Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications

Batyuk, Leonid, Herpich, Markus, Camtepe, Seyit A., Raddatz, Karsten, Schmidt, Aubrey-Derrick, & Albayrak, Sahin (2011) Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications. In Proceedings of the 6th International Conference on Malicious and Unwanted Software (MALWARE 2011), IEEE Conference Publications, Fajardo, Puerto Rico, USA, pp. 66-72.

View at publisher

Abstract

In the last decade, smartphones have gained widespread usage. Since the advent of online application stores, hundreds of thousands of applications have become instantly available to millions of smart-phone users. Within the Android ecosystem, application security is governed by digital signatures and a list of coarse-grained permissions. However, this mechanism is not fine-grained enough to provide the user with a sufficient means of control of the applications' activities. Abuse of highly sensible private information such as phone numbers without users' notice is the result. We show that there is a high frequency of privacy leaks even among widely popular applications. Together with the fact that the majority of the users are not proficient in computer security, this presents a challenge to the engineers developing security solutions for the platform. Our contribution is twofold: first, we propose a service which is able to assess Android Market applications via static analysis and provide detailed, but readable reports to the user. Second, we describe a means to mitigate security and privacy threats by automated reverse-engineering and refactoring binary application packages according to the users' security preferences.

Impact and interest:

35 citations in Scopus
Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

ID Code: 58298
Item Type: Conference Paper
Refereed: Yes
Keywords: data privacy, mobile computing, Android Market application, application security, binary application package refactoring, coarse-grained permission, static analysis
DOI: 10.1109/MALWARE.2011.6112328
ISBN: 9781467300315
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
Divisions: Current > Schools > School of Electrical Engineering & Computer Science
Past > Institutes > Information Security Institute
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Copyright Owner: Copyright 2011 IEEE
Deposited On: 14 Mar 2013 23:24
Last Modified: 16 Jul 2013 23:39

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page