Static Detection of Dangerous Behaviors in Android Apps

2013 ◽  
pp. 363-376 ◽  
Author(s):  
Shaoyin Cheng ◽  
Shengmei Luo ◽  
Zifeng Li ◽  
Wei Wang ◽  
Yan Wu ◽  
...  
Keyword(s):  
Android Apps ◽  
Static Detection ◽  
Dangerous Behaviors

scholarly journals Static Detection of Event-based Races in Android Apps

2018 ◽  
Vol 53 (2) ◽  
pp. 257-270 ◽  
Author(s):  
Yongjian Hu ◽  
Iulian Neamtiu
Keyword(s):  
Android Apps ◽  
Event Based ◽  
Static Detection

scholarly journals Large-Scale Analysis of Remote Code Injection Attacks in Android Apps

2018 ◽  
Vol 2018 ◽  
pp. 1-17 ◽  
Author(s):  
Hyunwoo Choi ◽  
Yongdae Kim
Keyword(s):  
Large Scale ◽  
Third Party ◽  
Large Dataset ◽  
Android Apps ◽  
Injection Attacks ◽  
Detection Tool ◽  
Code Injection ◽  
Large Scale Analysis ◽  
Different Types ◽  
Static Detection

It is pretty well known that insecure code updating procedures for Android allow remote code injection attack. However, other than codes, there are many resources in Android that have to be updated, such as temporary files, images, databases, and configurations (XML and JSON). Security of update procedures for these resources is largely unknown. This paper investigates general conditions for remote code injection attacks on these resources. Using this, we design and implement a static detection tool that automatically identifies apps that meet these conditions. We apply the detection tool to a large dataset comprising 9,054 apps, from three different types of datasets: official market, third-party market, and preinstalled apps. As a result, 97 apps were found to be potentially vulnerable, with 53 confirmed as vulnerable to remote code injection attacks.

scholarly journals MADFU: An Improved Malicious Application Detection Method Based on Features Uncertainty

Entropy ◽  
2020 ◽  
Vol 22 (7) ◽  
pp. 792
Author(s):  
Hongli Yuan ◽  
Yongchuan Tang
Keyword(s):  
False Positive Rate ◽  
Regression Function ◽  
Detection Accuracy ◽  
Detection Model ◽  
Android Apps ◽  
Positive Rate ◽  
Android App ◽  
Android Applications ◽  
Malicious Apps ◽  
Static Detection

Millions of Android applications (apps) are widely used today. Meanwhile, the number of malicious apps has increased exponentially. Currently, there are many security detection technologies for Android apps, such as static detection and dynamic detection. However, the uncertainty of the features in detection is not considered sufficiently in these technologies. Permissions play an important role in the security detection of Android apps. In this paper, a malicious application detection model based on features uncertainty (MADFU) is proposed. MADFU uses logistic regression function to describe the input (permissions) and output (labels) relationship. Moreover, it uses the Markov chain Monte Carlo (MCMC) algorithm to solve features’ uncertainty. After experimenting with 2037 samples, for malware detection, MADFU achieves an accuracy of up to 95.5%, and the false positive rate (FPR) is 1.2%. MADFU’s Android app detection accuracy is higher than the accuracy of directly using 24 dangerous permission. The results also indicate that the method for an unknown/new sample’s detection accuracy is 92.7%. Compared to other state-of-the-art approaches, the proposed method is more effective and efficient, by detecting malware.

Static detection of array bounds errors and null pointer dereference in Java

2009 ◽  
Vol 29 (5) ◽  
pp. 1376-1379 ◽  
Author(s):  
Bai-qiang CHEN ◽  
Tao GUO ◽  
Hui RUAN ◽  
Jun YAN
Keyword(s):  
Static Detection ◽  
Null Pointer

Static detection of polymorphic attack codes

2011 ◽  
Vol 30 (12) ◽  
pp. 3349-3353 ◽  
Author(s):  
Jia-xing LU ◽  
Fan GUO ◽  
Min YU
Keyword(s):  
Static Detection

Tracing or Tracking? A Preliminary Analysis of COVID-19 Outbreak Tracker Apps on Android and User Privacy (Preprint)

2020 ◽  
Author(s):  
Alex Akinbi ◽  
Ehizojie Ojie
Keyword(s):  
Preliminary Analysis ◽  
Service Providers ◽  
User Participation ◽  
Memory Storage ◽  
Phone Call ◽  
Contact Tracing ◽  
Privacy Rights ◽  
User Privacy ◽  
Android Apps ◽  
User Data

BACKGROUND Technology using digital contact tracing apps has the potential to slow the spread of COVID-19 outbreaks by recording proximity events between individuals and alerting people who have been exposed. However, there are concerns about the abuse of user privacy rights as such apps can be repurposed to collect private user data by service providers and governments who like to gather their citizens’ private data. OBJECTIVE The objective of our study was to conduct a preliminary analysis of 34 COVID-19 trackers Android apps used in 29 individual countries to track COVID-19 symptoms, cases, and provide public health information. METHODS We identified each app’s AndroidManifest.xml resource file and examined the dangerous permissions requested by each app. RESULTS The results in this study show 70.5% of the apps request access to user location data, 47% request access to phone activities including the phone number, cellular network information, and the status of any ongoing calls. 44% of the apps request access to read from external memory storage and 2.9% request permission to download files without notification. 17.6% of the apps initiate a phone call without giving the user option to confirm the call. CONCLUSIONS The contributions of this study include a description of these dangerous permissions requested by each app and its effects on user privacy. We discuss principles that must be adopted in the development of future tracking and contact tracing apps to preserve the privacy of users and show transparency which in turn will encourage user participation.

On the Relation between Code Elements and Accessibility Issues in Android Apps

2020 ◽  
Author(s):  
Henrique Neves da Silva ◽  
Andre Takeshi Endo ◽  
Marcelo Medeiros Eler ◽  
Silvia Regina Vergilio ◽  
Vinicius H. S. Durelli
Keyword(s):  
Android Apps ◽  
Accessibility Issues

scholarly journals Controlling Interactions with Libraries in Android Apps Through Runtime Enforcement

2019 ◽  
Vol 14 (2) ◽  
pp. 1-29 ◽  
Author(s):  
Oliviero Riganelli ◽  
Daniela Micucci ◽  
Leonardo Mariani
Keyword(s):  
Runtime Enforcement ◽  
Android Apps

scholarly journals A3Ident: A Two-phased Approach to Identify the Leading Authors of Android Apps

2020 ◽  
Author(s):  
Wei Wang ◽  
Guozhu Meng ◽  
Haoyu Wang ◽  
Kai Chen ◽  
Weimin Ge ◽  
...  
Keyword(s):  
Android Apps
Sign in / Sign up

Export Citation Format

Share Document