Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications

Batyuk, Leonid; Herpich, Markus; Camtepe, Seyit; Raddatz, Karsten; Schmidt, Aubrey-Derrick; Albayrak, Şahin

doi:10.1109/malware.2011.6112328

Cited by 114 publications

(84 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…A dynamic approach is presented in [21] where the authors proposed a syscall monitoring approach further used to identify malicious signatures. Batyuk et al introduce in [22] a solution aiming at disassembling code and looking at malicious API use. DroidMat [10] extracts information about Intent, API calls and permissions in order to classify applications in using clustering techniques.…”

Section: Related Workmentioning

confidence: 99%

Using opcode-sequences to detect malicious Android applications

Jérôme

Allix

State

et al. 2014

2014 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

Abstract-Recently, the Android platform has seen its number of malicious applications increased sharply. Motivated by the easy application submission process and the number of alternative market places for distributing Android applications, rogue authors are developing constantly new malicious programs. While current anti-virus software mainly relies on signature detection, the issue of alternative malware detection has to be addressed. In this paper, we present a feature based detection mechanism relying on opcode-sequences combined with machine learning techniques. We assess our tool on both a reference dataset known as Genome Project as well as on a wider sample of 40,000 applications retrieved from the Google Play Store.

show abstract

Section: Related Workmentioning

confidence: 99%

Using opcode-sequences to detect malicious Android applications

Jérôme

Allix

State

et al. 2014

2014 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

show abstract

“…4 Our prototype allows to process Android binaries (i. e., APK files) directly. Using WALA's Java front-end, the analysis of Java source of Android apps can be supported easily as well.…”

Section: Methodsmentioning

confidence: 99%

“…There is a large body of work that uses static program analysis for finding security vulnerabilities in JavaScript-based web applications [11,16,24,26] as well as dealing with the privacy concerns of Android apps [4,13,18,20].…”

Section: Related Workmentioning

confidence: 99%

On the Static Analysis of Hybrid Mobile Apps

Brucker

Herzberg²

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Developing mobile applications is a challenging business: developers need to support multiple platforms and, at the same time, need to cope with limited resources, as the revenue generated by an average app is rather small. This results in an increasing use of cross-platform development frameworks that allow developing an app once and offering it on multiple mobile platforms such as Android, iOS, or Windows. Apache Cordova is a popular framework for developing multi-platform apps. Cordova combines HTML5 and JavaScript with native application code. Combining web and native technologies creates new security challenges as, e. g., an XSS attacker becomes more powerful. In this paper, we present a novel approach for statically analysing the foreign language calls. We evaluate our approach by analysing the top Cordova apps from Google Play. Moreover, we report on the current state of the overall quality and security of Cordova apps.

show abstract

“…[9] Some of the critical permissions like accessing messages, making phone call and similar permissions were given a two-step verification. The user's permission is again asked while the application requires use of critical permissions.…”

Section: Android's Initiative To Improve Security With Respect To Permentioning

confidence: 99%