Static and Dynamic Analysis of Android Malware and Goodware Written with Unity Framework

Unity is the most popular cross-platform development framework to develop games for multiple platforms such as Android, iOS, and Windows Mobile. While Unity developers can easily develop mobile apps for multiple platforms, adversaries can also easily build malicious apps based on the “write once, run anywhere” (WORA) feature. Even though malicious apps were discovered among Android apps written with Unity framework (Unity apps), little research has been done on analysing the malicious apps. We propose static and dynamic reverse engineering techniques for malicious Unity apps. We first inspect the executable file format of a Unity app and present an effective static analysis technique of the Unity app. Then, we also propose a systematic technique to analyse dynamically the Unity app. Using the proposed techniques, the malware analyst can statically and dynamically analyse Java code, native code in C or C ++, and the Mono runtime layer where the C# code is running.

Download Full-text

The Price is (Not) Right: Comparing Privacy in Free and Paid Apps

Proceedings on Privacy Enhancing Technologies ◽

10.2478/popets-2020-0050 ◽

2020 ◽

Vol 2020 (3) ◽

pp. 222-242 ◽

Cited By ~ 1

Author(s):

Catherine Han ◽

Irwin Reyes ◽

Álvaro Feal ◽

Joel Reardon ◽

Primal Wijesekera ◽

...

Keyword(s):

Data Collection ◽

Dynamic Analysis ◽

Online Survey ◽

Mobile Apps ◽

Third Party ◽

Security And Privacy ◽

Consumer Privacy ◽

Static And Dynamic Analysis ◽

Android Apps ◽

Collection Practices

AbstractIt is commonly assumed that “free” mobile apps come at the cost of consumer privacy and that paying for apps could offer consumers protection from behavioral advertising and long-term tracking. This work empirically evaluates the validity of this assumption by comparing the privacy practices of free apps and their paid premium versions, while also gauging consumer expectations surrounding free and paid apps. We use both static and dynamic analysis to examine 5,877 pairs of free Android apps and their paid counterparts for differences in data collection practices and privacy policies between pairs. To understand user expectations for paid apps, we conducted a 998-participant online survey and found that consumers expect paid apps to have better security and privacy behaviors. However, there is no clear evidence that paying for an app will actually guarantee protection from extensive data collection in practice. Given that the free version had at least one thirdparty library or dangerous permission, respectively, we discovered that 45% of the paid versions reused all of the same third-party libraries as their free versions, and 74% of the paid versions had all of the dangerous permissions held by the free app. Likewise, our dynamic analysis revealed that 32% of the paid apps exhibit all of the same data collection and transmission behaviors as their free counterparts. Finally, we found that 40% of apps did not have a privacy policy link in the Google Play Store and that only 3.7% of the pairs that did reflected differences between the free and paid versions.

Download Full-text

Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2018-0030 ◽

2018 ◽

Vol 2018 (4) ◽

pp. 33-50 ◽

Cited By ~ 3

Author(s):

Elleen Pan ◽

Jingjing Ren ◽

Martina Lindorfer ◽

Christo Wilson ◽

David Choffnes

Keyword(s):

Large Scale ◽

Mobile Apps ◽

Video Data ◽

Multimedia Data ◽

Third Party ◽

Sensor Data ◽

Personal Privacy ◽

Static And Dynamic Analysis ◽

Android Apps ◽

Privacy Risks

Abstract The high-fidelity sensors and ubiquitous internet connectivity offered by mobile devices have facilitated an explosion in mobile apps that rely on multimedia features. However, these sensors can also be used in ways that may violate user’s expectations and personal privacy. For example, apps have been caught taking pictures without the user’s knowledge and passively listened for inaudible, ultrasonic audio beacons. The developers of mobile device operating systems recognize that sensor data is sensitive, but unfortunately existing permission models only mitigate some of the privacy concerns surrounding multimedia data. In this work, we present the first large-scale empirical study of media permissions and leaks from Android apps, covering 17,260 apps from Google Play, AppChina, Mi.com, and Anzhi. We study the behavior of these apps using a combination of static and dynamic analysis techniques. Our study reveals several alarming privacy risks in the Android app ecosystem, including apps that over-provision their media permissions and apps that share image and video data with other parties in unexpected ways, without user knowledge or consent. We also identify a previously unreported privacy risk that arises from third-party libraries that record and upload screenshots and videos of the screen without informing the user and without requiring any permissions.

Download Full-text

Browser App Approach: Can It Be an Answer to the Challenges in Cross-Platform App Development?

Journal of Information Technology Education Innovations in Practice ◽

10.28945/3667 ◽

2017 ◽

Vol 16 ◽

pp. 047-068

Author(s):

Minh Q. Huynh ◽

Prashant Ghimire

Keyword(s):

Mobile Apps ◽

Mobile App ◽

Future Research ◽

High Learning ◽

App Development ◽

Development Framework ◽

Technical Students ◽

Cross Platform ◽

Development Approach ◽

Hybrid Development

Aim/Purpose: As smartphones proliferate, many different platforms begin to emerge. The challenge to developers as well as IS educators and students is how to learn the skills to design and develop apps to run on cross-platforms. Background: For developers, the purpose of this paper is to describe an alternative to the complex native app development. For IS educators and students, the paper provides a feasible way to learn and develop fully functional mobile apps without technical burdens. Methodology: The methods used in the development of browser-based apps is prototyping. Our proposed approach is browser-based, supports cross-platforms, uses open-source standards, and takes advantage of “write-once-and-run-anywhere” (WORA) concept. Contribution: The paper illustrates the application of the browser-based approach to create a series of browser apps without high learning curve. Findings: The results show the potentials for using browser app approach to teach as well as to create new apps. Recommendations for Practitioners : Our proposed browser app development approach and example would be useful to mobile app developers/IS educators and non-technical students because the source code as well as documentations in this project are available for downloading. Future Research: For further work, we discuss the use of hybrid development framework to enhance browser apps.

Download Full-text

Identifying Android Malware Using Network-Based Approaches

Proceedings of the AAAI Conference on Artificial Intelligence ◽

10.1609/aaai.v33i01.33019911 ◽

2019 ◽

Vol 33 ◽

pp. 9911-9912

Author(s):

Emily Alfs ◽

Doina Caragea ◽

Nathan Albin ◽

Pietro Poggi-Corradini

Keyword(s):

Ground Truth ◽

Label Propagation ◽

Android Malware ◽

Feature Vectors ◽

Android Apps ◽

Malicious Behavior ◽

Binary Feature ◽

Significant Damage ◽

Robust Techniques ◽

Malicious Apps

The proliferation of Android apps has resulted in many malicious apps entering the market and causing significant damage. Robust techniques that determine if an app is malicious are greatly needed. We propose the use of a network-based approach to effectively separate malicious from benign apps, based on a small labeled dataset. The apps in our dataset come from the Google Play Store and have been scanned for malicious behavior using Virus Total to produce a ground truth dataset with labels malicous or benign. The apps in the resulting dataset have been represented using binary feature vectors (where the features represent permissions, intent actions, discriminative APIs, obfuscation signatures, and native code signatures). We have used the feature vectors corresponding to apps to build a weighted network that captures the “closeness” between apps. We propagate labels from the labeled apps to unlabeled apps, and evaluate the effectiveness of the proposed approach using the F1-measure. We have conducted experiments to compare three variants of the label propagation approaches on datasets that include increasingly larger amounts of labeled data. The results have shown that a variant proposed in this study gives the best results overall.

Download Full-text

A first look at Android applications in Google Play related to COVID-19

Empirical Software Engineering ◽

10.1007/s10664-021-09943-x ◽

2021 ◽

Vol 26 (4) ◽

Cited By ~ 1

Author(s):

Jordan Samhi ◽

Kevin Allix ◽

Tegawendé F. Bissyandé ◽

Jacques Klein

Keyword(s):

Mobile Apps ◽

Contact Tracing ◽

Location Tracking ◽

Response Effort ◽

Sensitive Data ◽

Android Apps ◽

Digital World ◽

Public Health Organizations ◽

Android Applications ◽

Google Play

AbstractDue to the convenience of access-on-demand to information and business solutions, mobile apps have become an important asset in the digital world. In the context of the COVID-19 pandemic, app developers have joined the response effort in various ways by releasing apps that target different user bases (e.g., all citizens or journalists), offer different services (e.g., location tracking or diagnostic-aid), provide generic or specialized information, etc. While many apps have raised some concerns by spreading misinformation or even malware, the literature does not yet provide a clear landscape of the different apps that were developed. In this study, we focus on the Android ecosystem and investigate Covid-related Android apps. In a best-effort scenario, we attempt to systematically identify all relevant apps and study their characteristics with the objective to provide a first taxonomy of Covid-related apps, broadening the relevance beyond the implementation of contact tracing. Overall, our study yields a number of empirical insights that contribute to enlarge the knowledge on Covid-related apps: (1) Developer communities contributed rapidly to the COVID-19, with dedicated apps released as early as January 2020; (2) Covid-related apps deliver digital tools to users (e.g., health diaries), serve to broadcast information to users (e.g., spread statistics), and collect data from users (e.g., for tracing); (3) Covid-related apps are less complex than standard apps; (4) they generally do not seem to leak sensitive data; (5) in the majority of cases, Covid-related apps are released by entities with past experience on the market, mostly official government entities or public health organizations.

Download Full-text

Android Malware Detection Combined with Static and Dynamic Analysis

Proceedings of the 2019 the 9th International Conference on Communication and Network Security ◽

10.1145/3371676.3371685 ◽

2019 ◽

Author(s):

Jianing Zhang ◽

Xingtao Zhuang ◽

Yunfang Chen

Keyword(s):

Dynamic Analysis ◽

Malware Detection ◽

Android Malware ◽

Static And Dynamic Analysis ◽

Android Malware Detection

Download Full-text

Factors that Influence the Android Apps Permissions

International Journal of Software Engineering and Technologies (IJSET) ◽

10.11591/ijset.v1i2.4569 ◽

2016 ◽

Vol 1 (2) ◽

pp. 59

Author(s):

Normi Sham Awang Abu Bakar ◽

Iqram Mahmud

Keyword(s):

Not Given ◽

Sensitive Data ◽

Security Issues ◽

Android Apps ◽

Android Applications ◽

Android Market ◽

Malicious Apps ◽

The Right ◽

User Ratings ◽

Average User

The Android Market is the official (and primary) storefor Android applications. The Market provides users with average user ratings, user reviews, descriptions, screenshots,and permissions to help them select applications. Generally, prior to installation of the apps, users need to agree on the permissions requested by the apps, they are not given any other option. Essentially, users may not aware on some security issues that may arise from the permissions. Some apps request the right to manipulate sensitive data, such as GPS location, photos, calendar, contact, email and files. In this paper, we explain the sources of sensitive data, what the malicious apps can do to the data, and apply the empirical software engineering analysis to find the factors that could potentially influence the permissions in Android apps. In addition, we also highlight top ten most implemented permissions in Android apps and also analyse the permissions for the apps categories in Android.

Download Full-text

A Framework for Modernizing Non-Mobile Software

Advances in Business Information Systems and Analytics - Protocols and Applications for the Industrial Internet of Things ◽

10.4018/978-1-5225-3805-9.ch007 ◽

2018 ◽

pp. 192-224 ◽

Cited By ~ 1

Author(s):

Liliana Favre

Keyword(s):

Model Driven Engineering ◽

Mobile Platforms ◽

Business World ◽

Model Driven ◽

Mobile Software ◽

Cross Platform ◽

Software Modernization ◽

High Degree ◽

The Internet Of Things ◽

Java Code

New paradigms such as pervasive computing, cloud computing, and the internet of things (IoT) are transforming the software industry and the business world. Organizations need to redesign their models and processes to be sustainable. Smartphones are at the core of these paradigms, letting us locate and easily interact with the world around us. Frequently, the development of mobile software requires of the adaption of valuable and tested non-mobile software. Most challenges in this kind of software modernization are related to the diversity of platforms on the smartphones market and to the need of systematic and reusable processes with a high degree of automation that reduce time, cost, and risks. This chapter proposes a modernization framework based on model-driven engineering (MDE). It allows integrating legacy code with the native behaviors of the different mobile platform through cross-platform languages. Realizations of the framework for the migration of C/C++ or Java code to mobile platforms through the Haxe multiplatform language are described.

Download Full-text

HEPCon – A Cross-Platform Mobile Application for HEP Events

EPJ Web of Conferences ◽

10.1051/epjconf/201921405034 ◽

2019 ◽

Vol 214 ◽

pp. 05034

Author(s):

Martin Vassilev ◽

Vassil Vassilev ◽

Alexander Penev ◽

Petya Vassileva

Keyword(s):

Mobile Application ◽

High Energy Physics ◽

High Energy ◽

Mobile App ◽

Android Apps ◽

Code Base ◽

Cross Platform ◽

Sqlite Database ◽

Energy Physics ◽

Community Standard

Collaboration in research is essential for saving time and money. The field of high-energy physics (HEP) is no different. The higher level of collaboration the stronger the community. The HEP field encourages organizing various events in format and size such as meetings, workshops and conferences. Making attending a HEP event easier leverages cooperation and dialogue and this is what makes Indico service defacto a community standard. The paper describes HEPCon, a cross-platform mobile application which collects all information available on Indico and makes it available on a portable device. It keeps most of the data locally which speeds up the interaction. HEP-Con uses a shared code base which allows easy multiplatform development and support. There are iOS and Android implementations available for free download. The project is based on C# and we use the Xamarin mobile app technology for building native iOS and Android apps. SQLite database is responsible for retrieving and storing conference data. The app can be used to preview data from past CHEP conferences but the tool is implemented generic enough to support other Indico events.

Download Full-text

RoughDroid: Operative Scheme for Functional Android Malware Detection

Security and Communication Networks ◽

10.1155/2018/8087303 ◽

2018 ◽

Vol 2018 ◽

pp. 1-10 ◽

Cited By ~ 12

Author(s):

Khaled Riad ◽

Lishan Ke

Keyword(s):

False Positive Rate ◽

Experimental Results ◽

Android Application ◽

Android Malware ◽

Feature Sets ◽

Android Malware Detection ◽

Analysis Technique ◽

Positive Rate ◽

Pass Through ◽

Google Play

There are thousands of malicious applications that invade Google Play Store every day and seem to be legal applications. These malicious applications have the ability to link the malware referred to as Dresscode created for network hacking as well as scrolling information. Since Android smartphones are indispensable, there should be an efficient and also unusual protection. Therefore, Android smartphones usually continue to be safeguarded from novel malware. In this paper, we propose RoughDroid, a floppy analysis technique that can discover Android malware applications directly on the smartphone. RoughDroid is based on seven feature sets (FS1,FS2,…,FS7) from the XML manifest file of an Android application, plus three feature sets (FS8,FS9, and FS10) from the Dex file. Those feature sets pass through the Rough Set algorithm to elastically classify the Android application as either benign or malicious. The experimental results mainly consider 20 most common malware families, plus three new malware families (Grabos, TrojanDropper.Agent.BKY, and AsiaHitGroup) that invade Google Play Store at 2017. According to the experimental results, RoughDroid has 95.6% detection performance for the malware families at 1% false-positive rate. Finally, RoughDroid is a lightweight approach for straightly examining downloaded applications on the smartphone.

Download Full-text