Efficient Privacy Leakage Discovery for Android Applications Based on Static Analysis

Mobile phones has become very integral part in our day to day life. In the digitalized world most of our day to day activities rely on mobile phone like banking activities, wallet payments, credentials, social accounts etc. Our system works in such a way that if there is an advantage to a technology there also exists a disadvantage. Every users have all their private and sensitive data in their mobile phones and download random applications from different platforms like play store, App store etc. There is a huge possibility that the applications downloaded are malicious applications. The existing system provides a solution for detection of such applications with the help of antivirus which has pre-built signatures that can be used to obtain an already existing malware which can be modified and manipulated by the hacker if they tend to do so. In this project, our purpose is to identify the malicious applications using Machine learning. By combining both static analysis and dynamic analysis we can use a Hybrid approach for analysing and detecting malware threats in android applications using Recurrent Neural Network (RNN). The main aim of this project will be to ensure that the application installed is benign, if it is not, it should block such applications and notify the user.

Download Full-text

AndroShield: Automated Android Applications Vulnerability Detection, a Hybrid Static and Dynamic Analysis Approach

Information ◽

10.3390/info10100326 ◽

2019 ◽

Vol 10 (10) ◽

pp. 326 ◽

Cited By ~ 3

Author(s):

Amr Amin ◽

Amgad Eldessouki ◽

Menna Tullah Magdy ◽

Nouran Abdeen ◽

Hanan Hindy ◽

...

Keyword(s):

Dynamic Analysis ◽

Static Analysis ◽

Mobile Applications ◽

Web Application ◽

Hybrid Approach ◽

High Rate ◽

Vulnerability Detection ◽

Security Testing ◽

Static And Dynamic Analysis ◽

Android Applications

The security of mobile applications has become a major research field which is associated with a lot of challenges. The high rate of developing mobile applications has resulted in less secure applications. This is due to what is called the “rush to release” as defined by Ponemon Institute. Security testing—which is considered one of the main phases of the development life cycle—is either not performed or given minimal time; hence, there is a need for security testing automation. One of the techniques used is Automated Vulnerability Detection. Vulnerability detection is one of the security tests that aims at pinpointing potential security leaks. Fixing those leaks results in protecting smart-phones and tablet mobile device users against attacks. This paper focuses on building a hybrid approach of static and dynamic analysis for detecting the vulnerabilities of Android applications. This approach is capsuled in a usable platform (web application) to make it easy to use for both public users and professional developers. Static analysis, on one hand, performs code analysis. It does not require running the application to detect vulnerabilities. Dynamic analysis, on the other hand, detects the vulnerabilities that are dependent on the run-time behaviour of the application and cannot be detected using static analysis. The model is evaluated against different applications with different security vulnerabilities. Compared with other detection platforms, our model detects information leaks as well as insecure network requests alongside other commonly detected flaws that harm users’ privacy. The code is available through a GitHub repository for public contribution.

Download Full-text

S3ntinel: An Extensible Static Analysis Framework for Android Applications

2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA) ◽

10.1109/iccubea.2018.8697714 ◽

2018 ◽

Author(s):

Shreyans Doshi ◽

Irfan Siddavatam

Keyword(s):

Static Analysis ◽

Analysis Framework ◽

Android Applications

Download Full-text

Asynchrony-aware static analysis of Android applications

2016 ACM/IEEE International Conference on Formal Methods and Models for System Design (MEMOCODE) ◽

10.1109/memcod.2016.7797761 ◽

2016 ◽

Author(s):

Ashish Mishra ◽

Aditya Kanade ◽

Y. N. Srikant

Keyword(s):

Static Analysis ◽

Android Applications

Download Full-text

Random GUI Testing of Android Application Using Behavioral Model

International Journal of Software Engineering and Knowledge Engineering ◽

10.1142/s0218194017400149 ◽

2017 ◽

Vol 27 (09n10) ◽

pp. 1603-1612 ◽

Cited By ~ 1

Author(s):

Woramet Muangsiri ◽

Shingo Takada

Keyword(s):

Static Analysis ◽

State Of The Art ◽

Evaluation Criteria ◽

Behavioral Model ◽

Code Coverage ◽

Gui Testing ◽

Testing Tools ◽

Current State ◽

Android Applications ◽

Manual Testing

Automated GUI testing based on behavioral model is one of the most efficient testing approaches. By mining user usage, test scenarios can be generated based on statistical models such as Markov chain. However, these works require static analysis before starting the exploration which requires too much prerequisites and time. To address these challenges, we propose a behavioral-based GUI testing approach for mobile applications that achieves faster and higher coverage. The proposed approach does not conduct static analysis. It creates a behavioral model from usage logs by applying a statistical model. The events within the behavioral model are mapped to GUI components in a GUI tree. Finally, it updates the model dynamically to increase the probability of an event that rarely or never occurs when users use the application. The proposed approach was evaluated on four open-source Android applications, and compared with the state-of-the-art tools and manual testing. The main evaluation criteria are code coverage and ability to find errors. The proposed approach performed better than the current state-of-the-art automated testing tools in most aspects.

Download Full-text