Abstract:In the last decade, smartphones have gained widespread usage. Since the advent of online application stores, hundreds of thousands of applications have become instantly available to millions of smartphone users. Within the Android ecosystem, application security is governed by digital signatures and a list of coarse-grained permissions. However, this mechanism is not fine-grained enough to provide the user with a sufficient means of control of the applications' activities. Abuse of highly sensible private info… Show more
“…A dynamic approach is presented in [21] where the authors proposed a syscall monitoring approach further used to identify malicious signatures. Batyuk et al introduce in [22] a solution aiming at disassembling code and looking at malicious API use. DroidMat [10] extracts information about Intent, API calls and permissions in order to classify applications in using clustering techniques.…”
Abstract-Recently, the Android platform has seen its number of malicious applications increased sharply. Motivated by the easy application submission process and the number of alternative market places for distributing Android applications, rogue authors are developing constantly new malicious programs. While current anti-virus software mainly relies on signature detection, the issue of alternative malware detection has to be addressed. In this paper, we present a feature based detection mechanism relying on opcode-sequences combined with machine learning techniques. We assess our tool on both a reference dataset known as Genome Project as well as on a wider sample of 40,000 applications retrieved from the Google Play Store.
“…A dynamic approach is presented in [21] where the authors proposed a syscall monitoring approach further used to identify malicious signatures. Batyuk et al introduce in [22] a solution aiming at disassembling code and looking at malicious API use. DroidMat [10] extracts information about Intent, API calls and permissions in order to classify applications in using clustering techniques.…”
Abstract-Recently, the Android platform has seen its number of malicious applications increased sharply. Motivated by the easy application submission process and the number of alternative market places for distributing Android applications, rogue authors are developing constantly new malicious programs. While current anti-virus software mainly relies on signature detection, the issue of alternative malware detection has to be addressed. In this paper, we present a feature based detection mechanism relying on opcode-sequences combined with machine learning techniques. We assess our tool on both a reference dataset known as Genome Project as well as on a wider sample of 40,000 applications retrieved from the Google Play Store.
“…4 Our prototype allows to process Android binaries (i. e., APK files) directly. Using WALA's Java front-end, the analysis of Java source of Android apps can be supported easily as well.…”
Section: Methodsmentioning
confidence: 99%
“…There is a large body of work that uses static program analysis for finding security vulnerabilities in JavaScript-based web applications [11,16,24,26] as well as dealing with the privacy concerns of Android apps [4,13,18,20].…”
Abstract. Developing mobile applications is a challenging business: developers need to support multiple platforms and, at the same time, need to cope with limited resources, as the revenue generated by an average app is rather small. This results in an increasing use of cross-platform development frameworks that allow developing an app once and offering it on multiple mobile platforms such as Android, iOS, or Windows. Apache Cordova is a popular framework for developing multi-platform apps. Cordova combines HTML5 and JavaScript with native application code. Combining web and native technologies creates new security challenges as, e. g., an XSS attacker becomes more powerful. In this paper, we present a novel approach for statically analysing the foreign language calls. We evaluate our approach by analysing the top Cordova apps from Google Play. Moreover, we report on the current state of the overall quality and security of Cordova apps.
“…[9] Some of the critical permissions like accessing messages, making phone call and similar permissions were given a two-step verification. The user's permission is again asked while the application requires use of critical permissions.…”
Section: Android's Initiative To Improve Security With Respect To Permentioning
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.