AsDroid: detecting stealthy behaviors in Android applications by user interface and program behavior contradiction

Huang, Jianjun; Zhang, Xiangyu; Tan, Lin; Wang, Peng; Liang, Bin

doi:10.1145/2568225.2568301

Cited by 177 publications

(100 citation statements)

References 12 publications

(13 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, those tools are not able to detect ICC leaks. AsDroid [25] and AppIntent [48] are two other tools using static analysis to detect privacy leaks in Android apps. Both of them try to analyze if a data leak is a feature of the application or not.…”

Section: Related Workmentioning

confidence: 99%

IccTA: Detecting Inter-Component Privacy Leaks in Android Apps

Bartel

Bissyandé³

et al. 2015

2015 IEEE/ACM 37th IEEE International Conference on Software Engineering

390

360

View full text Add to dashboard Cite

Abstract-Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating wallpapers) and (2) use the device microphone (to change background following noise changes). With these permissions, the application could silently record user conversations and upload them remotely. To give more confidence about how Shake Them All actually processes what it records, it is necessary to build a precise analysis tool that tracks the flow of any sensitive data from its source point to any sink, especially if those are in different components.Since Android applications may leak private data carelessly or maliciously, we propose IccTA, a static taint analyzer to detect privacy leaks among components in Android applications. IccTA goes beyond state-of-the-art approaches by supporting intercomponent detection. By propagating context information among components, IccTA improves the precision of the analysis. IccTA outperforms existing tools on two benchmarks for ICC-leak detectors: DroidBench and ICC-Bench. Moreover, our approach detects 534 ICC leaks in 108 apps from MalGenome and 2,395 ICC leaks in 337 apps in a set of 15,000 Google Play apps.

show abstract

Section: Related Workmentioning

confidence: 99%

IccTA: Detecting Inter-Component Privacy Leaks in Android Apps

Bartel

Bissyandé³

et al. 2015

2015 IEEE/ACM 37th IEEE International Conference on Software Engineering

390

360

View full text Add to dashboard Cite

show abstract

“…Because it is unrealistic to implement a brute-force technique to the password, we simply exclude such apps from our analysis. However, to allow tools such as FlowDroid to continue their analyses, we propose an instrumentation that conservatively solves this problem: we explicitly mock all the classes, methods and fields that are reported by the RAM module 7 but are not existing in the current class path 7 This means that we only take into account reflective calls.…”

Section: Bom -Booster Modulementioning

confidence: 99%

“…We have conducted a quick review of recent contributions on static analysis-based approaches for Android, and have found that over 90% of around 90 publications [5] from top conferences (including ICSE and ISSTA) do not tackle reflection. Indeed, most state-of-the-art approaches and tools for static analysis of Android simply ignore the use of reflection [6,7] or may treat it partially [8,9]. By doing so, the literature has produced tools that provide analysis results which are incomplete, since some parts of the program may not be included in the app call graph, and unsound, since the analysis does not take into account some hidden method invocations or potential writes to object fields.…”

Section: Introductionmentioning

confidence: 99%

DroidRA: taming reflection to support whole-program analysis of Android apps

Bissyandé

Octeau

et al. 2016

Proceedings of the 25th International Symposium on Software Testing and Analysis

130

View full text Add to dashboard Cite

Android developers heavily use reflection in their apps for legitimate reasons, but also significantly for hiding malicious actions. Unfortunately, current state-of-the-art static analysis tools for Android are challenged by the presence of reflective calls which they usually ignore. Thus, the results of their security analysis, e.g., for private data leaks, are inconsistent given the measures taken by malware writers to elude static detection. We propose the DroidRA instrumentationbased approach to address this issue in a non-invasive way. With DroidRA, we reduce the resolution of reflective calls to a composite constant propagation problem. We leverage the COAL solver to infer the values of reflection targets and app, and we eventually instrument this app to include the corresponding traditional Java call for each reflective call. Our approach allows to boost an app so that it can be immediately analyzable, including by such static analyzers that were not reflection-aware. We evaluate DroidRA on benchmark apps as well as on real-world apps, and demonstrate that it can allow state-of-the-art tools to provide more sound and complete analysis results.

show abstract

“…Moreover, the permissions stated in the Android-Manifest.xml are not necessarily employed by the App [8,9]. Several researches considered the API call used in the apps' code to differentiate between malware and goodware apps [10,11,12,13,14]. However, these methods need many API calls for malware classification.…”

Section: Introductionmentioning

confidence: 99%

Using Weighted Bipartite Graph for Android Malware Classification

Altaher¹

2017

ijacsa

View full text Add to dashboard Cite

Abstract-The complexity and the number of mobile malware are increasing continually as the usage of smartphones continue to rise. The popularity of Android has increased the number of malware that target Android-based smartphones. Developing efficient and effective approaches for Android malware classification is emerging as a new challenge. This paper introduces an effective Android malware classifier based on the weighted bipartite graph. This classifier includes two phases: in the first phase, the permissions and API Calls used in the Android app are utilized to construct the weighted bipartite graph; the feature importance scores are integrated as weights in the bipartite graph to improve the discrimination between malware and goodware apps, by incorporating extra meaningful information into the graph structure. The second phase applied multiple classifiers to categorise the Android application as a malware or goodware. The results using an Android malware dataset consists of different malware families, showing the effectiveness of our approach toward Android malware classification.

show abstract

AsDroid: detecting stealthy behaviors in Android applications by user interface and program behavior contradiction

Cited by 177 publications

References 12 publications

IccTA: Detecting Inter-Component Privacy Leaks in Android Apps

IccTA: Detecting Inter-Component Privacy Leaks in Android Apps

DroidRA: taming reflection to support whole-program analysis of Android apps

Using Weighted Bipartite Graph for Android Malware Classification

Contact Info

Product

Resources

About