Interactively verifying absence of explicit information flows in Android apps

BastaniOsbert,; AnandSaswat,; AikenAlex,

doi:10.1145/2858965.2814274

Cited by 3 publications

(1 citation statement)

References 63 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although we have added extensions that support threading classes such as AsyncTask, Thread, and Runnable, it is not complete. Discovering Android's implicit callbacks is an active area of research, and a number of studies [37][38][39] are currently devoted to addressing this issue.…”

Section: Limitationsmentioning

confidence: 99%

Large-Scale Analysis of Remote Code Injection Attacks in Android Apps

Choi

Kim

2018

Security and Communication Networks

View full text Add to dashboard Cite

It is pretty well known that insecure code updating procedures for Android allow remote code injection attack. However, other than codes, there are many resources in Android that have to be updated, such as temporary files, images, databases, and configurations (XML and JSON). Security of update procedures for these resources is largely unknown. This paper investigates general conditions for remote code injection attacks on these resources. Using this, we design and implement a static detection tool that automatically identifies apps that meet these conditions. We apply the detection tool to a large dataset comprising 9,054 apps, from three different types of datasets: official market, third-party market, and preinstalled apps. As a result, 97 apps were found to be potentially vulnerable, with 53 confirmed as vulnerable to remote code injection attacks.

show abstract

Section: Limitationsmentioning

confidence: 99%

Large-Scale Analysis of Remote Code Injection Attacks in Android Apps

Choi

Kim

2018

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

Android security assessment: A review, taxonomy and research gap study

Garg

Baliyan

2021

Computers & Security

View full text Add to dashboard Cite

Software engineering techniques for statically analyzing mobile apps: research trends, characteristics, and potential for industrial adoption

Autili

Malavolta

Perucci

et al. 2021

J Internet Serv Appl

View full text Add to dashboard Cite

Mobile platforms are rapidly and continuously changing, with support for new sensors, APIs, and programming abstractions. Static analysis is gaining a growing interest, allowing developers to predict properties about the run-time behavior of mobile apps without executing them. Over the years, literally hundreds of static analysis techniques have been proposed, ranging from structural and control-flow analysis to state-based analysis.In this paper, we present a systematic mapping study aimed at identifying, evaluating and classifying characteristics, trends and potential for industrial adoption of existing research in static analysis of mobile apps. Starting from over 12,000 potentially relevant studies, we applied a rigorous selection procedure resulting in 261 primary studies along a time span of 9 years. We analyzed each primary study according to a rigorously-defined classification framework. The results of this study give a solid foundation for assessing existing and future approaches for static analysis of mobile apps, especially in terms of their industrial adoptability.Researchers and practitioners can use the results of this study to (i) identify existing research/technical gaps to target, (ii) understand how approaches developed in academia can be successfully transferred to industry, and (iii) better position their (past and future) approaches for static analysis of mobile apps.

show abstract

Interactively verifying absence of explicit information flows in Android apps

Cited by 3 publications

References 63 publications

Large-Scale Analysis of Remote Code Injection Attacks in Android Apps

Large-Scale Analysis of Remote Code Injection Attacks in Android Apps

Android security assessment: A review, taxonomy and research gap study

Software engineering techniques for statically analyzing mobile apps: research trends, characteristics, and potential for industrial adoption

Contact Info

Product

Resources

About