Signature generation for sensitive information leakage in android applications

@article{Kuzuno2013SignatureGF,
  title={Signature generation for sensitive information leakage in android applications},
  author={Hiroki Kuzuno and Satoshi Tonami},
  journal={2013 IEEE 29th International Conference on Data Engineering Workshops (ICDEW)},
  year={2013},
  pages={112-119}
}
  • Hiroki Kuzuno, Satoshi Tonami
  • Published 8 April 2013
  • Computer Science
  • 2013 IEEE 29th International Conference on Data Engineering Workshops (ICDEW)
In recent years, there has been rapid growth in mobile devices such as smartphones, and a number of applications are developed specifically for the smartphone market. In particular, there are many applications that are “free” to the user, but depend on advertisement services for their revenue. Such applications include an advertisement module - a library provided by the advertisement service - that can collect a user's sensitive information and transmit it across the network. Such information… 
View on IEEE
arxiv.org
13 Citations
Highly Influential Citations
1
Background Citations
6
Methods Citations
2

13 Citations

Citation Type

Citation Type

Review of Signature Generation for Private Information Leakage in Android Applications
Currently, the number of android phones (smart phone) as well as its applications has been increased. Particularly, there are many applications that are “free” to the user, but they are depend on
Detecting personally identifiable information transmission in android applications using light-weight static analysis
TLDR
This work proposes using light-weight methods to extract features that are then used to develop a classification model to detect PII transmission in under a minute with performance that rivals the heavy-weight techniques.
Smartphone: Security and Privacy Protection
TLDR
The permission mechanism, which requires developers to declare what sensitive resources their applications would use, has users agree with this request when they install the application and constrains the application to the requested resources during runtime is introduced.
The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis
TLDR
This paper reviews the works that contributed to the state of the art of network traffic analysis targeting mobile devices and presents a systematic classification of the works according to three criteria: 1) the goal of the analysis; 2) the point where the network traffic is captured; and 3) the targeted mobile platforms.
Security Weaknesses of the Android Advertising Ecosystem
Mobile device security is becoming increasingly important as the number of devices that are used continues to grow and has surpassed one billion active devices globally. In this thesis, we will
Studying Eventual Connectivity Issues in Android Apps
TLDR
This paper presents the first study on Eventual Connectivity (ECn) issues exhibited by Android apps, by manually inspecting 971 scenarios related to 50 open-source apps and distill a list of lessons learned for both practitioners and researchers, indicating directions for future work.
Real-Time Monitoring of Privacy Abuses and Intrusion Detection in Android System
TLDR
The definition of privacy, privacy abuse behaviours, and the privacy abuse in Android systems are investigated, which may be very useful for identifying the malicious apps from 'normal' apps.
Characterizing Evaluation Practices of Intrusion Detection Methods for Smartphones
The appearance of a new Android platform and its popularity has resulted in a sharp rise in the number of reported vulnerabilities and consequently in the number of mobile threats. Mobile malware, a
Detecting Advertisement Module Network Behavior with Graph Modeling
TLDR
This work proposes a novel method based on the distance between network traffic graphs mapping the relationships between HTTP session data (such as HTML or Java Script) that can detect ad modules' traffic by comparing session graphs with the graphs of already known ad modules.
In-Depth Survey of Digital Advertising Technologies
TLDR
The digital advertising relationships within this ecosystem along with their technical, social, political, and physical implications are explained and advertising principles along with a variation of other advertising approaches are explored in order to compare and contrast competing digital advertising methods.
...
1
2
...

References

SHOWING 1-10 OF 41 REFERENCES
Investigating User Privacy in Android Ad Libraries
TLDR
This work examines the effect on user privacy of thirteen popular Android ad providers by reviewing their use of permissions, and discovers the insecure use of Android’s JavaScript extension mechanism in several ad libraries.
AdDroid: privilege separation for applications and advertisers in Android
TLDR
AdDroid is introduced, a privilege separated advertising framework for the Android platform that enables AdDroid to separate privileged advertising functionality from host applications, allowing applications to show advertisements without requesting privacy-sensitive permissions.
Unsafe exposure analysis of mobile in-app advertisements
TLDR
The investigation indicates the symbiotic relationship between embedded ad libraries and host apps is one main reason behind these exposed risks, and clearly shows the need for better regulating the way ad libraries are integrated in Android apps.
On lightweight mobile phone application certification
TLDR
The Kirin security service for Android is proposed, which performs lightweight certification of applications to mitigate malware at install time and indicates that security configuration bundled with Android applications provides practical means of detecting malware.
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
TLDR
TaintDroid is an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data and enabling realtime analysis by leveraging Android’s virtualized execution environment.
These aren't the droids you're looking for: retrofitting android to protect data from imperious applications
TLDR
Two privacy controls for Android smartphones that empower users to run permission-hungry applications while protecting private data from being exfiltrated are examined, finding that they can successfully reduce the effective permissions of the application without causing side effects for 66% of the tested applications.
A Study of Android Application Security
TLDR
A horizontal study of popular free Android applications uncovered pervasive use/misuse of personal/ phone identifiers, and deep penetration of advertising and analytics networks, but did not find evidence of malware or exploitable vulnerabilities in the studied applications.
Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android
Google’s Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access, GPS use, and telephony. We have found that Android’s current permissions
AdSplit: Separating Smartphone Advertising from Applications
TLDR
AdSplit is described, where Android is extended to allow an application and its advertising to run as separate processes, under separate user-ids, eliminating the need for applications to request permissions on behalf of their advertising libraries, and providing services to validate the legitimacy of clicks, locally and remotely.
Semantically Rich Application-Centric Security in Android
TLDR
This paper considers the security requirements of smartphone applications and augment the existing Android operating system with a framework to meet them, and presents Secure Application INTeraction (Saint), a modified infrastructure that governs install-time permission assignment and their run-time use as dictated by application provider policy.
...
1
2
3
4
5
...