research-article

AppsPlayground: automatic security analysis of smartphone applications

Authors:
Vaibhav Rastogi

Northwestern University, Evanston, IL, USA

Northwestern University, Evanston, IL, USA
View Profile

,
Yan Chen

Northwestern University, Evanston, IL, USA

Northwestern University, Evanston, IL, USA
View Profile

,
William Enck

North Carolina State University, Raleigh, NC, USA

North Carolina State University, Raleigh, NC, USA
View Profile

CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacyFebruary 2013Pages 209–220https://doi.org/10.1145/2435349.2435379

Published:18 February 2013Publication History

CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

Pages 209–220

ABSTRACT

Today's smartphone application markets host an ever increasing number of applications. The sheer number of applications makes their review a daunting task. We propose AppsPlayground for Android, a framework that automates the analysis smartphone applications. AppsPlayground integrates multiple components comprising different detection and automatic exploration techniques for this purpose. We evaluated the system using multiple large scale and small scale experiments involving real benign and malicious applications. Our evaluation shows that AppsPlayground is quite effective at automatically detecting privacy leaks and malicious functionality in applications.

References

Qemu. http://www.qemu.org.Google Scholar
Abbot. http://abbot.sourceforge.net/.Google Scholar
Larry Apfelbaum and John Doyle. Model Based Testing. In Software Quality Week Conference, pages 296--300, 1997. URL http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.86.1342.Google Scholar
AutoIt. http://www.autoitscript.com/site/autoit/.Google Scholar
Edmund M. Clarke, Orna Grumberg, and Doron A. Peled. Model Checking. The MIT Press, January 1999. ISBN 0262032708. URL http://www.worldcat.org/isbn/0262032708.Google ScholarDigital Library
Manuel Egele, Christopher Kruegel, Engin Kirda, and Giovanni Vigna. PiOS: Detecting Privacy Leaks in iOS Applications. In ISOC Network and Distributed System Security Symposium (NDSS), February 2011.Google Scholar
William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Vancouver, BC, October 2010. Google ScholarDigital Library
William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. A Study of Android Application Security. In Proceedings of the 20th USENIX Security Symposium, San Francisco, CA, August 2011. Google ScholarDigital Library
P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall. "These aren't the Droids you're looking for": Retrofitting Android to protect data from imperious applications. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011), 2011. Google ScholarDigital Library
Cuixiong Hu and Iulian Neamtiu. Automating gui testing for android applications. In Proceeding of the 6th international workshop on Automation of software test, 2011. Google ScholarDigital Library
Y.W. Huang, S.K. Huang, T.P. Lin, and C.H. Tsai. Web application security assessment by fault injection and behavior monitoring. In Proceedings of the 12th international conference on World Wide Web, pages 148--159, 2003. Google ScholarDigital Library
John P. John, Alexander Moshchuk, Steven D. Gribble, and Arvind Krishnamurthy. Studying spamming botnets using Botlab. In Proceedings of the 6th USENIX symposium on Networked systems design and implementation, pages 291--306, Berkeley, CA, USA, 2009. USENIX Association. URL http://portal.acm.org/citation.cfm?id=1558977.1558997. Google ScholarDigital Library
Jaeyeon Jung, Anmol Sheth, Ben Greenstein, David Wetherall, Gabriel Maganis, and Tadayoshi Kohno. Privacy oracle: a system for finding application leaks with black box differential testing. In CCS'08: Proceedings of the 15th ACM conference on Computer and communications security, pages 279--288, New York, NY, USA, 2008. ACM. ISBN 978-1-59593-810-7. doi: 10.1145/1455770.1455806. URL http://dx.doi.org/10.1145/1455770.1455806. Google ScholarDigital Library
Kasperskey Lab. First SMS Trojan detected for smartphones running Android. http://www.kaspersky.com/news?id=207576158, August 2010.Google Scholar
James C. King. Symbolic execution and program testing. Commun. ACM, 19(7):385--394, July 1976. ISSN 0001-0782. doi: 10.1145/360248.360252. URL http://dx.doi.org/10.1145/360248.360252. Google ScholarDigital Library
Lookout. Update: Security Alert: DroidDream Malware Found in Official Android Market. http://blog.mylookout.com/blog/2011/03/01/security-alert-malware-found-in-official-android-market-droiddream/.Google Scholar
A. M. Memon, M. E. Pollack, and M. L. Soffa. Hierarchical GUI test case generation using automated planning. IEEE Transactions on Software Engineering, 27(2):144-155, February 2001. ISSN 00985589. doi: 10.1109/32.908959. URL http://dx.doi.org/10.1109/32.908959. Google ScholarDigital Library
A.M. Memon. An event-flow model of gui-based applications for testing. Software Testing, Verification and Reliability, 17(3):137--157, 2007. Google ScholarDigital Library
Atif Memon, Ishan Banerjee, and Adithya Nagarajan. GUI Ripping: Reverse Engineering of Graphical User Interfaces for Testing. Reverse Engineering, Working Conference on, pages 260+, 2003. ISSN 1095--1350. doi: 10.1109/WCRE.2003.1287256. URL http://dx.doi.org/10.1109/WCRE.2003.1287256. Google Scholar
Jon Oberheide. Dissecting android's bouncer, June 2012. https://blog.duosecurity.com/2012/06/dissecting-androids-bouncer/.Google Scholar
A. Pretschner, O. Slotosch, E. Aiglstorfer, and S. Kriebel. Model-based testing for real. International Journal on Software Tools for Technology Transfer (STTT), 5(2):140--157, March 2004. ISSN 1433-2779. doi: 10.1007/s10009-003-0128-3. URL http://dx.doi.org/10.1007/s10009-003-0128-3. Google ScholarCross Ref
T. Raffetseder, C. Kruegel, and E. Kirda. Detecting system emulators. Information Security, pages 1--18, 2007. Google ScholarCross Ref
S. Raghavan and H. Garcia-Molina. Crawling the hidden web. In Proceedings of the International Conference on Very Large Data Bases, pages 129--138, 2001. Google ScholarDigital Library
Robotium. http://code.google.com/p/robotium/.Google Scholar
P. Saxena, D. Akhawe, S. Hanna, F. Mao, S. McCamant, and D. Song. A symbolic execution framework for javascript. In Security and Privacy (SP), 2010 IEEE Symposium on, pages 513--528. IEEE, 2010. Google ScholarDigital Library
Koushik Sen, Darko Marinov, and Gul Agha. CUTE: a concolic unit testing engine for C. SIGSOFT Softw. Eng. Notes, 30(5):263-272, September 2005. doi:10.1145/1095430.1081750. URL http://dx.doi.org/10.1145/1095430.1081750. Google ScholarDigital Library
Yi-Min Wang, Doug Beck, Xuxian Jiang, and Roussi Roussev. Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites that Exploit Browser Vulnerabilities. In IN NDSS, 2006. URL http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.100.224.Google Scholar
Ryan Whitwam. Circumventing google's bouncer, android's anti-malware system, June 2012. http://www.extremetech.com/computing/130424-circumventing-googles-bouncer-androids-anti-malware-system.Google Scholar
Carsten Willems, Thorsten Holz, and Felix Freiling. Toward Automated Dynamic Malware Analysis Using CWSandbox. IEEE Security and Privacy, 5(2):32--39, March 2007. ISSN 1540-7993. doi:10.1109/MSP.2007.45. URL http://dx.doi.org/10.1109/MSP.2007.45. Google ScholarDigital Library
L-K Yan and H Yin. DroidScope: Seamlessly Reconstructing the OS and Dalvik. In Proceedings of USENIX Security Symposium. USENIX Association, 2012. URL http://portal.acm.org/citation.cfm?id=1558977.1558997. Google ScholarDigital Library
C. Zheng, S. Zhu, S. Dai, G. Gu, X. Gong, X. Han, and W. Zou. Smartdroid: an automatic system for revealing ui-based trigger conditions in android applications. In Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices, pages 93--104. ACM, 2012. Google ScholarDigital Library
Yajin Zhou and Xuxian Jiang. Dissecting android malware: Characterization and evolution. Security and Privacy, IEEE Symposium on, 2012. Google ScholarDigital Library

Index Terms

AppsPlayground: automatic security analysis of smartphone applications
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Systems security
    1. Operating systems security
2. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

PREC: practical root exploit containment for android devices
CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacy

Application markets such as the Google Play Store and the Apple App Store have become the de facto method of distributing software to mobile devices. While official markets dedicate significant resources to detecting malware, state-of-the-art malware ...
Read More
Effectiveness of Android Obfuscation on Evading Anti-malware
CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy

Obfuscation techniques have been conventionally used for legitimate applications, including preventing application reverse engineering, tampering and protecting intellectual property. A malware author could also leverage these benign techniques to hide ...
Read More
Detecting Android malware using sequences of system calls
DeMobile 2015: Proceedings of the 3rd International Workshop on Software Development Lifecycle for Mobile

The increasing diffusion of smart devices, along with the dynamism of the mobile applications ecosystem, are boosting the production of malware for the Android platform. So far, many different methods have been developed for detecting Android malware, ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy
February 2013
400 pages
ISBN:9781450318907
DOI:10.1145/2435349
General Chairs:
Elisa Bertino
Purdue University, USA
,
Ravi Sandhu
University of Texas at San Antonio, USA
,
Program Chair:
Lujo Bauer
Carnegie Mellon University, USA
,
Publications Chair:
Jaehong Park
University of Texas at San Antonio, USA
Copyright © 2013 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 18 February 2013
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
android
dynamic analysis
malware
privacy leakage
Qualifiers
- research-article
Conference

Acceptance Rates
CODASPY '13 Paper Acceptance Rate24of107submissions,22%Overall Acceptance Rate149of789submissions,19%
More
Upcoming Conference
CODASPY '24

Sponsor:

sigsac

Fourteenth ACM Conference on Data and Application Security and Privacy

June 19 - 21, 2024

Porto , Portugal
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 232
  Total Citations
  View Citations
- 1,762
  Total Downloads
- Downloads (Last 12 months)48
- Downloads (Last 6 weeks)6
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

AppsPlayground: automatic security analysis of smartphone applications

CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

ABSTRACT

References

Cited By

Index Terms

Recommendations

PREC: practical root exploit containment for android devices

Effectiveness of Android Obfuscation on Evading Anti-malware

Detecting Android malware using sequences of system calls