IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware

Wong, Michelle Y.; Lie, David

doi:10.14722/ndss.2016.23118

Cited by 158 publications

(96 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In past years, symbolic execution has made big progress. Several static approaches (such as Intellidroid [39] and TriggerScope [18]) were proposed to vet Android apps using symbolic execution. However, these static approaches may have both higher false positives and negatives in the context faced in this paper.…”

Section: Eoe Countermeasure Discussionmentioning

confidence: 99%

Automated Generation of Event-Oriented Exploits in Android Hybrid Apps

Yang

Huang

2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-Recently more and more Android apps integrate the embedded browser, known as "WebView", to render web pages and run JavaScript code without leaving these apps. WebView provides a powerful feature that allows event handlers defined in the native context (i.e., Java in Android) to handle web events that occur in WebView. However, as shown in prior work, this feature suffers from remote attacks, which we generalize as EventOriented Exploit (EOE) in this paper, such that adversaries may remotely access local critical functionalities through event handlers in WebView without any permission or authentication.In this paper, we propose a novel approach, EOEDroid, which can automatically vet event handlers in a given hybrid app using selective symbolic execution and static analysis. If a vulnerability is found, EOEDroid also automatically generates exploit code to help developers and analysts verify the vulnerability. To support exploit code generation, we also systematically study web events, event handlers and their trigger constraints.We evaluated our approach on 3,652 most popular apps. The result showed that our approach found 97 total vulnerabilities in 58 apps, including 2 cross-frame DOM manipulation, 53 phishing, 30 sensitive information leakage, 1 local resources access, and 11 Intent abuse vulnerabilities. We also found a potential backdoor in a high profile app that could be used to steal users' sensitive information, such as IMEI. Even though developers attempted to close it, EOEDroid found that adversaries were still able to exploit it by triggering two events together and feeding event handlers with well designed input.

show abstract

Section: Eoe Countermeasure Discussionmentioning

confidence: 99%

Automated Generation of Event-Oriented Exploits in Android Hybrid Apps

Yang

Huang

2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Our results are based on the traffic of the apps that could be captured. We also use Monkey to automate the user input generation, and the proposed study will benefit from the advancement of input generation tools [25] to improve the coverage. App execution time.…”

Section: E Rural Area Vs Urban Area Location-based Mobile Trackingmentioning

confidence: 99%

Characterizing Location-based Mobile Tracking in Mobile Ad Networks

Lin

Zheng

et al. 2019

2019 IEEE Conference on Communications and Network Security (CNS)

View full text Add to dashboard Cite

Mobile apps nowadays are often packaged with third-party ad libraries to monetize user data. Many mobile ad networks exploit these mobile apps to extract sensitive real-time geographical data about the users for location-based targeted advertising. However, the massive collection of sensitive information by the ad networks has raised serious privacy concerns. Unfortunately, the extent and granularity of private data collection of the location-based ad networks remain obscure. In this work, we present a mobile tracking measurement study to characterize the severity and significance of location-based private data collection in mobile ad networks, by using an automated fine-grained data collection instrument running across different geographical areas. We perform extensive threat assessments for different ad networks using 1,100 popular apps running across 10 different cities. This study discovers that the number of locationbased ads tend to be positively correlated with the population density of locations, ad networks' data collection behaviors differ across different locations, and most ad networks are capable of collecting precise location data. Detailed analysis further reveals the significant impact of geolocation on the tracking behavior of targeted ads, and a noteworthy security concern for advertising organizations to aggregate different types of private user data across multiple apps for a better targeted ad experience.

show abstract

“…IntentFuzzer uses fuzzing framework to identify exposed and vulnerable interfaces [38]. IntelliDroid aims to generate inputs for dynamic analysis [37]. App-pair security.…”

Section: Related Workmentioning

confidence: 99%

Collusive Data Leak and More

Bosu

Liu

Yao

et al. 2017

Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

Inter-Component Communication (ICC) provides a message passing mechanism for data exchange between Android applications. It has been long believed that inter-app ICCs can be abused by malware writers to launch collusion attacks using two or more apps. However, because of the complexity of performing pairwise program analysis on apps, the scale of existing analyses is too small (e.g., up to several hundred) to produce concrete security evidence. In this paper, we report our findings in the first large-scale detection of collusive and vulnerable apps, based on inter-app ICC data flows among 110,150 real-world apps. Our system design aims to balance the accuracy of static ICC resolution/data-flow analysis and run-time scalability. This large-scale analysis provides real-world evidence and deep insights on various types of inter-app ICC abuse. Besides the empirical findings, we make several technical contributions, including a new open-source ICC resolution tool with improved accuracy over the state-of-the-art, and a large database of inter-app ICCs and their attributes.

show abstract

IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware

Cited by 158 publications

References 31 publications

Automated Generation of Event-Oriented Exploits in Android Hybrid Apps

Automated Generation of Event-Oriented Exploits in Android Hybrid Apps

Characterizing Location-based Mobile Tracking in Mobile Ad Networks

Collusive Data Leak and More

Contact Info

Product

Resources

About