Driving Execution of Target Paths in Android Applications with (a) CAR

Wong, Michelle Y.; Lie, David

doi:10.1145/3488932.3497765

Cited by 3 publications

(2 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Wong et al [34] proposed a framework using a usercentric anomaly detection method to detect invalid data dependencies between user input arguments and sensitive features. The asynchronous characteristics of the Android Application Programming Interface (API) and the ICC are considered to investigate control flow analysis.…”

Section: Related Workmentioning

confidence: 99%

Detection of Sensitive Malicious Android Functionalities using Inter-component Control-flow Analysis

Bhan,

Faruki,

Pamula

2024

IEEE Access

View full text Add to dashboard Cite

Android Smartphone's popularity among users and developers is due to its open architecture and third-party apps. The exponential growth of third-party developer apps needs a robust code audit before upload. The weak program analysis at app stores adversely affects security. Third-party developers can update the app to introduce malicious activities. Sensitive sensor hardware and software resources are exfiltrated for leaking sensitive user data like messages, contacts, audio, and images. Malicious hidden features undermine user permission, including short message service (SMS), audio and video recording, voice calls, and image capturing. This paper treats the covert activities as called malicious features. The paper proposes a robust inter-component communication (ICC) based detection approach to identify such hidden functionality exploited by adversaries. The proposed technique detects sensitive features exploited by persistent malware without user knowledge. Despite the asynchronous characteristics of the ICC Application Programming Interface (API), we develop a precise ICC-based component-interaction graph (CIG) from the app bytecode. Moreover, we enrich the CIG with data flow analysis to identify the component reachability utilizing malicious features from legitimate user interactions. The proposed static app analysis framework identifies the prominent malware which exploits sensitive device resources. We assessed 25K benign and 13.3K malicious apps from 211 malware families with a classification rate of 0.40 % false positive (FP) and 0.37 % false negative (FN), better than existing state-of-the-art. In addition, we detect hidden features in unseen apps that subvert traditional antimalware.

show abstract

Section: Related Workmentioning

confidence: 99%

Detection of Sensitive Malicious Android Functionalities using Inter-component Control-flow Analysis

Bhan,

Faruki,

Pamula

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Other techniques use static analysis to discover dependencies between different application components, and use it during the dynamic exploration [15], [43], [25], [38], [23], [14]. Another guided exploration technique CAR [45] uses a static constraint analysis to keep the symbolic execution scalable and obviate the need for whole program symbolic execution. In contrast, COLUMBUS aims to maximize coverage similar to other app testing tools limiting the scope of the symbolic execution only within the callback and sets up the environment in an underconstrained manner.…”

Section: Related Workmentioning

confidence: 99%

Columbus: Android App Testing Through Systematic Callback Exploration

Bose¹,

Das²,

Vasan³

et al. 2023

Preprint

View full text Add to dashboard Cite

With the continuous rise in the popularity of Android mobile devices, automated testing of apps has become more important than ever. Android apps are event-driven programs. Unfortunately, generating all possible types of events by interacting with an app's interface is challenging for an automated testing approach. Callback-driven testing eliminates the need for event generation by directly invoking app callbacks. However, existing callback-driven testing techniques assume prior knowledge of Android callbacks, and they rely on a human expert, who is familiar with the Android API, to write stub code that prepares callback arguments before invocation. Since the Android API is very large and keeps evolving, prior techniques could only support a small fraction of callbacks present in the Android framework.In this work, we introduce COLUMBUS, a callback-driven testing technique that employs two strategies to eliminate the need for human involvement: (i) it automatically identifies callbacks by simultaneously analyzing both the Android framework and the app under test; (ii) it uses a combination of under-constrained symbolic execution (primitive arguments), and type-guided dynamic heap introspection (object arguments) to generate valid and effective inputs. Lastly, COLUMBUS integrates two novel feedback mechanisms-data dependency and crash-guidanceduring testing to increase the likelihood of triggering crashes and maximizing coverage. In our evaluation, COLUMBUS outperforms state-of-the-art model-driven, checkpoint-based, and callbackdriven testing tools both in terms of crashes and coverage.

show abstract