analysis, a common method for identifying security vulnerabilities. This is a first step towards designing a tool-based approach that aids app developers and assessors in ensuring data protection in Android apps, based on automated static program analysis.

Xiao-Chuan MIAO,Rui WANG,Lei XU,Wei-Feng ZHANG,Bao-Wen XU

DOI: https://doi.org/10.13328/j.cnki.jos.005177

2017-01-01

Abstract:Android system dominates the mobile operating systems at present.Compared with iOS system,Android system is more open and has lots of third-party markets with loose audit mechanism.Therefore,there are more malwares in Android platform.In this paper,an Android security analysis based on sensitive path identification,which includes the static analysis and machine learning methods,is presented.Firstly,since malicious behaviors in malwares have their trigger conditions,the definition of sensitive path is provided.Secondly,a method is proposed to generate the inter-component call graph based on APK files base in the fact that there are a lot of inter-component call relations in Android applications.Thirdly,since the sensitive paths cannot be directly used as features,a method is designed to abstract the sensitive paths.Finally,493 applications APK files are collected from Android markets and the existing data sets,such as Google Play,Wandoujia and Drebin,to construct a benchmark.Experiments indicate that the proposed method has higher accuracy (97.97％) than the method based on API-feature (90.47％),and its precision,recall and F-measure are also better than API-feature method.Furthermore,the scale of the APK file has influence to the experiment results,especially in analyzing time (when the APK files are within 0-4MB,the average analyzing time is 89 seconds;and when the files become larger,the time increases significantly).

Duhoe Kim,Dongil Shin,Dongkyoo Shin,Yong-Hyun Kim

DOI: https://doi.org/10.1007/s11036-018-1012-4

2018-01-20

Mobile Networks and Applications

Abstract:Recently, the use of smart phones has greatly increased because of the development of cheap high-performance hardware. The biggest threat to a smart phone user is the loss of his/her personal information by an attacker. To protect a user’s information from these threats, an attack detection application for the Android OS is proposed and developed, in which the detection system is comprised of two phases: the mobile detection system pre-phase and post-phase. The pre-phase includes the steps performed before an attack occurs for the comparison and analysis step of the post-phase, and the post-phase includes the steps performed to detect malware using an attack tree with level assignments from the post-phase. Three classes, interception, modification, and system damage, are defined to classify attacks to determine the attacker’s purpose. When an attack occurs, the application can recognize what kind of route the mobile attack goes through by comparing and analyzing the attack tree from the pre-phase and current attack data in the post-phase. Attack trees are used to easily extract attack scenarios and determine when an attack is occurring. We expect that using the proposed application will protect a user’s personal information on a mobile system.

computer science, information systems,telecommunications, hardware & architecture

LOU Yun-cheng,SHI Yong,XUE Zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2015.04.018

2015-01-01

Abstract:The characteristics of application market for Android system would usually lead to the rapid spread of the malwares,thus cause tremendous harm to the useru0027s mobile phone and personal privacy. Firstly,the reverse technology of Android application is described,and then the code- behind technology used by Android malwares and the code characteristics of privacy access are analyzed.In light of this,a malicious behavior detection method based on the reverse engineering of Android and in combination with static detection and dynamic detection is proposed,and this method could detect malicious behavior more effectively. Finally,the analysis of Android sample application indicates the feasiblility and effectiveness of this method.

Zhen-yu ZHANG,Dong-lai ZHU,Zhe-min YANG,Min YANG

DOI: https://doi.org/10.3969/j.issn.1000-1220.2019.08.037

2019-01-01

Abstract:Anti-analysis techniques refers to a series of mechanisms to evade program analysis. Benign application authors use anti-a-nalysis techniques to protect their application from cracking by other developers,while malware authors use anti-analysis techniques to evade detection. However,there isn′t any systematic study on the influence of anti-analysis techniques on the security of Android eco-system. To conduct this study,we design and implement AATPacker,which can apply dynamic code loading,anti-emulator,anti-debug and integrity check techniques to APK files automatically. We are the first to evaluate the anti-anti-analysis ability of the commercial packing services. We conduct our experiment on 239 application samples which are hardened from 31 original samples with different combinations of anti-analysis techniques by AATPacker. We observed that current anti-anti-analysis researches are not fully used,and using anti-analysis techniques will dramatically hinder the security check in Android ecosystem. By applying anti-analysis techniques, the detection rate of malware significantly decreased;on the other side,benign application was falsely detected. Among all the anti-a-nalysis techniques,dynamic code loading has the greatest impact on the security of Android ecosystem.

Yu. M. Barkalov,A. D. Nesterov

DOI: https://doi.org/10.21822/2073-6185-2019-46-2-71-80

2019-08-28

Abstract:Objectives The article presents a formal model of information security in mobile devices running the Android operating system, an example of detection and investigation of malicious software, as well as static and dynamic analysis of malicious software. Method To protect sensitive information on mobile devices, you can use software and organizational measures at the same time. Result The proposed formal model of information security and analysis of suspected malicious software will ensure the security of information in mobile devices, as well as reduce the risk of threats to an acceptable level at a minimum cost of the protection system. The presented algorithm of the application designed for illegal transfer of funds, as well as an example of the analysis of this application will allow the specialist to improve the quality of their professional tasks in the analysis of incidents in the field of information security. Conclusion Due to the fact that today there is no scientifically based method of detection and analysis of malicious software in the memory of mobile devices, the information provided in this article will help to improve the efficiency of information protection in mobile devices running the Android operating system.

Jianlin Xu,Yifan Yu,Zhen Chen,Bin Cao,Wenyu Dong,Yu Guo,Junwei Cao

DOI: https://doi.org/10.1109/tst.2013.6574680

2013-01-01

Tsinghua Science & Technology

Abstract:With the explosive increase in mobile apps, more and more threats migrate from traditional PC client to mobile device. Compared with traditional Win+Intel alliance in PC, Android+ARM alliance dominates in Mobile Internet, the apps replace the PC client software as the major target of malicious usage. In this paper, to improve the security status of current mobile apps, we propose a methodology to evaluate mobile apps based on cloud computing platform and data mining. We also present a prototype system named MobSafe to identify the mobile app's virulence or benignancy. Compared with traditional method, such as permission pattern based method, MobSafe combines the dynamic and static analysis methods to comprehensively evaluate an Android app. In the implementation, we adopt Android Security Evaluation Framework (ASEF) and Static Android Analysis Framework (SAAF), the two representative dynamic and static analysis methods, to evaluate the Android apps and estimate the total time needed to evaluate all the apps stored in one mobile app market. Based on the real trace from a commercial mobile app market called AppChina, we can collect the statistics of the number of active Android apps, the average number apps installed in one Android device, and the expanding ratio of mobile apps. As mobile app market serves as the main line of defence against mobile malwares, our evaluation results show that it is practical to use cloud computing platform and data mining to verify all stored apps routinely to filter out malware apps from mobile app markets. As the future work, MobSafe can extensively use machine learning to conduct automotive forensic analysis of mobile apps based on the generated multifaceted data in this stage.

Kris Heid,Jens Heider

DOI: https://doi.org/10.1145/3487405.3487652

2021-11-10

Abstract:Smartphones apps aid humans in plenty of situations. There exists an app for everything. However, without the user’s awareness, some apps contain vulnerabilities or leak private data. Static and dynamic app analysis are ways to find these software properties. Especially setting up a dynamic analysis environment is not a trivial task. Several peculiarities of Android have to be considered, existing tools for different aspects have to be evaluated, selected and setup to work together. Existing literature is often outdated and only covers tools for one aspect but doesn’t combine them together in a big picture. This paper presents a generic design for an automated dynamic app analysis environment and highlights the required components as well as functionality to reveal security and privacy issues. Available tools are listed, realizing different aspects of the proposed environment design. Tool features are evaluated and tool usability for an automated large scale dynamic app analysis is compared. This document should serve as a reference to all who need to implement dynamic analysis on Android (or some aspects) and require an overview of available and usable solutions.

桂佳平,周雍恺,沈俊,蔡继文,刘功申

DOI: https://doi.org/10.3969/j.issn.1009-2552.2009.12.003

2010-01-01

Abstract:Along with the development of smart phone market,smart phone has become more and more universal.However,its security problems pose a gravely potential threat,thus it is quite imperative and important for us to research on a model and related application based on prevention of malicious codes in smart phone.Bring forward such model,with a view to provide a theoretical basis on prevention of malicious codes in smart phone,and through the development of scanning engine in the layer based on detection malicious code,it further verifies the safety and reliability of the model.The prevention model of malicious code can achieve all-directional prevention in smart phone,and remove obstacles of its security problems caused by the rapid development of its multi-functions.

Hongjun Zhu,Hao Chen,Baojian Hua,Ye Liu,Yu Guo

DOI: https://doi.org/10.3969/j.issn.1000-386x.2016.03.074

2016-01-01

Abstract:Android platform-based applications are easily to be attacked by viruses or malware.Apart from the causes of the platforms being open source and opening and so on,the weaker protection ability of the mobile applications code itself is also a main factor.For this problem,in the paper we take Android platform applications as the research objects,analyse the security threats model and the codes security demands of the mobile applications,study the mechanisms of code protection techniques,such as code obfuscation,code-behind,code encryption and code signature,and describe their advantages and disadvantages;Then,we design and implement an Android application code protection technology analysis engine,and analyse and summarise the experimental data.Result shows that all the samples in different sizes and types have the Android applications to certain proportion,their code protection strengths are not strong;in particular,the smaller the scale of the applications,the weaker the code protection strength,and this results in such class of applications being maliciously attacked much easier.

Xusheng Xiao,Nikolai Tillmann,Manuel Fahndrich,Jonathan de Halleux,Michal Moskal,Tao Xie

DOI: https://doi.org/10.1007/s10515-014-0166-y

IF: 1.677

2014-01-01

Automated Software Engineering

Abstract:Applications in mobile-marketplaces may leak private user information without notification. Existing mobile platforms provide little information on how applications use private user data, making it difficult for experts to validate applications and for users to grant applications access to their private data. We propose a user-aware privacy control approach, which reveals how private information is used inside applications. We compute static information flows and classify them as safe/unsafe based on a tamper analysis that tracks whether private data is obscured before escaping through output channels. This flow information enables platforms to provide default settings that expose private data only for safe flows, thereby preserving privacy and minimizing decisions required from users. We built our approach into TouchDevelop, an application-creation environment that allows users to write scripts on mobile devices and install scripts published by other users. We evaluate our approach by studying 546 scripts published by 194 users.

Tao Liu,Zhushou Tang,Beijun Shen

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.03.070

2015-01-01

Abstract:When Android becomes the smartphone operating system with largest global market share,the malicious applications is booming on its platform.In particular,privacy leak problems in Android applications are getting worsening.With the development of technology,the concealment of privacy leaks in Android applications grows high increasingly,and its detection becomes more and more difficult as well,for instance,using reflection technique to hide the privacy leak operations.Facing such challenge,in this paper we detect and analyse the pseu-do-code of Android applications and propose a new analysis approach for detecting the reflection callings occurring in pseudo-code.Through re-constructing the reflection calling’s arguments and restoring it to the standard calling,we make the reflection calling explicit,so that those privacy leak behaviours which cannot be found and confirmed previously are detected.Based on this work,we design and implement a static detection tool for Android applications privacy leak.At last,the effectiveness of the proposed approach and tool is validated by the experi-ments and analyses on benign applications from Android market and the malicious applications collected from Internet.

Shuying Liang,Matthew Might,David Van Horn

DOI: https://doi.org/10.1016/j.entcs.2015.02.002

2015-02-01

Electronic Notes in Theoretical Computer Science

Abstract:Today's mobile platforms provide only coarse-grained permissions to users with regard to how third-party applications use sensitive private data. Unfortunately, it is easy to disguise malware within the boundaries of legitimately-granted permissions. For instance, granting access to “contacts” and “internet” may be necessary for a text-messaging application to function, even though the user does not want contacts transmitted over the internet. To understand fine-grained application use of permissions, we need to statically analyze their behavior. Even then, malware detection faces three hurdles: (1) analyses may be prohibitively expensive, (2) automated analyses can only find behaviors that they are designed to find, and (3) the maliciousness of any given behavior is application-dependent and subject to human judgment. To remedy these issues, we propose semantic-based program analysis, with a human in the loop as an alternative approach to malware detection. In particular, our analysis allows analyst-crafted semantic predicates to search and filter analysis results. Human-oriented semantic-based program analysis can systematically, quickly and concisely characterize the behaviors of mobile applications. We describe a tool that provides analysts with a library of the semantic predicates and the ability to dynamically trade speed and precision. It also provides analysts the ability to statically inspect details of every suspicious state of (abstract) execution in order to make a ruling as to whether or not the behavior is truly malicious with respect to the intent of the application. In addition, permission and profiling reports are generated to aid analysts in identifying common malicious behaviors.

English Else

Jiyuan Sun,Shaozhen Ye,Jianwei Liu,Tao Shang,Qi Lei

DOI: https://doi.org/10.1109/icgi.2017.14

2017-01-01

Abstract:Both benign and malicious developers are attracted to Android platform because anyone is allowed to publish applications on the Android market. Such capability leak vulnerability on the Android platform may lead to permission elevation and privacy disclosure by making malware bypass Android security mechanism. This paper presents a code scanner tool—Droidprotector which is applied to help developers search bugs and focus on the business of applications rather than the security problems. Firstly, Markov blanket is used for feature selection. Secondly, source code is analyzed by a machine-leaning method. Finally, malicious intents and capability leaks are detected. By collecting 3482 applications and 59 source files to learn Markov blanket as the feature set and testing this code scanner tool, the experimental results show that DroidProtector can detect the vulnerability of Android source code effectively by using Markov blanket to select features correctly.

Vaibhav Rastogi,Yan Chen,William Enck

DOI: https://doi.org/10.1145/2435349.2435379

2013-01-01

Abstract:ABSTRACTToday's smartphone application markets host an ever increasing number of applications. The sheer number of applications makes their review a daunting task. We propose AppsPlayground for Android, a framework that automates the analysis smartphone applications. AppsPlayground integrates multiple components comprising different detection and automatic exploration techniques for this purpose. We evaluated the system using multiple large scale and small scale experiments involving real benign and malicious applications. Our evaluation shows that AppsPlayground is quite effective at automatically detecting privacy leaks and malicious functionality in applications.