Signature generation for sensitive information leakage in android applications

Kuzuno, Hiroki; Tonami, Satoshi

doi:10.1109/icdew.2013.6547438

Cited by 11 publications

(11 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Network permission is the most popular permission among Android apps [42,43] which suggest that Android apps are highly dependent on internet access. This has pushed the research community to study network-related aspects of mobile apps, and in particular: (i) network traffic profiling/characterization/usage [5,6,[43][44][45][46][47][48][49][50]; (ii) security and privacy concerns, namely how private information is being manipulated and protected in apps [7,8,[51][52][53][54][55]; and (iii) network-related vulnerable scenarios which can be exploited by mischievous attackers [9,56,57]. To the best of our knowledge, our study is the first one empirically analyzing Eventual Connectivity issues in Android apps.…”

Section: Related Workmentioning

confidence: 99%

“…As a consequence, it is unknown the prevalence of those issues and their impact on the quality as perceived by users. Indeed, state-of-the-art studies are mostly devoted to (i) network traffic characterization [5,6], (ii) its security and privacy implications [7,8], and (iii) possible exploitable scenarios addressed by malicious agents [9]. Previous studies have indeed focused on cataloging bugs/crashes for mobile apps in general [10], and bugs/crashes specific to quality attributes such as performance [11][12][13][14][15], security [16][17][18], behavioral/GUI inconsistency [19][20][21][22], and energy consumption [23][24][25][26][27].…”

mentioning

confidence: 99%

See 1 more Smart Citation

Studying Eventual Connectivity Issues in Android Apps

Escobar-Velásquez,

Mazuera-Rozo,

Bedoya

et al. 2021

Preprint

View full text Add to dashboard Cite

Mobile apps have become indispensable for daily life, not only for individuals but also for companies/organizations that offer their services digitally. Inherited by the mobility of devices, there are no limitations regarding the locations or conditions in which apps are being used. For example, apps can be used where no internet connection is available. Therefore, offline-first is a highly desired quality of mobile apps. Accordingly, inappropriate handling of connectivity issues and miss-implementation of good practices lead to bugs and crashes occurrences that reduce the confidence of users on the apps' quality. In this paper, we present the first study on Eventual Connectivity (ECn) issues exhibited by Android apps, by manually inspecting 971 scenarios related to 50 open-source apps. We found 304 instances of ECn issues (6 issues per app, on average) that we organized in a taxonomy of 10 categories. We found that the majority of ECn issues are related to the use of messages not providing correct information to the user about the connectivity status and to the improper use of external libraries/apps to which

show abstract

Section: Related Workmentioning

confidence: 99%

mentioning

confidence: 99%

Studying Eventual Connectivity Issues in Android Apps

Escobar-Velásquez,

Mazuera-Rozo,

Bedoya

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…In Table VI, we present the surveyed works that deal with PII leakage detection [23], [27], [29], [5], [41], [50], [54], [57], [58]. For each work, we summarize the targeted mobile platforms, and whether the PII leaks are simply detected or also prevented.…”

Section: Pii Leakage Detectionmentioning

confidence: 99%

“…Kuzuno and Tonami in [27] investigate the leakage of sensitive information by the advertisement libraries embedded into free Android apps. They focus on both original and hashed identifiers unique to mobile devices (i.e., IMEI and Android ID) and SIM cards (i.e., IMSI and SIM Serial ID), as well as on the name of the cellular operator (CARRIER).…”

Section: Pii Leakage Detectionmentioning

confidence: 99%

“…The achieved results show that it is possible to successfully fingerprint an Android app (or type of app) [16], [28], [29], [5], [43], [6], [47], [56], [61], as well as an action performed by a mobile user on her Android device [30], [39], [45], [46], [52]. In [29], [5], [41], [50], [54], [57], [58], it is reported that Android apps extensively leak the PII of mobile users, and the works in [23], [27] highlight that an important role in this phenomenon is played by the embedded ad libraries. Regarding mobile advertisement, Crussell et al in [33] prove that many Android apps trick the advertisement business model in order to let their developers illicitly earn money.…”

Section: A Androidmentioning

confidence: 99%

See 1 more Smart Citation