CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes

Carter, Patrick; Mulliner, Collin; Lindorfer, Martina; Robertson, William; Kirda, Engin

doi:10.1007/978-3-662-54970-4_13

Cited by 22 publications

(19 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If the difference is not large and there is a relatively large standard deviation, then we indicate that the app is highly variable; otherwise, the app's privacy is labeled as similar. 16 Using this approach, we calculated the following fractions of apps in each category: better (26.3%), worse (51.1%), similar (9.5%) and variable (13.1%). Thus, while a quarter of apps are getting better with respect to privacy, twice as many are getting worse over time and only a small fraction stay the same.…”

Section: B Combining Dimensionsmentioning

confidence: 99%

“…While taint tracking can ensure coverage of all PII leaks (even those that are obfuscated), it requires some form of interaction with running apps to trigger leaks. Typically, researchers use automated "UI monkeys" [33], [44] for random exploration or more structured approaches [16], [37] to generate synthetic user actions; however, prior work showed that this can underestimate PII leaks compared to manual (human) interactions [50].…”

Section: Related Workmentioning

confidence: 99%

“…For this tool, we currently focus primarily on PII leak types, and allow the user to set relative leak severity for each PII category (denoted as s(t) in Table IX); further, we compress our binary representation into a 15 Again, different scaling factors on each dimension can represent different relative risks between dimensions. 16 The thresholds (θ D , θ S ) were chosen heuristically, using 1.5 and 0.45 respectively. Users can explore other options via the web interface.…”

Section: Privacy Risk Visualizationmentioning

confidence: 99%

See 2 more Smart Citations

Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions

Ren

Lindorfer

Dubois

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

Abstract-Is mobile privacy getting better or worse over time? In this paper, we address this question by studying privacy leaks from historical and current versions of 512 popular Android apps, covering 7,665 app releases over 8 years of app version history. Through automated and scripted interaction with apps and analysis of the network traffic they generate on real mobile devices, we identify how privacy changes over time for individual apps and in aggregate. We find several trends that include increased collection of personally identifiable information (PII) across app versions, slow adoption of HTTPS to secure the information sent to other parties, and a large number of third parties being able to link user activity and locations across apps. Interestingly, while privacy is getting worse in aggregate, we find that the privacy risk of individual apps varies greatly over time, and a substantial fraction of apps see little change or even improvement in privacy. Given these trends, we propose metrics for quantifying privacy risk and for providing this risk assessment proactively to help users balance the risks and benefits of installing new versions of apps.

show abstract

Section: B Combining Dimensionsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Privacy Risk Visualizationmentioning

confidence: 99%

See 1 more Smart Citation

Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions

Ren

Lindorfer

Dubois

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

show abstract

“…(1) Behavioral Modeling: Mariconti et al's MAMADROID [26] builds from static analysis, a behavioral model of malware samples, relying on the sequences of abstracted API calls; this yields higher accuracy than state of the art, while also providing higher resilience to API changes and reducing the need to re-train models. (2) Input Generators: previous work [4,9,24] has introduced input generators that aim to mimic app usage by humans, more effectively than the standard Android pseudorandom input generator (Monkey), thus improving the chances of triggering malicious code during execution. (3) Hybrid Analysis: by combining static and dynamic analysis, hybrid analysis has been used to try and get the best of the two worlds, typically, following two possible strategies.…”

Section: Introductionmentioning

confidence: 99%

“…One approach is to use static analysis to gather information about the apps under analysis (e.g., intent filters an app listens for, execution paths to specific API calls, etc.) and then ensuring that all execution paths of interest are triggered during the dynamic analysis stage [9,40]; in the other, features extracted using static analysis (e.g., permissions, API calls, etc.) are combined with those from dynamic analysis (e.g., file access, networking events, etc.…”

Section: Introductionmentioning

confidence: 99%

A Family of Droids-Android Malware Detection via Behavioral Modeling: Static vs Dynamic Analysis

Onwuzurike

Almeida

Mariconti

et al. 2018

2018 16th Annual Conference on Privacy, Security and Trust (PST)

View full text Add to dashboard Cite

Following the increasing popularity of mobile ecosystems, cybercriminals have increasingly targeted them, designing and distributing malicious apps that steal information or cause harm to the device's owner. Aiming to counter them, detection techniques based on either static or dynamic analysis that model Android malware, have been proposed. While the pros and cons of these analysis techniques are known, they are usually compared in the context of their limitations e.g., static analysis is not able to capture runtime behaviors, full code coverage is usually not achieved during dynamic analysis, etc. Whereas, in this paper, we analyze the performance of static and dynamic analysis methods in the detection of Android malware and attempt to compare them in terms of their detection performance, using the same modeling approach.To this end, we build on MAMADROID, a state-of-the-art detection system that relies on static analysis to create a behavioral model from the sequences of abstracted API calls. Then, aiming to apply the same technique in a dynamic analysis setting, we modify CHIMP, a platform recently proposed to crowdsource human inputs for app testing, in order to extract API calls' sequences from the traces produced while executing the app on a CHIMP virtual device. We call this system AUN-TIEDROID and instantiate it by using both automated (Monkey) and user-generated inputs. We find that combining both static and dynamic analysis yields the best performance, with F -measure reaching 0.92. We also show that static analysis is at least as effective as dynamic analysis, depending on how apps are stimulated during execution, and, finally, investigate the reasons for inconsistent misclassifications across methods.

show abstract

TAESim: A Testbed for IoT Security Analysis of Trigger-Action Environment

Ban

Ding

Liu

et al. 2022

Computer Security. ESORICS 2021 International Workshops

View full text Add to dashboard Cite

CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes

Cited by 22 publications

References 16 publications

Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions

Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions

A Family of Droids-Android Malware Detection via Behavioral Modeling: Static vs Dynamic Analysis

TAESim: A Testbed for IoT Security Analysis of Trigger-Action Environment

Contact Info

Product

Resources

About