Improving Smartphone Security and Reliability

  title={Improving Smartphone Security and Reliability},
  author={Iulian Neamtiu and Xuetao Wei and Michalis Faloutsos and Lorenzo Gomez and Tanzirul Azim and Yongjian Hu and Zhiyong Shan},
  journal={J. Interconnect. Networks},
Users are increasingly relying on smartphones, hence concerns such as mobile app security, privacy, and correctness have become increasingly pressing. Software analysis has been successful in tackling many such concerns, albeit on other platforms, such as desktop and server. To fill this gap, he have developed infrastructural tools that permit a wide range of software analyses for the Android smartphone platform. Developing these tools has required surmounting many challenges unique to the… 



Automating GUI testing for Android applications

This paper conducts a bug mining study to understand the nature and frequency of bugs affecting Android applications, and presents techniques for detecting GUI bugs by automatic generation of test cases, feeding the application random events, instrumenting the VM, producing log/trace files and analyzing them post-run.

Versatile yet lightweight record-and-replay for Android

This work proposes a novel, stream-oriented record-and-replay approach which achieves high-accuracy and low-overhead by aiming at a sweet spot: recording and replaying sensor and network input, event schedules, and inter-app communication via intents.

A Study of Android Application Security

A horizontal study of popular free Android applications uncovered pervasive use/misuse of personal/ phone identifiers, and deep penetration of advertising and analytics networks, but did not find evidence of malware or exploitable vulnerabilities in the studied applications.

Targeted and depth-first exploration for systematic testing of android apps

The key insight of the approach is to use a static, taint-style, dataflow analysis on the app bytecode in a novel way, to construct a high-level control flow graph that captures legal transitions among activities (app screens).

Leave Me Alone: App-Level Protection against Runtime Information Gathering on Android

This new approach, called App Guardian, thwarts a malicious app's runtime monitoring attempt by pausing all suspicious background processes when the target app is running in the foreground, and resuming them after the app stops and its runtime environment is cleaned up.

Semantically Rich Application-Centric Security in Android

This paper considers the security requirements of smartphone applications and augment the existing Android operating system with a framework to meet them, and presents Secure Application INTeraction (Saint), a modified infrastructure that governs install-time permission assignment and their run-time use as dictated by application provider policy.

What the App is That? Deception and Countermeasures in the Android User Interface

This paper analyzes in detail the many ways in which Android users can be confused into misidentifying an app, thus, for instance, being deceived into giving sensitive information to a malicious app and designs and implements an on-device defense that addresses the underlying issue of the lack of a security indicator in the Android GUI.

On lightweight mobile phone application certification

The Kirin security service for Android is proposed, which performs lightweight certification of applications to mitigate malware at install time and indicates that security configuration bundled with Android applications provides practical means of detecting malware.

Android permissions demystified

Stowaway, a tool that detects overprivilege in compiled Android applications, is built and finds that about one-third of applications are overprivileged.

ProfileDroid: multi-layer profiling of android applications

ProfileDroid is the first step towards a systematic approach for generating cost-effective but comprehensive app profiles, and identifying inconsistencies and surprising behaviors.