Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications
Batyuk, Leonid, Herpich, Markus, Camtepe, Seyit A., Raddatz, Karsten, Schmidt, Aubrey-Derrick, & Albayrak, Sahin (2011) Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications. In Proceedings of the 6th International Conference on Malicious and Unwanted Software (MALWARE 2011), IEEE Conference Publications, Fajardo, Puerto Rico, USA, pp. 66-72.
In the last decade, smartphones have gained widespread usage. Since the advent of online application stores, hundreds of thousands of applications have become instantly available to millions of smart-phone users. Within the Android ecosystem, application security is governed by digital signatures and a list of coarse-grained permissions. However, this mechanism is not fine-grained enough to provide the user with a sufficient means of control of the applications' activities. Abuse of highly sensible private information such as phone numbers without users' notice is the result. We show that there is a high frequency of privacy leaks even among widely popular applications. Together with the fact that the majority of the users are not proficient in computer security, this presents a challenge to the engineers developing security solutions for the platform. Our contribution is twofold: first, we propose a service which is able to assess Android Market applications via static analysis and provide detailed, but readable reports to the user. Second, we describe a means to mitigate security and privacy threats by automated reverse-engineering and refactoring binary application packages according to the users' security preferences.
Impact and interest:
Citation counts are sourced monthly from and citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.
Citations counts from theindexing service can be viewed at the linked Google Scholar™ search.
|Item Type:||Conference Paper|
|Keywords:||data privacy, mobile computing, Android Market application, application security, binary application package refactoring, coarse-grained permission, static analysis|
|Subjects:||Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)|
|Divisions:||Current > Schools > School of Electrical Engineering & Computer Science
Past > Institutes > Information Security Institute
Current > QUT Faculties and Divisions > Science & Engineering Faculty
|Copyright Owner:||Copyright 2011 IEEE|
|Deposited On:||14 Mar 2013 23:24|
|Last Modified:||16 Jul 2013 23:39|
Repository Staff Only: item control page