Skip to main content
SpringerLink
Log in

AppLance: A Lightweight Approach to Detect Privacy Leak for Packed Applications

  • Conference paper
  • First Online:
Secure IT Systems (NordSec 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11252))

Included in the following conference series:

Abstract

Privacy leak of mobile applications has been a major issue in mobile security, and the prevalent usage of packing technology in mobile applications further complicates the problem and renders many existing analysis tools incapacitated. In this paper, we propose AppLance, a novel lightweight analysis system for Android packed applications without prior unpacking, which can also consider implicit information flow and privacy confusion. Without modifying Android system and the applications, AppLance runs on a mobile device as a dynamic analysis system, subtly evading the impact of various packing methods. Moreover, we build and release a benchmark, which contains 540 Android applications, to evaluate analysis tools aimed at packed applications. We evaluate AppLance on the benchmark and real-world applications, and the experimental results show that the system is effective and can be deployed on real devices with little overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    As an important component in ART, dex2oat converts dex files into oat files.

  2. 2.

    Instrument refers to obtaining the control flow and data flow information of the program by inserting the probe into the target program and executing the probe.

  3. 3.

    To avoid potential interference from other applications, a single application is run each time in Android6.0 with AppLance.

References

  1. Alazab, M., Moonsamy, V., Batten, L.M., Lantz, P., Tian, R.: Analysis of malicious and benign Android applications. In: 2012 32nd International Conference on Distributed Computing Systems Workshops, pp. 608–616 (2012)

    Google Scholar 

  2. Ali. https://jaq.alibaba.com/

  3. ApkIDE. https://github.com/YunLambert/TravelFrog_Tool/tree/master/ApkIDE

  4. Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In: PLDI (2014)

    Google Scholar 

  5. Backes, M., Bugiel, S., Schranz, O., von Styp-Rekowsky, P., Weisgerber, S.: Artist: the Android runtime instrumentation and security toolkit. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 481–495 (2017)

    Google Scholar 

  6. Baidu. https://app.baidu.com/

  7. Duan, Y., et al.: Things you may not know about Android (un) packers : a systematic study based on whole-system emulation (2017)

    Google Scholar 

  8. Emmagee. https://github.com/NetEase/Emmagee

  9. Enck, W., et al.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32, 5:1–5:29 (2010)

    Article  Google Scholar 

  10. Frida. https://www.frida.re/

  11. Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential privacy leaks in Android applications on a large scale. In: TRUST (2012)

    Google Scholar 

  12. Google. https://developer.android.com/about/dashboards/

  13. Gordon, M.I., Kim, D., Perkins, J.H., Gilham, L., Nguyen, N., Rinard, M.C.: Information flow analysis of Android applications in DroidSafe. In: NDSS (2015)

    Google Scholar 

  14. Ijiami. http://www.ijiami.cn/

  15. Jiang, Z., Zhou, A., Liu, L., Jia, P.L., Liu, L., Zuo, Z.: CrackDex: universal and automatic DEX extraction method. In: 2017 7th IEEE International Conference on Electronics Information and Emergency Communication (ICEIEC), pp. 53–60 (2017)

    Google Scholar 

  16. Kaspersky. https://usa.kaspersky.com/

  17. Kim, D., Kwak, J., Ryou, J.: DWroidDump: executable code extraction from Android applications for malware analysis. IJDSN 11, 379682:1–379682:9 (2015)

    Article  Google Scholar 

  18. Legu. https://yaq.qq.com/

  19. Li, J., Ye, Y., Zhou, Y., Ma, J.: CodeTracker: a lightweight approach to track and protect authorization codes in SMS messages. IEEE Access 6, 10107–10120 (2018)

    Article  Google Scholar 

  20. Li, L., et al.: IccTA: detecting inter-component privacy leaks in Android apps. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, vol. 1, pp. 280–291 (2015)

    Google Scholar 

  21. Li, L., Bissyandé, T.F., Octeau, D., Klein, J.: DroidRA: taming reflection to support whole-program analysis of Android apps. In: ISSTA (2016)

    Google Scholar 

  22. Li, Y., Yang, Z., Guo, Y., Chen, X.: DroidBot: a lightweight UI-guided test input generator for Android. In: 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C), pp. 23–26 (2017)

    Google Scholar 

  23. Ning, Z., Zhang, F.: DexLego: reassembleable bytecode extraction for aiding static analysis. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 690–701 (2018)

    Google Scholar 

  24. NVISO. https://apkscan.nviso.be/

  25. Qian, C., Luo, X., Shao, Y., Chan, A.T.S.: On tracking information flows through JNI in Android applications. In: 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 180–191 (2014)

    Google Scholar 

  26. Qihoo360. http://jiagu.360.cn/

  27. Rastogi, V., Chen, Y., Enck, W.: AppsPlayground: automatic security analysis of smartphone applications. In: CODASPY (2013)

    Google Scholar 

  28. Rastogi, V., Qu, Z., McClurg, J., Cao, Y., Chen, Y.: Uranine: real-time privacy leakage monitoring without system modification for Android. In: SecureComm (2015)

    Google Scholar 

  29. Reaves, B., et al.: *droid: assessment and evaluation of Android application analysis tools. ACM Comput. Surv. 49, 55:1–55:30 (2016)

    Google Scholar 

  30. Schreckling, D., Posegga, J., Köstler, J., Schaff, M.: Kynoid: real-time enforcement of fine-grained, user-defined, and data-centric security policies for Android. In: WISTP (2012)

    Google Scholar 

  31. Schütte, J., Titze, D., Fuentes, J.M.D.: AppCaulk: data leak prevention by injecting targeted taint tracking into Android apps. In: 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 370–379 (2014)

    Google Scholar 

  32. Spreitzenbarth, M., Schreck, T., Echtler, F., Arp, D., Hoffmann, J.: Mobile-sandbox: combining static and dynamic analysis with machine-learning techniques. Int. J. Inf. Secur. 14, 141–153 (2014)

    Article  Google Scholar 

  33. Sun, M., Wei, T., Lui, J.C.S.: TaintART: a practical multi-level information-flow tracking system for Android runtime. In: ACM Conference on Computer and Communications Security (2016)

    Google Scholar 

  34. Tam, K., Feizollah, A., Anuar, N.B., Salleh, R., Cavallaro, L.: The evolution of Android malware and Android analysis techniques. ACM Comput. Surv. 49, 76:1–76:41 (2017)

    Article  Google Scholar 

  35. Tam, K., Khan, S.J., Fattori, A., Cavallaro, L.: CopperDroid: automatic reconstruction of Android malware behaviors. In: NDSS (2015)

    Google Scholar 

  36. Vidas, T., Christin, N.: Evading Android runtime analysis via sandbox detection. In: AsiaCCS (2014)

    Google Scholar 

  37. Xu, R., Saïdi, H., Anderson, R.J.: Aurasium: practical policy enforcement for Android applications. In: Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, 8–10 August 2012, pp. 539–552 (2012)

    Google Scholar 

  38. Xue, L., Luo, X., Yu, L., Wang, S., Wu, D.: Adaptive unpacking of Android apps. In: 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE), pp. 358–369 (2017)

    Google Scholar 

  39. Xue, L., Zhou, Y., Chen, T., Luo, X., Gu, G.: Malton: towards on-device non-invasive mobile malware analysis for art. In: USENIX Security Symposium (2017)

    Google Scholar 

  40. Yan, L.K., Yin, H.: DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis. In: USENIX Security Symposium (2012)

    Google Scholar 

  41. Yang, W., et al.: AppSpear: bytecode decrypting and DEX reassembling for packed Android malware. In: RAID (2015)

    Chapter  Google Scholar 

  42. Yerima, S.Y., Sezer, S., Muttik, I.: High accuracy Android malware detection using ensemble learning. IET Inf. Secur. 9, 313–320 (2015)

    Article  Google Scholar 

  43. You, W., Liang, B., Shi, W., Wang, P., Zhang, X.: TaintMan: an ART-compatible dynamic taint analysis framework on unmodified and non-rooted Android devices. IEEE Trans. Dependable Secur. Comput. (2017). https://doi.org/10.1109/TDSC.2017.2740169

  44. Zhang, Y., Luo, X., Yin, H.: DexHunter: toward extracting hidden code from packed Android applications. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 293–311. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24177-7_15

    Chapter  Google Scholar 

  45. Zhou, Y., Jiang, X.: Dissecting Android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy, pp. 95–109 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, Beijing University of Posts and Telecommunications, Beijing, China

    Hongliang Liang, Yudong Wang, Tianqi Yang & Yue Yu

Authors
  1. Hongliang Liang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yudong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tianqi Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yue Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hongliang Liang .

Editor information

Editors and Affiliations

  1. University of Oslo, Oslo, Norway

    Nils Gruschka

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liang, H., Wang, Y., Yang, T., Yu, Y. (2018). AppLance: A Lightweight Approach to Detect Privacy Leak for Packed Applications. In: Gruschka, N. (eds) Secure IT Systems. NordSec 2018. Lecture Notes in Computer Science(), vol 11252. Springer, Cham. https://doi.org/10.1007/978-3-030-03638-6_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-03638-6_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-03637-9

  • Online ISBN: 978-3-030-03638-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation