Android Application Security Scanning Process

Almomani, Iman; Alenezi, Mamdouh

doi:10.5772/intechopen.86661

Cited by 7 publications

(4 citation statements)

References 50 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…From the application developers' perspective, it is considered the most important layer because their work is mainly to develop applications that could run on top of the application framework layer and utilize the services provided by this application framework layer. More specifically, the framework layer provides access to all the APIs of the lower layer, to various hardware and software resources [11].…”

Section: Application Frameworkmentioning

confidence: 99%

“…e applications are generally coded with the Java language that allows developers to code the program once and run it on multiple platforms. Along with applications developed by software developers, there are many systemlevel applications such as desktops, contacts, e-mail, and browsers [11]. e Android application mainly contains four components which are Activities, Services, Content Providers, and Broadcast receivers that provide a strong link among each other to build up the Android application.…”

Section: Applications Layermentioning

confidence: 99%

See 1 more Smart Citation

Survey on Reverse-Engineering Tools for Android Mobile Devices

Albakri

Fatima

Mohammed

et al. 2022

Mathematical Problems in Engineering

View full text Add to dashboard Cite

With the presence of the Internet and the frequent use of mobile devices to send several transactions that involve personal and sensitive information, it becomes of great importance to consider the security aspects of mobile devices. And with the increasing use of mobile applications that are utilized for several purposes such as healthcare or banking, those applications have become an easy and attractive target for attackers who want to get access to mobile devices and obtain users’ sensitive information. Developing a secure application is very important; otherwise, attackers can easily exploit vulnerabilities in mobile applications which lead to serious security issues such as information leakage or injecting applications with malicious programs to access user data. In this paper, we survey the literature on application security on mobile devices, specifically mobile devices running on the Android platform, and exhibit security threats in the Android system. In addition, we study many reverse-engineering tools that are utilized to exploit vulnerabilities in applications. We demonstrate several reverse-engineering tools in terms of methodology, security holes that can be exploited, and how to use these tools to help in developing more secure applications.

show abstract

Section: Application Frameworkmentioning

confidence: 99%

Section: Applications Layermentioning

confidence: 99%

Survey on Reverse-Engineering Tools for Android Mobile Devices

Albakri

Fatima

Mohammed

et al. 2022

Mathematical Problems in Engineering

View full text Add to dashboard Cite

show abstract

“…plication can be customized for a particular device model by the manufacturers based on the vendors requirements. Whereas the user applications, the third-party apps, can be downloaded from various market stores such as Google Play, Anzhi, and AppChina [30], [31]. The third-party applications are developed by individual developers, that can include benign and malicious applications.…”

Section: Android Applicationsmentioning

confidence: 99%

A Comprehensive Analysis of the Android Permissions System

Almomani

Alkhayer

2020

IEEE Access

View full text Add to dashboard Cite

Android is one of the most essential and highly used operating systems. Android permissions system is a core security component that offers an access-control mechanism to protect system resources and users' privacy. As such, it has experienced continuous change over each Android release. However, previous research on the permissions system has employed static analysis techniques. Furthermore, most of these studies are outdated, covering older versions of Android. This paper aims to discuss the permissions system intensively to provide a nutshell overview of the Android platform's access-control mechanism. The paper presents a comprehensive analysis of the Android permissions system since it was introduced in 2008 until now, accompanied by a formal model of its components. The results of the analysis reveal a continuous growth in the number of permissions since the original release-a growth of seven times in some permission categories. A case study has been conducted for the last five years' versions of the top Android apps to examine the permissions system's evolution and its attendant security issues from the applications' perspective. Some apps showed an increase in permissions usage of 73.33% by the 2020 release. Additionally, the results of the case study contribute to the understanding of permissions deployment by both vendors and developers. Finally, a discussion of the permission-based security enhancements discloses that the Android permissions system faces various security issues. In general, this paper provides researchers and academics an up-to-date, comprehensive, self-contained reference study of the Android permissions system.

show abstract

“…Static analysis is an effective mechanism in any Android malware or ransomware detection system [28] and API calls feature is a key static metric that is utilized to identify malicious behaviors [29][30][31]. Therefore, this paper provides a deep analysis of API calls to investigate the extent of their influence on the accuracy of the detection process.…”

Section: Introductionmentioning

confidence: 99%

Ransomware Detection System for Android Applications

Alsoghyer

Almomani

2019

Electronics

Self Cite

View full text Add to dashboard Cite

Android ransomware is one of the most threatening attacks nowadays. Ransomware in general encrypts or locks the files on the victim's device and requests a payment in order to recover them. The available technologies are not enough as new ransomwares employ a combination of techniques to evade anti-virus detection. Moreover, the literature counts only a few studies that have proposed static and/or dynamic approaches to detect Android ransomware in particular. Additionally, there are plenty of open-source malware datasets; however, the research community is still lacking ransomware datasets. In this paper, the state-of-the-art of Android ransomware detection approaches were investigated. A deep comparative analysis was conducted which shed the key differences among the existing solutions. An application programming interface (API)-based ransomware detection system (API-RDS) was proposed to provide a static analysis paradigm for detecting Android ransomware apps. API-RDS focuses on examining API packages' calls as leading indicator of ransomware activity to discriminate ransomware with high accuracy before it harms the user's device. API packages' calls of both benign and ransomware apps were thoroughly analyzed and compared. Significant API packages with corresponding methods were identified. The experimental results show that API-RDS outperformed other recent related approaches. API-RDS achieved 97% accuracy while reducing the complexity of the classification model by 26% due to features reduction. Moreover, this research designed a proactive mechanism based on a high quality unique ransomware dataset without duplicated samples. 2959 ransomware samples were collected, tested and reduced by almost 83% due to samples duplication. This research also contributes to constructing an up-to-date, unique dataset that covers the majority of existing Android ransomware families and recent clean apps that could be used as a labeled reference for research community.

show abstract

Android Application Security Scanning Process

Cited by 7 publications

References 50 publications

Survey on Reverse-Engineering Tools for Android Mobile Devices

Survey on Reverse-Engineering Tools for Android Mobile Devices

A Comprehensive Analysis of the Android Permissions System

Ransomware Detection System for Android Applications

Contact Info

Product

Resources

About