Johannes Hoffmann
Thorsten Holz
ABSTRACT
The popularity of mobile devices like smartphones and tablets has increased significantly in the last few years with many millions of sold devices. This growth also has its drawbacks: attackers have realized that smartphones are an attractive target and in the last months many different kinds of malicious software (short: malware) for such devices have emerged. This worrisome development has the potential to hamper the prospering ecosystem of mobile devices and the potential for damage is huge.
Considering these aspects, it is evident that malicious apps need to be detected early on in order to prevent further distribution and infections. This implies that it is necessary to develop techniques capable of detecting malicious apps in an automated way. In this paper, we present SAAF, a Static Android Analysis Framework for Android apps. SAAF analyzes smali code, a disassembled version of the DEX format used by Android's Java VM implementation. Our goal is to create program slices in order to perform data-flow analyses to backtrack parameters used by a given method. This helps us to identify suspicious code regions in an automated way. Several other analysis techniques such as visualization of control flow graphs or identification of ad-related code are also implemented in SAAF. In this paper, we report on program slicing for Android and present results obtained by using this technique to analyze more than 136,000 benign and about 6,100 malicious apps.
- H. Agrawal and J. R. Horgan. Dynamic Program Slicing. SIGPLAN Not., 25(6), June 1990. Google Scholar
Digital Library
- F. E. Allen and J. Cocke. A program data flow analysis procedure. Commun. ACM, 19(3), Mar. 1976. Google ScholarDigital Library
- Android Developers. Platform Versions, June 2012. http://developer.android.com/resources/dashboard/platform-versions.html.Google Scholar
- M. Becher, F. C. Freiling, J. Hoffmann, T. Holz, S. Uellenbeck, and C. Wolf. Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices. In IEEE Symposium on Security and Privacy, 2011. Google ScholarDigital Library
- E. Chu. 10 Billion Android Market downloads and counting, Dec. 2011. http://googlemobile.blogspot.com/2011/12/10-billion-android-market-downloads-and.html.Google Scholar
- A. Desnos and G. Gueguen. Android: From reversing to decompilation. In Proc. of Black Hat Abu Dhabi, 2011.Google Scholar
- K. O. Elish, D. Yao, and B. G. Ryder. User-Centric Dependence Analysis For Identifying Malicious Mobile Apps. In Workshop on Mobile Security Technologies, 2012.Google Scholar
- W. Enck, P. Gilbert, B. gon Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In USENIX Symposium on Operating Systems Design and Implementation (OSDI), October 2010. Google ScholarDigital Library
- W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A Study of Android Application Security. In USENIX Security Symposium, 2011. Google ScholarDigital Library
- A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android Permissions Demystified. In ACM Conference on Computer and Communications Security, 2011. Google ScholarDigital Library
- L. D. Fosdick and L. J. Osterweil. Data flow analysis in software reliability. ACM Comput. Surv., 8(3), Sept. 1976. Google ScholarDigital Library
- Gartner Inc. Gartner Smartphone Marketshare 2012 Q1, May 2012. http://www.gartner.com/it/page.jsp?id=2017015.Google Scholar
- C. Gibler, J. Crussell, J. Erickson, and H. Chen. AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale. Trust and Trustworthy Computing, June 2012. Google ScholarDigital Library
- M. Grace, W. Zhou, X. Jiang, and A.-R. Sadeghi. Unsafe exposure analysis of mobile in-app advertisements. ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2012. Google ScholarDigital Library
- M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang. RiskRanker: Scalable and Accurate Zero-day Android Malware Detection. International Conference on Mobile Systems, Applications and Services, 2012. Google ScholarDigital Library
- Juniper Networks Inc. 2011 Mobile Threats Report, February 2012. http://www.juniper.net/us/en/local/pdf/additional-resources/jnpr-2011-mobile-threats-report.pdf.Google Scholar
- J. Kim, Y. Yoon, and K. Yi. ScanDal: Static Analyzer for Detecting Privacy Leaks in Android Applications. Workshop on Mobile Security Technologies (MoST), 2012.Google Scholar
- J. King, A. Lampinen, and A. Smolen. Privacy: Is There An App For That? Symposium On Usable Privacy and Security, 2011. Google ScholarDigital Library
- J. Kleinberg. The Wireless Epidemic. Nature, 449(20), 2007.Google Scholar
- P. Lantz. droidbox - Android Application Sandbox, February 2011. http://code.google.com/p/droidbox/.Google Scholar
- N. Leavitt. Malicious Code Moves to Mobile Devices. IEEE Computer, 33(12), 2000. Google ScholarDigital Library
- N. Leavitt. Mobile Phones: The Next Frontier for Hackers? IEEE Computer, 38(4), 2005. Google ScholarDigital Library
- A. Moser, C. Kruegel, and E. Kirda. Limits of Static Analysis for Malware Detection. In Annual Computer Security Applications Conference (ACSAC), Dec. 2007.Google Scholar
- C. Mullaney. A Million-Dollar Mobile Botnet, Feb. 2012. http://www.symantec.com/connect/blogs/androidbmaster-million-dollar-mobile-botnet.Google Scholar
- J. Oberheide and F. Jahanian. When Mobile is Harder Than Fixed (and Vice Versa): Demystifying Security Challenges in Mobile Environments. In Workshop on Mobile Computing Systems and Applications (HotMobile), February 2010. Google ScholarDigital Library
- G. Ramalingam. The undecidability of aliasing. ACM Trans. Program. Lang. Syst., 16(5), Sept. 1994. Google ScholarDigital Library
- R. Stevens, C. Gibler, J. Crussell, J. Erickson, and H. Chen. Investigating User Privacy in Android Ad Libraries. Workshop on Mobile Security Technologies (MoST), 2012.Google Scholar
- B. Stone-Gross, R. Abman, R. A. Kemmerer, C. Kruegel, and D. G. Steigerwald. The Underground Economy of Fake Antivirus Software. In Workshop on Economics of Information Security (WEIS), 2011.Google Scholar
- W. Zhou, Y. Zhou, X. Jiang, and P. Ning. Droidmoss: Detecting repackaged smartphone applications in third-party android marketplaces. ACM Conference on Data and Application Security and Privacy, 2012. Google ScholarDigital Library
- Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. Symposium on Network and Distributed System Security, 2012.Google Scholar
Recommendations
Dazed Droids: A Longitudinal Study of Android Inter-App Vulnerabilities
ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications SecurityAndroid devices are an integral part of modern life from phone to media boxes to smart home appliances and cameras. With 38.9% of market share, Android is now the most used operating system not just in terms of mobile devices but considering all OSes. ...
These aren't the droids you're looking for: retrofitting android to protect data from imperious applications
CCS '11: Proceedings of the 18th ACM conference on Computer and communications securityWe examine two privacy controls for Android smartphones that empower users to run permission-hungry applications while protecting private data from being exfiltrated: (1) covertly substituting shadow data in place of data that the user wants to keep ...
Comments