ABSTRACT
Today's smartphone application markets host an ever increasing number of applications. The sheer number of applications makes their review a daunting task. We propose AppsPlayground for Android, a framework that automates the analysis smartphone applications. AppsPlayground integrates multiple components comprising different detection and automatic exploration techniques for this purpose. We evaluated the system using multiple large scale and small scale experiments involving real benign and malicious applications. Our evaluation shows that AppsPlayground is quite effective at automatically detecting privacy leaks and malicious functionality in applications.
- Qemu. http://www.qemu.org.Google Scholar
- Abbot. http://abbot.sourceforge.net/.Google Scholar
- Larry Apfelbaum and John Doyle. Model Based Testing. In Software Quality Week Conference, pages 296--300, 1997. URL http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.86.1342.Google Scholar
- AutoIt. http://www.autoitscript.com/site/autoit/.Google Scholar
- Edmund M. Clarke, Orna Grumberg, and Doron A. Peled. Model Checking. The MIT Press, January 1999. ISBN 0262032708. URL http://www.worldcat.org/isbn/0262032708.Google ScholarDigital Library
- Manuel Egele, Christopher Kruegel, Engin Kirda, and Giovanni Vigna. PiOS: Detecting Privacy Leaks in iOS Applications. In ISOC Network and Distributed System Security Symposium (NDSS), February 2011.Google Scholar
- William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Vancouver, BC, October 2010. Google ScholarDigital Library
- William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. A Study of Android Application Security. In Proceedings of the 20th USENIX Security Symposium, San Francisco, CA, August 2011. Google ScholarDigital Library
- P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall. "These aren't the Droids you're looking for": Retrofitting Android to protect data from imperious applications. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011), 2011. Google ScholarDigital Library
- Cuixiong Hu and Iulian Neamtiu. Automating gui testing for android applications. In Proceeding of the 6th international workshop on Automation of software test, 2011. Google ScholarDigital Library
- Y.W. Huang, S.K. Huang, T.P. Lin, and C.H. Tsai. Web application security assessment by fault injection and behavior monitoring. In Proceedings of the 12th international conference on World Wide Web, pages 148--159, 2003. Google ScholarDigital Library
- John P. John, Alexander Moshchuk, Steven D. Gribble, and Arvind Krishnamurthy. Studying spamming botnets using Botlab. In Proceedings of the 6th USENIX symposium on Networked systems design and implementation, pages 291--306, Berkeley, CA, USA, 2009. USENIX Association. URL http://portal.acm.org/citation.cfm?id=1558977.1558997. Google ScholarDigital Library
- Jaeyeon Jung, Anmol Sheth, Ben Greenstein, David Wetherall, Gabriel Maganis, and Tadayoshi Kohno. Privacy oracle: a system for finding application leaks with black box differential testing. In CCS'08: Proceedings of the 15th ACM conference on Computer and communications security, pages 279--288, New York, NY, USA, 2008. ACM. ISBN 978-1-59593-810-7. doi: 10.1145/1455770.1455806. URL http://dx.doi.org/10.1145/1455770.1455806. Google ScholarDigital Library
- Kasperskey Lab. First SMS Trojan detected for smartphones running Android. http://www.kaspersky.com/news?id=207576158, August 2010.Google Scholar
- James C. King. Symbolic execution and program testing. Commun. ACM, 19(7):385--394, July 1976. ISSN 0001-0782. doi: 10.1145/360248.360252. URL http://dx.doi.org/10.1145/360248.360252. Google ScholarDigital Library
- Lookout. Update: Security Alert: DroidDream Malware Found in Official Android Market. http://blog.mylookout.com/blog/2011/03/01/security-alert-malware-found-in-official-android-market-droiddream/.Google Scholar
- A. M. Memon, M. E. Pollack, and M. L. Soffa. Hierarchical GUI test case generation using automated planning. IEEE Transactions on Software Engineering, 27(2):144-155, February 2001. ISSN 00985589. doi: 10.1109/32.908959. URL http://dx.doi.org/10.1109/32.908959. Google ScholarDigital Library
- A.M. Memon. An event-flow model of gui-based applications for testing. Software Testing, Verification and Reliability, 17(3):137--157, 2007. Google ScholarDigital Library
- Atif Memon, Ishan Banerjee, and Adithya Nagarajan. GUI Ripping: Reverse Engineering of Graphical User Interfaces for Testing. Reverse Engineering, Working Conference on, pages 260+, 2003. ISSN 1095--1350. doi: 10.1109/WCRE.2003.1287256. URL http://dx.doi.org/10.1109/WCRE.2003.1287256. Google Scholar
- Jon Oberheide. Dissecting android's bouncer, June 2012. https://blog.duosecurity.com/2012/06/dissecting-androids-bouncer/.Google Scholar
- A. Pretschner, O. Slotosch, E. Aiglstorfer, and S. Kriebel. Model-based testing for real. International Journal on Software Tools for Technology Transfer (STTT), 5(2):140--157, March 2004. ISSN 1433-2779. doi: 10.1007/s10009-003-0128-3. URL http://dx.doi.org/10.1007/s10009-003-0128-3. Google ScholarCross Ref
- T. Raffetseder, C. Kruegel, and E. Kirda. Detecting system emulators. Information Security, pages 1--18, 2007. Google ScholarCross Ref
- S. Raghavan and H. Garcia-Molina. Crawling the hidden web. In Proceedings of the International Conference on Very Large Data Bases, pages 129--138, 2001. Google ScholarDigital Library
- Robotium. http://code.google.com/p/robotium/.Google Scholar
- P. Saxena, D. Akhawe, S. Hanna, F. Mao, S. McCamant, and D. Song. A symbolic execution framework for javascript. In Security and Privacy (SP), 2010 IEEE Symposium on, pages 513--528. IEEE, 2010. Google ScholarDigital Library
- Koushik Sen, Darko Marinov, and Gul Agha. CUTE: a concolic unit testing engine for C. SIGSOFT Softw. Eng. Notes, 30(5):263-272, September 2005. doi:10.1145/1095430.1081750. URL http://dx.doi.org/10.1145/1095430.1081750. Google ScholarDigital Library
- Yi-Min Wang, Doug Beck, Xuxian Jiang, and Roussi Roussev. Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites that Exploit Browser Vulnerabilities. In IN NDSS, 2006. URL http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.100.224.Google Scholar
- Ryan Whitwam. Circumventing google's bouncer, android's anti-malware system, June 2012. http://www.extremetech.com/computing/130424-circumventing-googles-bouncer-androids-anti-malware-system.Google Scholar
- Carsten Willems, Thorsten Holz, and Felix Freiling. Toward Automated Dynamic Malware Analysis Using CWSandbox. IEEE Security and Privacy, 5(2):32--39, March 2007. ISSN 1540-7993. doi:10.1109/MSP.2007.45. URL http://dx.doi.org/10.1109/MSP.2007.45. Google ScholarDigital Library
- L-K Yan and H Yin. DroidScope: Seamlessly Reconstructing the OS and Dalvik. In Proceedings of USENIX Security Symposium. USENIX Association, 2012. URL http://portal.acm.org/citation.cfm?id=1558977.1558997. Google ScholarDigital Library
- C. Zheng, S. Zhu, S. Dai, G. Gu, X. Gong, X. Han, and W. Zou. Smartdroid: an automatic system for revealing ui-based trigger conditions in android applications. In Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices, pages 93--104. ACM, 2012. Google ScholarDigital Library
- Yajin Zhou and Xuxian Jiang. Dissecting android malware: Characterization and evolution. Security and Privacy, IEEE Symposium on, 2012. Google ScholarDigital Library
Index Terms
- AppsPlayground: automatic security analysis of smartphone applications
Recommendations
PREC: practical root exploit containment for android devices
CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacyApplication markets such as the Google Play Store and the Apple App Store have become the de facto method of distributing software to mobile devices. While official markets dedicate significant resources to detecting malware, state-of-the-art malware ...
Effectiveness of Android Obfuscation on Evading Anti-malware
CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and PrivacyObfuscation techniques have been conventionally used for legitimate applications, including preventing application reverse engineering, tampering and protecting intellectual property. A malware author could also leverage these benign techniques to hide ...
Detecting Android malware using sequences of system calls
DeMobile 2015: Proceedings of the 3rd International Workshop on Software Development Lifecycle for MobileThe increasing diffusion of smart devices, along with the dynamism of the mobile applications ecosystem, are boosting the production of malware for the Android platform. So far, many different methods have been developed for detecting Android malware, ...
Comments