ArticlePDF Available

Analysis of Malicious Behavior of Android Apps

Authors:

Abstract and Figures

As increasing in number of Android phones there is simultaneous increase in mobile malware apps which performs malicious activities such as misusing user's private information as sending messages i.e. SMS, reading users contact information and can harm user by exploiting the user's confidential data which is stored in mobile. Malware are speeded not only infecting the user's data but also harming several organizations in term of stealing of private and confidential data. Hence Malware classification and identification is a critical issue. Android users are unaware about several apps which they are using whether they are malware infected or not. Android applications require the concept of permission mechanism to show that apps are using certain permissions to get access to information from your device. Android apps which are installed in the smart phones get access to all the required permission during installation of apps. Google assure their customer in terms of security about the apps which are available to download from there play store. Android operating system is open system and it allows users to install any applications downloaded from any unsafe site. However permission mechanism is still very diminutive defense mechanism to assure that the applications can harm to user. Therefore in this paper we propose the Malware characterization from manifest file and allows user to improve the efficiency of Android permission to inform user about the risk of Android permission and apps.
Content may be subject to copyright.
Procedia Computer Science 79 ( 2016 ) 215 220
Available online at www.sciencedirect.com
1877-0509 © 2016 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license
(http://creativecommons.org/licenses/by-nc-nd/4.0/).
Peer-review under responsibility of the Organizing Committee of ICCCV 2016
doi: 10.1016/j.procs.2016.03.028
ScienceDirect
7th International Conference on Communication, Computing and Virtualization 2016
Analysis of Malicious Behavior of Android Apps
Pooja Singh, Pankaj Tiwari, Dr. Santosh Singh
AMET Univeristy,Chennai
JJT University ,Rajasthan
Abstract
As increasing in number of Android phones there is simultaneous increase in mobile malware apps which performs
malicious activities such as misusing user’s private information as sending messages i.e. SMS, reading users contact
information and can harm user by exploiting the user’s confidential data which is stored in mobile. Malware are
speeded not only infecting the user’s data but also harming several organizations in term of stealing of private and
confidential data. Hence Malware classification and identif
ication is a critical issue. Android users are unaware
about several apps which they are using whether they are malware infected or not. Android applications require the
concept of permission mechanism to show that apps are using certain permissions to get access to information from
your device. Android apps which are installed in the smart phones get access to all the required permission during
installation of apps. Google assure their customer in terms of security about the apps which are available to
download from there play store. Android operating system is open system and it allows users to install any
applications downloaded from any unsafe site. However permission mechanism is still very diminutive defense
mechanism to assure that the applications can harm to user. Therefore in this paper we propose the Malware
characterization from manifest file and allows user to improve the efficiency of Android permission to inform user
about the risk of Android permission and apps.
© 2016 The Authors. Published by Elsevier B.V.
Peer-review under responsibility of the Organizing Committee of ICCCV 2016.
Keywords:Andoid Security,permissions,maware apps
© 2016 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license
(http://creativecommons.org/licenses/by-nc-nd/4.0/).
Peer-review under responsibility of the Organizing Committee of ICCCV 2016
216 Pooja Singh et al. / Procedia Computer Science 79 ( 2016 ) 215 – 220
Introduction
As increase in development of internet, the mobile internet is need of hour. As with the popularity and the fast
d
evelopment of Android OS, the security of Android OS is major challenge. As Android is very popular mobile OS
h
ence its demand is increasing day by day with the increase in the challenge to safeguard an apps installed on users
device
which is connected to world of internet most of the time. These devices are more prone to the attack by the
ap
ps installed on their device called as malware. Report says that Android OS is first choice for the malicious
software designers to attack Android OS. The main purpose of this pap
er is to analyze the Android apps properly
and using static and dynamic analysis methods to show the behavior of apps leaking users private information.
Privacy leakage in this paper means the stealing of user’s confidential information by getting the unauthorized
access to resources during installation such as Device ID, contacts, call records, location information etc. and send
th
ese information through messages or network. As if now the methods of finding users data privacy and leakage of
inf
ormation in Smartphone has mainly two types, static and dynamic. Static analysis means to focus on control flow,
data flow and structural analysis [3]. As Androids major part is written in java programming language which has
larg
e number of function calls static analysis is not as effective as dynamic. As compared to static, dynamic analysis
is
concerned about sandboxing and dynamic taint tracking method. Sandboxing is the way of isolating android OS.
Some background researches on Android security are mentioned as follows:
1. Kui Luo proposed a byte code converter, converting DVM code into Java [6].
2. Leonid Batyuk projected a method by decompiling sample applications not touching the core function,
A
lthough International Journal of Network Security, Vol.18, No.1, PP.182-192, Jan. 2016 183 this method
can
analyze the sample malware code effectively, it is unsatisfactory when the target program has been
obfuscated.
3. Enck implemented a Dalvik decompiler, DED, by using
the static analysis package tool. The tool use
Fortify SCA to analyze the application's control flow, dataflow, structure and semantics [7].
4. Qian et al also depends on Dalvik decom
piling and gives a basic two-step framework for Android malware
behavior monitoring [8].
5. ComDroid analyzes the DEX byte code disassembled by
Dedexer, and checks the Intent creation and
transmission to identify the program broadcast hijacking vulnerabilities [9].
6. ScanDroid extracts the security specification from co
nfiguration files of Android application and checks
the consistency between the application dataflow and the specification [10]. ScanDroid is based on the
WALA analysis framework, can only evaluate the open source applications.
1.1. Android basic Architecture
Android operating system is designed on basis of Linux
kernel and is developed by the Google [4]. Android has a
layered architecture, including the Linux kernel layer, middle layer and application layer, which can provide
co
nsistent services for the upper layer, masks the differences of the current layer and lower layer [5]. The middle
layer of android performs center functions which can be implemented by programming languages like
J
AVA/C/C++. Most of the applications running on Android are written in Java programming language, and then
th
ese multiple java class files are converted to dex format by the Android dextojar tool. Each Android application is
an independent instance to run in DVM, and has a unique identification number known as PID. Figure 1 gives brief
information about architecture of an Android operating system. Dalvik Virtual Machine (DVM) [4] is the main
co
mponent of Android platform as compared to other components of the Android. It fully supports all Java
ap
plications which are converted to dex (Dalvik Executable) format. The dex format is compressed format of Dalvik
executable code, which is suitable f
or memory and processor speed. Dalvik code is accountable for process
segregation and thread management. Each Android application corresponds to a sep
arate instance of Dalvik virtual
machine, and can be executed in virtual machine.
217
Pooja Singh et al. / Procedia Computer Science 79 ( 2016 ) 215 – 220
Fig. 1 Android Architecture
1.2. Android security issue
Android security model is similar to Linux as it is designed on Linux kernel [4]. The main part of Android security
model mainly includes the sandbox, application signature and permission mechanism. The permission mechanism
limits applications to access user's private data (i.e. telephone numbers, contacts etc.), resources (i.e. log files) and
s
ystem interface (i.e. Internet, GPS etc.). In permission mechanism, the phone's resources are organized by different
categories, and each category corresponds to one kind of accessed resource.
If an application requires access to certain resources, it n
eeds to have the corresponding permissions. Although this
mechanism is simple, it also has some defects that cannot protect the user's private information adequately. Some
researchers, Ontang et al questioned Android security model, and pointed out that the current Android permissions
m
odel cannot meet certain security requirements. Enck proposed Kirin [10], a detection tool, to enhance existing
A
ndroid permissions model.
Based on a set of policy, Kirin has used to determine whether to grant the requested permissions to applications and
through the analysis of the An
droid application's Manifest file to ensure the granted permission in accordance with
system strategy. Android permissions mechanism is coarse-grained [4].
Fig 2. APK conversion steps
The application required permissions must be granted all before installed and cannot be changed after installation.
T
his permission model leads to certain potential security threats. On the one hand, permissions to access private data
wi
ll be decided by users. For those non-security awareness users, the permission granting process is casual and
blin
d. During the installation phase, if the program obtains permissions to access privacy information, then can be
arbitrary abuse of user’s privacy and sensitive data at any time. On the other hand, the mechanism cannot effectively
prevent per
mission escalation attacks. Applications can take advantage of a combination of permissions to steal the
use
r's sensitive data. In order to reveal Android ap
ps leaking user privacy information behavior, according to the
218 Pooja Singh et al. / Procedia Computer Science 79 ( 2016 ) 215 – 220
Android OS security mechanism, this paper proposed a malicious behavior analysis model combining the dynamic
and static method, which will be discussed in detail in the next sections.
2. Android Applications Malicious Behavior Analysis
2.1. Analyzing Behaviors of Android apps
Different methods for doing malware analysis are: static and dynamic approach. Static anal
ysis is based on
program's source code. It has maximum advantage of exposure and it helps to analyze the source code broadly.
Ho
wever static method is based on source code. And if we cannot get the target source code, through decompiling
or reverse en
gineering, it is hard to analyze the program accurately, especially in the occasion that the target
program has been malicious File.
Dynamic analysis points to the exploration of run-time performance by running the program. This type of method is
precise for finding the actual malicious code behavior. Meanwhile, the dynamic method has its own disadvantages
becau
se of its inadequate execution exposure, that is to say we cannot gu
arantee all of the running paths have been
trigged during the test. In this paper, we present a combination of static and dynamic security analysis model that
can make up for their shortcomings with each other, performs the analysis of malicious performance more widely
and correctly. Fig. 2 explains the whole steps. Before analyzing the Android ap
plication, APK (android application
package) needs to be decompiled to get the corresponding configuration and Smali [11] files. Among them, the
configuration file with the format of AndroidManifest.xml is mainly used for permissions filtering stage, and the
Smali files are mainly applied to dynamic monitoring m
odule. First of all, we choose those suspicious applications
with great potential to leak user's privacy. Then if a program is suspicious, enter into the dynamic monitoring
module, where input the target Smali codes, embed some tracking code, repackage and re-sign the APK. In future,
on
ce the APK is running, we can dynamically monitor the behavior of privacy leakage and give immediate alarm for
users. And those alerts or logs can be used for further detailed analysis manually or automatically. Next, we will
discuss the three core components of the framework: APK Static Decompiler, Permission Filtering Module and
Dynamic Monitoring Module.
2.2 APK Static De-compilation
Before permission filtering and dynamic monitoring
, we need to extract the Android application's
AndroidManifest.xml file and smali files equivalent to the target APK. The Android application
is an installation
package ended with suffix.apk (an acronym for Android Package). APK is same as to .exe (executable) file in
co
mputer, after installed can be executed in Android OS immediately. APK is actually a compressed file compliance
with the ZIP format, which can be extracted by popular .zip compatible decompression tools. In addition, it must be
n
oted that most applications are code-obfuscated, and the unzipped file is not able to an
alyze directly. It should be
decompiled to extract its resource, permissions, and the intermediate representation files. In this paper the
ap
ktool[12] is used for decompiling. The file structure of .APK file in Android apps after decompilation is shown in
T
able 1.
Table 1: The file structure after APK decompiled
Directory/File
Description
res
Application's resource file, including pictures, sound, video and etc.
smali
Dalvik register bytecode fies of APK
AndroidManifest.xml
The global configuration file of APK including the package name,
permissions, referenced libraries and other related information of the
ap
plication.
Apktool.yml
The configuration file of Apktool
Fig 2. APK to .Class conversion steps
219
Pooja Singh et al. / Procedia Computer Science 79 ( 2016 ) 215 – 220
2.3 Permission Module
There is some permission that may not exist risks by itself, but combination of permissions may exist a security
risk
. For example, an application applies for permissions to read phone state and sending messages, and there
may exist risk of transfer the phone number or IMEI out. Permissions module is based on a set of security
policies to
find out whether an application has some special risk perm
ission combinations. For all the Android
permissions, there are four types of security levels. Those are Normal, Dangerous, Signature and
SignatureOrSystem.
2.4 Dynamic Monitoring Module
We apply real-time monitoring by inserting monitoring code to th
e decompiled APK. The Android developers
write the application in Java, compiles it into Java byte code, and finally transfers to the Dalvik byte code which
can
be executed in DVM. So it easy to do reverse engineering by converting the Dalvik byte code to Java byte
code, then rewrite the Java byte code, and finally convert the rewritten Java byte code back to Dalvik byte
code. Still, this type of method does not work all the time. There are quite a few significant differences between
J
ava Virtual Machine and Dalvik Virtual Machine. JVM is based on stack while DVM is based on register. A
nu
mber of tools are available, such as dex2jar [11] and ded [7], which will convert Dalvik byte code to Java
by
te code. Still this is not a lossless converting; some information from the Java byte code is lost when being
co
nverted to Dalvik. These tools try to gather the lost details based on the context, but at times the inference is
def
ective. Even while these errors does not prevent static anal
ysis on the converted Java byte code, in our
experience they often lead to invalid Java byte code or later invalid Dalvik bytecode. After we convert an
ap
plication's Dalvik byte code to Java byte code (e.g. dex2jar) and then back to Dalvik
bytecode, the resulting
application does not run properly. So the possible way is to directly use the Dalvik byte code. Smali and
baks
mali are two assembler and disassembler respectively for the dex format used by the DVM. Smali is an
in
termediary depiction of Dalvik byte code. Smali can fully realized all the features of dex format (annotations,
deb
ug information, thread information, etc.). Moreover, dex and Smali can convert lossless between each other.
In this paper we try to directly rewrite Dalvik byte code, insert the monitoring Smali bytecode into the
decom
piled Smali files. The process of dynamic monitoring method is shown in Figure 4. In Figure 4, we can
obtain
Smali files from the static decompiling. Then locate the concrete position of the sensitive API, and insert
monitoring Smali byte code to each dissimilar susceptible API. After that we use apktool to repackage the
modified Smali byte code to create a new .APK and use the signature tool to re-sign it. Running the new APK
on
Android emulator, we can use logcat to view the runtime logs. It can generate a log on SD card which
records th
e detailed call information.
Fig 3. Converting .dex to .class of Android app BBCNews.Apk
220 Pooja Singh et al. / Procedia Computer Science 79 ( 2016 ) 215 – 220
Fig 4. Decoding smali code and AndroidMani
fest.xml of Android app BBCNews.apk
3. Conclusion
In this paper we proposed a two-step analysis of Android apps: static and dy
namic. At the initial stage the
permission related issues of applications are highlighted. The permission mechanism of Android OS provides the
facility to access all the required details during installation and once accepted the permission can’t be modified. To
stop this we use two mechanism i.e. static and dynamic methods to analyze the behavior of to find apps are
malicious or not. We use reverse engineering tools through which the .APK file is converted to .Class file and the
code is analyzed and changes are made and then it repackaged again using Smali byte code which is an intermediate
code of APK file. This smali code is inserted into process f
or monitoring purpose. This method can be used at wide
scale for monitoring service automatically. Further research will continue for monitoring the sensitive API in
Android and explore the vulnerability of the apps. At the same time to provide more dynamic analysis methods to
conduct more research.
References
1. D. Bornstein, Dalvik VM Internals, 2008.(https://sites.google.com/site/io/dalvik-vminternals)
2. http://onlinepresent.org/proceedings/vol35_2013/13.pdf
3. P. Hornyack, S. Han, J. Jung, S. schechter, and D.Wetherall, These aren't the droids you're looking for:
Retrofitting android to protect data from imperious applications," in Proceedings of the 18th ACM
Conference on Computer and Communications
4. Google, Android Security and Permissions, 2013.(http://d.android.com/guide/topics /security.html)
5. Google, Android Home Page, 2009. (http://www. android.com)
6. K. Luo, Using static analysis on android applications to identify private information leaks," Master
Dissertation of Kansas State University, 2011.
7. D. Octeau, W. Enck, and P. McDaniel, the DED Decompiler, 2011. (http://siis. cse. psu. edu/ ded/papers/
NAS-TR-0140-2010.pdf)
8. Q. Qian, J. Cai, and R. Zhang, Android malicious behavior detection based on sensitive api monitoring,
“in 2nd International Workshop on Security, pp. 54{57, Nov. 2013.
9. E. Chin, A. P. Felt, K. Greenwood, and D. Wagner,” Analyzing inter-application communication in
android, “in Proceedings of the 9th International Conference on
Mobile Systems, Applications and Service,
pp. 239{252, Washington, USA, June 2011.
10. W. Enck, M. Ongtang, and P. McDaniel, On lightweight mobile phone application certification," in
Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 235{245,
Chicago, USA, Nov. 2009.
11. Google, Dex2jar: Tools to Work with Android .dex and java .classes, 2013. (http://code. google. com/p/
dex2jar/)
12. D. Reynaud, D. Song, T. Magrino, E. Wu, and R. Shin, Freemarket: shopping for free in android
applications," in 19th Annual Network & Distributed System Security Symposium, Hilton San Diego,
USA,Feb. 2012.
... In the same year, [103] discussed the malware characterization that was implemented in the Android manifest file. Moreover, researchers gave the user the ability to improve the efficiency of Android permission which can inform the user about the risk of Android permission and apps [103]. ...
... In the same year, [103] discussed the malware characterization that was implemented in the Android manifest file. Moreover, researchers gave the user the ability to improve the efficiency of Android permission which can inform the user about the risk of Android permission and apps [103]. In 2014, [104] proposed an AppFork which allows users to isolate and secures two different entities on a single phone single, i.e, work, and active personal profiles. ...
Full-text available
Article
Android mobile apps gain access to numerous users’ private data. Users of different Android mobile apps have less control over their sensitive data during their installation and run-time. Too often, these apps consider data privacy less serious than users’ expectations. Many mobile apps misbehave and upload users’ data without permission which confirmed the possibility of privacy leakage through different network channels. The literature has proposed various approaches to protect user’s data and avoid privacy violations. In this paper, we provide a comprehensive overview of state-of-art research on Android user privacy, and data flow control. the aim is to highlight the main trends, pinpoint the main methodologies applied, and enumerate the privacy violations faced by Android users. We also shed some light on the directions where the researcher’s community effort is still needed. To this end, we conduct a Systematic Literature Review (SLR) during which we surveyed 114 relevant research papers published in leading conferences and journals. Our thorough examination of the relevant literature has led to a critical analysis of the proposed solutions with a focus on user privacy extensions and mechanism for the Android mobile platform. Furthermore, possible solutions and research directions have been discussed.
... In addition to this ability, the user may select the "Deny & don't ask again" option, which is displayed to users when the same permission is demanded by the application after denying, in order to always deny the dangerous action demanded by the application. Despite malware in the Android ecosystem is very common and risky, the researchers report that most of the end-users are unaware of the exact meanings and potential risks of granting these permissions, and they simply grant these permissions (Backes et al., 2012;Enck, Ongtang, & McDaniel, 2009;Gibler, Crussell, Erickson, & Chen, 2012;A.T. Kabakus & Dogru, 2018;Kelley et al., 2012;King et al., 2011;Mylonas, Kastania, & Gritzalis, 2013;Singh, Tiwari, & Singh, 2016;Yang et al., 2017). The applications are able to reach sensitive contents (i.e. ...
... Android malware detection approaches in the literature are generally divided into two: (1) Static analysis which focuses on analyzing the application through its source files which are obtained thanks to the reverse engineering techniques without executing the application (Alzaylaee, Yerima, & Sezer, 2017;Enck et al., 2009;Fuchs, Chaudhuri, & Foster, 2009;Grace, Zhou, Zhang, et al., 2012;, and (2) dynamic analysis which executes the application in an isolated environment (i.e. a sandbox, a virtual machine, etc.) to track the behavior (i.e. memory usage, network access, dynamic taint, etc.) and the effects of the application on that isolated environment (Alzaylaee et al., 2017;Chandramohan & Tan, 2012;Liang & Du, 2014;Singh et al., 2016;Suarez-Tangil, Tapiador, Peris-Lopez, & Blasco, 2014). The advantages of static analysis are (1) it is fast compared to dynamic analysis as applications are not actually being executed in an isolated environment, (2) it provide a better code coverage as it evaluates all sources of an application, and (3) according to the related work, they are very effective in terms of malware detection. ...
... Additionally, the popularity of Android applications opens the door to several threats and risks from malware applications. According to Singh et al. [9], these simultaneously increasing mobile malware apps can perform malicious activities, such as misusing the private information of users when sending messages and accessing their contacts and other information. Apart from these, confidential information stored in mobile devices can also be illegally exploited. ...
... However, permission mechanisms can still be considered great defense mechanisms in ensuring that certain applications cannot harm the user data. Because of this, Singh et al. [9] proposed that malware characterization is determined from the manifest file, allowing the user to enhance the efficiency of Android permissions. In this way, the user will be informed of the risks of Android permissions and applications. ...
... It develops permission mechanisms and uses the signature of the app to restrict the user's access to the data. When users requests access to a resource, they need permissions [26]. Android apps have a wealth of resources that can be analyzed. ...
... This can only be done if there is access to the source code. Static analysis is difficult because files that cause destructive functionality need to be identified [26]. This can be accomplished using the debugger included in Android Studio [27]. ...
Full-text available
Conference Paper
In this paper we have set up a system to monitor certain vital parameters such as pulse and body temperature. The application thus developed displays the recorded values and measured sensor data is transmitted through wireless technologies to a mobile computing unit. The application uses a variety of IT systems, both hardware and software. In the first part of the paper is presented the current study of wireless communications. The standard used in the paper is 802.11 (via Wi-Fi). A study on the use of databases using MySQL is also presented. The Raspberry Pi 3 Model B, as a local server, is used to store the data (registered parameters of the sensors). The last part of the paper describes how to send data to an application developed for Android. An intelligent system has been implemented at the application level to allow detection of certain irregularities. These observations are made by analyzing recorded parameters. All information is displayed in a graphical interface. As this application has as main purpose the realization of a complex system that combines various methodologies and solutions, a comparative study of the different current technologies has been carried out in order to highlight the performances and the possibilities for improvement.
... Android malware is growing immensely due to the vast growth of Android users, which poses threat to the security and privacy of Android users. Android malware is known for sending fraudulent SMS, misusing users' private information, devouring traffic, downloading malicious applications, remote control, data exploitation, and other dangerous behaviors [3]. According to some statistics [4], the number of Android-based malware cases rises every year. ...
Full-text available
Article
The Android platform has become the most popular smartphone operating system, which makes it a target for malicious mobile apps. This paper proposes a machine learning-based approach for Android malware detection based on application features. Unlike many prior research that focused exclusively on API Calls and permissions features to improve detection efficiency and accuracy, this paper incorporates applications’ contextual features with API Calls and permissions features. Moreover, the proposed approach extracted a new dataset of static API Calls and permission features using a large dataset of malicious and benign Android APK samples. Furthermore, the proposed approach used the Information Gain algorithm to reduce the API and permission feature space from 527 to the most relevant 50 features only. Several combinations of API Calls, permissions, and contextual features were used. These combinations were fed into different machine-learning algorithms to show the significance of using the selected contextual features in detecting Android malware. The experiments show that the proposed model achieved a very high accuracy of about 99.4% when using contextual features in comparison to 97.2% without using contextual features. Moreover, the paper shows that the proposed approach outperformed the state-of-the-art models considered in this work.
... There have been a lot of malicious attacks when downloading and communicating with the third party. The hacker always tries to intrude and fetch some personal data and the user gives the personal data by clicking the ACCESS to the required permissions [17]. While browsing via mobile phones and communicating online via various social media platforms, there is a need to establish a connection between the source and destination. ...
Full-text available
Article
The Android-based devices are gaining popularity now a day. With the widespread use of smartphones both in private and work-related areas, securing these devices has become of paramount importance. These devices are prone to various security issues of malicious attacks and performance problems. Owners use their smartphones to perform tasks ranging from everyday communication with friends and family to the management of banking accounts and accessing sensitive work-related data. These factors, combined with limitations in administrative device control through owners and security-critical applications, make Android-based smartphones a very attractive target for attackers and malware authors of any kind and motivation. Applications keep and manage diverse intrinsic data as well as sensitive private information such as address books. Smartphones enable swift and easy data exchange via 3G, 4G, and Wi-Fi. Thus, personal information stored on smartphones is prone to leakage. Up until recently, the Android Operating System's security model has succeeded in preventing any significant attacks by malware. This can be attributed to a lack of attack vectors which could be used for self-spreading infections and low sophistication of malicious applications. The research provides a distinctive solution to the security threats being found in the Android operating system. This paper presents a data security and quality enhancement method based on amalgamating quantum attributes into the Android operating system that could effectively solve the issue raised. The paper provides a proposed architecture of Quantum Key distribution being embedded within the Android OS to improve efficiency. However, QKD is a new technology. The research unleashes the possible ways in which quantum could be effectively embedded in smartphones to resolve certain data security problems. Quantum key distribution implements the Android to guard and use in the case of a run-time kernel compromise. That is, even with a fully compromised kernel, an attacker cannot read key material stored in Quantum key.
... One study on ransomware attacks in android environment stated to provide attention on requested permissions by the android applications [29]. However another study claimed that permission mechanism is still very shrunk defense [30]. User group profiling has been incorporated by one study [31] which is automated dynamic analysis based on user behavior. ...
Full-text available
Article
N-gram techniques usually used in Natural Language Processing (NLP). Those techniques along with stacked generalization has been experimented and assessed in the field of android malware detection. Beacuse of the rapidly growing of android users, android malware has become most popular among the attackers. Android malware has become gigantic topics in information security. Various security researchers have already started to propose intelligency based android malware detection. In this paper, a details investigation has been performed to evaluate the effectiveness of unigram, bigram and trigram with stacked generalization. It's been found that with stacking, unigram provides more than 97% of accuracy which is highest detection rate against bigram and trigram. In level 1, Extra Tree (ET), Random Forest (RF) and Gradient Boosting (GB) are used. As a final predictor and meta estimator eXtreme Gradient Boosting (XGBoost) is used. A strong basement to use n-gram techniques in developing android malware detection has been determined from this study.
... Malware-based attacks can probably corrupt and damage the CIA of statistics and communication. A latest survey diagnosed that there are many capacity security answers, such as anti-virus, firewall, Intrusion Prevention gadget, consistent records backups, software patching, and often creating gadget repair points and performing behavior evaluation strategies thru dynamic monitoring [78]. ...
... already explained, Android OS allows developers to easily design apps with full permissions accesses such as data transfer, memory management, network management, etc. Currently, the huge number of Android OS usage and having open-source based apps have made those devices vulnerable encounter malicious users[40]. In other words, hackers can utilize reverse-engineering techniques to obtain sensitive information from the open-source apps and manipulate these apps for their malicious purposes[41]-[43]. ...
Full-text available
Preprint
Nowadays, the usage of smartphones and their applications have become rapidly increasing popular in people's daily life. Over the last decade, availability of mobile money services such as mobile-payment systems and app markets have significantly increased due to the different forms of apps and connectivity provided by mobile devices such as 3G, 4G, GPRS, and Wi-Fi, etc. In the same trend, the number of vulnerabilities targeting these services and communication networks has raised as well. Therefore, smartphones have become ideal target devices for malicious programmers. With increasing the number of vulnerabilities and attacks, there has been a corresponding ascent of the security countermeasures presented by the researchers. Due to these reasons, security of the payment systems is one of the most important issues in mobile payment systems. In this survey, we aim to provide a comprehensive and structured overview of the research on security solutions for smartphone devices. This survey reviews the state of the art on security solutions, threats, and vulnerabilities during the period of 2011-2017, by focusing on software attacks, such those to smartphone applications. We outline some countermeasures aimed at protecting smartphones against these groups of attacks, based on the detection rules, data collections and operating systems, especially focusing on open source applications. With this categorization, we want to provide an easy understanding for users and researchers to improve their knowledge about the security and privacy of smartphones.
Full-text available
Article
The usage of 5G-enabled IoT devices is rising exponentially as humans tend to shift towards a more automated lifestyle. A significant amount of IoT devices is expected to join the network as IoT has allowed interconnection and transmission among global devices which has resulted in generation of enormous diverse data. There is a requirement for a real-time, latency-specific, and network efficient computing paradigm in 5G-enabled smart city infrastructure. Fog computing presents trustworthy solutions to tackle these issues by combining edge users. They store, control, communicate, configure, measure, and manage big data produced by IoT devices. In this survey, the authors have performed a comprehensive study on fog computing and have classified various such paradigms. The authors have performed an extensive evaluation of features, along with the algorithmic and architectural packages deployed in the framework. This survey covers various 5G-enabled Industrial IoT (I-IoT) application settings and unleashes various fog framework-based solutions for numerous real-world application challenges in sustainable smart city infrastructures. Numerous contributions of fog computing towards latency-sensitive applications like healthcare 4.0, smart conveyance, smart waste management, smart energy handling, etc. has also been discussed. Fog computing framework apart from the abilities, also inherits various security flaws from cloud computing paradigm, and these flaws needs to be rectified in the interest of the end user. This survey presents a comprehensive review of state-of-the-art literature schemes to preserve the integrity of data in sustainable smart city infrastructure. Diverse phrases employed for investigating numerous security and privacy concerns in 5G enabled technologies are discussed in a sophisticated approach.
Full-text available
Conference Paper
We examine two privacy controls for Android smartphones that empower users to run permission-hungry applications while protecting private data from being exfiltrated: (1) covertly substituting shadow data in place of data that the user wants to keep private, and (2) blocking network transmissions that contain data the user made available to the application for on-device use only. We retrofit the Android operating system to implement these two controls for use with unmodified applications. A key challenge of imposing shadowing and exfiltration blocking on existing applications is that these controls could cause side effects that interfere with user-desired functionality. To measure the impact of side effects, we develop an automated testing methodology that records screenshots of application executions both with and without privacy controls, then automatically highlights the visual differences between the different executions. We evaluate our privacy controls on 50 applications from the Android Market, selected from those that were both popular and permission-hungry. We find that our privacy controls can successfully reduce the effective permissions of the application without causing side effects for 66% of the tested applications. The remaining 34% of applications implemented user-desired functionality that required violating the privacy requirements our controls were designed to enforce; there was an unavoidable choice between privacy and user-desired functionality.
Full-text available
Conference Paper
ABSTRACT Users have begun downloading,an increasingly large number,of mobile phone applications in response to advancements,in hand- sets and wireless networks. The increased number,of applications results in a greater chance of installing Trojans and similar mal- ware. In this paper, we propose the Kirin security service for An- droid, which performs lightweight certification of applications to mitigate malware,at install time. Kirin certification uses security rules, which are templates designed to conservatively match unde- sirable properties in security configuration bundled with applica- tions. We use a variant of security requirements engineering tech- niques to perform an in-depth security analysis of Android to pro- duce a set of rules that match malware,characteristics. In a sam- ple of 311 of the most popular applications downloaded,from the official Android Market, Kirin and our rules found 5 applications that implement,dangerous functionality and therefore should be in- stalled with extreme caution. Upon close inspection, another five applications asserted dangerous rights, but were within the scope of reasonable functional needs. These results indicate that security configuration bundled with Android applications provides practical means of detecting malware. Categories and Subject Descriptors D.4.6 [Operating Systems]: Security and Protection General Terms Security Keywords mobile phone security, malware, Android
Full-text available
Conference Paper
Modern smartphone operating systems support the development of third-party applications with open system APIs. In addition to an open API, the Android operating system also provides a rich inter-application message passing system. This encourages inter-application collaboration and reduces developer burden by facilitating component reuse. Unfortunately, message passing is also an application attack surface. The content of messages can be sniffed, modified, stolen, or replaced, which can compromise user privacy. Also, a malicious application can inject forged or otherwise malicious messages, which can lead to breaches of user data and violate application security policies. We examine Android application interaction and identify security risks in application components. We provide a tool, ComDroid, that detects application communication vulnerabilities. ComDroid can be used by developers to analyze their own applications before release, by application reviewers to analyze applications in the Android Market, and by end users. We analyzed 20 applications with the help of ComDroid and found 34 exploitable vulnerabilities; 12 of the 20 applications have at least one vulnerability.
(https://sites.google.com/site
  • D Bornstein
  • Vm Dalvik
  • Internals
D. Bornstein, Dalvik VM Internals, 2008.(https://sites.google.com/site/io/dalvik-vminternals)
Android Security and Permissions
  • Google
Google, Android Security and Permissions, 2013.(http://d.android.com/guide/topics /security.html)
Using static analysis on android applications to identify private information leaks
  • K Luo
K. Luo, "Using static analysis on android applications to identify private information leaks," Master Dissertation of Kansas State University, 2011.
Freemarket: shopping for free in android applications
  • D Reynaud
  • D Song
  • T Magrino
  • E Wu
  • R Shin
D. Reynaud, D. Song, T. Magrino, E. Wu, and R. Shin, "Freemarket: shopping for free in android applications," in 19th Annual Network & Distributed System Security Symposium, Hilton San Diego, USA,Feb. 2012.
Dex2jar: Tools to Work with Android .dex and java .classes
  • Google
Google, Dex2jar: Tools to Work with Android.dex and java.classes, 2013. (http://code. google. com/p/ dex2jar/)