AppScalpel: Combining static analysis and outlier detection to identify and prune undesirable usage of sensitive data in Android applications

Mobile phones has become very integral part in our day to day life. In the digitalized world most of our day to day activities rely on mobile phone like banking activities, wallet payments, credentials, social accounts etc. Our system works in such a way that if there is an advantage to a technology there also exists a disadvantage. Every users have all their private and sensitive data in their mobile phones and download random applications from different platforms like play store, App store etc. There is a huge possibility that the applications downloaded are malicious applications. The existing system provides a solution for detection of such applications with the help of antivirus which has pre-built signatures that can be used to obtain an already existing malware which can be modified and manipulated by the hacker if they tend to do so. In this project, our purpose is to identify the malicious applications using Machine learning. By combining both static analysis and dynamic analysis we can use a Hybrid approach for analysing and detecting malware threats in android applications using Recurrent Neural Network (RNN). The main aim of this project will be to ensure that the application installed is benign, if it is not, it should block such applications and notify the user.

Download Full-text

A first look at Android applications in Google Play related to COVID-19

Empirical Software Engineering ◽

10.1007/s10664-021-09943-x ◽

2021 ◽

Vol 26 (4) ◽

Cited By ~ 1

Author(s):

Jordan Samhi ◽

Kevin Allix ◽

Tegawendé F. Bissyandé ◽

Jacques Klein

Keyword(s):

Mobile Apps ◽

Contact Tracing ◽

Location Tracking ◽

Response Effort ◽

Sensitive Data ◽

Android Apps ◽

Digital World ◽

Public Health Organizations ◽

Android Applications ◽

Google Play

AbstractDue to the convenience of access-on-demand to information and business solutions, mobile apps have become an important asset in the digital world. In the context of the COVID-19 pandemic, app developers have joined the response effort in various ways by releasing apps that target different user bases (e.g., all citizens or journalists), offer different services (e.g., location tracking or diagnostic-aid), provide generic or specialized information, etc. While many apps have raised some concerns by spreading misinformation or even malware, the literature does not yet provide a clear landscape of the different apps that were developed. In this study, we focus on the Android ecosystem and investigate Covid-related Android apps. In a best-effort scenario, we attempt to systematically identify all relevant apps and study their characteristics with the objective to provide a first taxonomy of Covid-related apps, broadening the relevance beyond the implementation of contact tracing. Overall, our study yields a number of empirical insights that contribute to enlarge the knowledge on Covid-related apps: (1) Developer communities contributed rapidly to the COVID-19, with dedicated apps released as early as January 2020; (2) Covid-related apps deliver digital tools to users (e.g., health diaries), serve to broadcast information to users (e.g., spread statistics), and collect data from users (e.g., for tracing); (3) Covid-related apps are less complex than standard apps; (4) they generally do not seem to leak sensitive data; (5) in the majority of cases, Covid-related apps are released by entities with past experience on the market, mostly official government entities or public health organizations.

Download Full-text

Enhancing the accuracy of static analysis for detecting sensitive data leakage in Android by using dynamic analysis

Cluster Computing ◽

10.1007/s10586-017-1364-8 ◽

2017 ◽

Vol 22 (S1) ◽

pp. 1079-1085 ◽

Cited By ~ 3

Author(s):

Ly Hoang Tuan ◽

Nguyen Tan Cam ◽

Van-Hau Pham

Keyword(s):

Dynamic Analysis ◽

Static Analysis ◽

Sensitive Data

Download Full-text

Factors that Influence the Android Apps Permissions

International Journal of Software Engineering and Technologies (IJSET) ◽

10.11591/ijset.v1i2.4569 ◽

2016 ◽

Vol 1 (2) ◽

pp. 59

Author(s):

Normi Sham Awang Abu Bakar ◽

Iqram Mahmud

Keyword(s):

Not Given ◽

Sensitive Data ◽

Security Issues ◽

Android Apps ◽

Android Applications ◽

Android Market ◽

Malicious Apps ◽

The Right ◽

User Ratings ◽

Average User

The Android Market is the official (and primary) storefor Android applications. The Market provides users with average user ratings, user reviews, descriptions, screenshots,and permissions to help them select applications. Generally, prior to installation of the apps, users need to agree on the permissions requested by the apps, they are not given any other option. Essentially, users may not aware on some security issues that may arise from the permissions. Some apps request the right to manipulate sensitive data, such as GPS location, photos, calendar, contact, email and files. In this paper, we explain the sources of sensitive data, what the malicious apps can do to the data, and apply the empirical software engineering analysis to find the factors that could potentially influence the permissions in Android apps. In addition, we also highlight top ten most implemented permissions in Android apps and also analyse the permissions for the apps categories in Android.

Download Full-text

Machine Learning Based Malicious Android Application Detection

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2020.9212 ◽

2020 ◽

Vol 17 (8) ◽

pp. 3468-3472

Author(s):

S. L. Jany Shabu ◽

Rohan Loganathan Reddy ◽

V. Maria Anu ◽

L. Mary Gladence ◽

J. Refonaa

Keyword(s):

Machine Learning ◽

Mobile Application ◽

Learning Algorithms ◽

Identity Theft ◽

Machine Learning Algorithms ◽

Android Application ◽

Sensitive Data ◽

Android Applications ◽

Malicious Apps

The ultimate aim of the project is to improve permission for detecting the malicious android mobile application using machine learning algorithms. In recent years, the usages of smartphones are increasing steadily and also growth of Android application users are increasing. Due to growth of Android application users, some intruders are creating malicious android applications as a tool to steal the sensitive data and identity theft/fraud mobile bank, mobile wallets. There are so many malicious applications detection tools and software are available. But an effectiveness of malicious applications detection tools is the need for the hour. They are needed to tackle and handle new complex malicious apps created by intruder or hackers.

Download Full-text

Technique of Code Obfuscation Based on Class Splitting

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.271-272.636 ◽

2012 ◽

Vol 271-272 ◽

pp. 636-640

Author(s):

Yong Yong Sun ◽

Guang Qiu Huang

Keyword(s):

Reverse Engineering ◽

Static Analysis ◽

Object Oriented ◽

Class Structure ◽

Software Protection ◽

Sensitive Data ◽

Code Obfuscation ◽

Engineering Software ◽

Definition Of

The security of software is threatened by piracy, tampering and reverse engineering. Attackers attempt to get important algorithms and sensitive data of software by static analysis or reverse engineering. Software protection becomes an important problem. The algorithm of code obfuscation based on class splitting is proposed that uses of obfuscation technology. The definition of class splitting and realization on algorithm are described. At the same time, the performance on algorithm is analyzed. The obfuscation method enhances the degree of complication about program and static analysis becomes more difficult. The algorithm is applicable to object-oriented program with class structure.

Download Full-text

AndroShield: Automated Android Applications Vulnerability Detection, a Hybrid Static and Dynamic Analysis Approach

Information ◽

10.3390/info10100326 ◽

2019 ◽

Vol 10 (10) ◽

pp. 326 ◽

Cited By ~ 3

Author(s):

Amr Amin ◽

Amgad Eldessouki ◽

Menna Tullah Magdy ◽

Nouran Abdeen ◽

Hanan Hindy ◽

...

Keyword(s):

Dynamic Analysis ◽

Static Analysis ◽

Mobile Applications ◽

Web Application ◽

Hybrid Approach ◽

High Rate ◽

Vulnerability Detection ◽

Security Testing ◽

Static And Dynamic Analysis ◽

Android Applications

The security of mobile applications has become a major research field which is associated with a lot of challenges. The high rate of developing mobile applications has resulted in less secure applications. This is due to what is called the “rush to release” as defined by Ponemon Institute. Security testing—which is considered one of the main phases of the development life cycle—is either not performed or given minimal time; hence, there is a need for security testing automation. One of the techniques used is Automated Vulnerability Detection. Vulnerability detection is one of the security tests that aims at pinpointing potential security leaks. Fixing those leaks results in protecting smart-phones and tablet mobile device users against attacks. This paper focuses on building a hybrid approach of static and dynamic analysis for detecting the vulnerabilities of Android applications. This approach is capsuled in a usable platform (web application) to make it easy to use for both public users and professional developers. Static analysis, on one hand, performs code analysis. It does not require running the application to detect vulnerabilities. Dynamic analysis, on the other hand, detects the vulnerabilities that are dependent on the run-time behaviour of the application and cannot be detected using static analysis. The model is evaluated against different applications with different security vulnerabilities. Compared with other detection platforms, our model detects information leaks as well as insecure network requests alongside other commonly detected flaws that harm users’ privacy. The code is available through a GitHub repository for public contribution.

Download Full-text