Signature generation for sensitive information leakage in android applications
@article{Kuzuno2013SignatureGF, title={Signature generation for sensitive information leakage in android applications}, author={Hiroki Kuzuno and Satoshi Tonami}, journal={2013 IEEE 29th International Conference on Data Engineering Workshops (ICDEW)}, year={2013}, pages={112-119} }
In recent years, there has been rapid growth in mobile devices such as smartphones, and a number of applications are developed specifically for the smartphone market. In particular, there are many applications that are “free” to the user, but depend on advertisement services for their revenue. Such applications include an advertisement module - a library provided by the advertisement service - that can collect a user's sensitive information and transmit it across the network. Such information…
14 Citations
Review of Signature Generation for Private Information Leakage in Android Applications
- Computer Science
- 2014
To enable users to control the diffusion of their clandestine information, there is technique using a new clustering method based on the HTTP packet sender, HTTP packet destination and content distances that creates signatures from the grouping result and uses them to distinguish sensitive information outflow from Android applications.
Smartphone: Security and Privacy Protection
- Computer ScienceICPCA/SWS
- 2013
The permission mechanism, which requires developers to declare what sensitive resources their applications would use, has users agree with this request when they install the application and constrains the application to the requested resources during runtime is introduced.
The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis
- Computer ScienceIEEE Communications Surveys & Tutorials
- 2018
This paper reviews the works that contributed to the state of the art of network traffic analysis targeting mobile devices and presents a systematic classification of the works according to three criteria: 1) the goal of the analysis; 2) the point where the network traffic is captured; and 3) the targeted mobile platforms.
Security Weaknesses of the Android Advertising Ecosystem
- Computer Science
- 2016
This thesis will investigate the security of Android ad supported apps, security vulnerabilities that have been identified in the way those ads are delivered to the device and improvements that can be made to protect the privacy of the end user.
Studying eventual connectivity issues in Android apps
- Political ScienceEmpirical Software Engineering
- 2021
This paper presents the first study on Eventual Connectivity (ECn) issues exhibited by Android apps, by manually inspecting 971 scenarios related to 50 open-source apps and distill a list of lessons learned for both practitioners and researchers, indicating directions for future work.
Real-Time Monitoring of Privacy Abuses and Intrusion Detection in Android System
- Computer ScienceHCI
- 2015
The definition of privacy, privacy abuse behaviours, and the privacy abuse in Android systems are investigated, which may be very useful for identifying the malicious apps from 'normal' apps.
Characterizing Evaluation Practices of Intrusion Detection Methods for Smartphones
- Computer Science
- 2014
An overview of the research in the field of intrusion detection techniques for the Android platform is given and a set of guidelines that could help researchers to avoid common pitfalls and improve the quality of their work are presented.
Detecting Advertisement Module Network Behavior with Graph Modeling
- Computer Science, Mathematics2014 Ninth Asia Joint Conference on Information Security
- 2014
This work proposes a novel method based on the distance between network traffic graphs mapping the relationships between HTTP session data (such as HTML or Java Script) that can detect ad modules' traffic by comparing session graphs with the graphs of already known ad modules.
Algebraic-datatype taint tracking, with applications to understanding Android identifier leaks
- Computer ScienceESEC/SIGSOFT FSE
- 2021
A novel, algebraic-datatype taint analysis that generates rich yet concise taint signatures involving AND, XOR, hashing – akin to algebraic, product and sum, types is introduced.
LMDGW: a novel matrix based dynamic graph watermark
- Computer ScienceJournal of Ambient Intelligence and Humanized Computing
- 2017
A late-model dynamic watermark based on matrix, called LMDGW is proposed to overcome the shortcoming of unintuitive and vulnerable property of traditional numberal DGW and is proved to be an intelligent watermarking scheme, and is enlightening for intelligent security.
References
SHOWING 1-10 OF 36 REFERENCES
Investigating User Privacy in Android Ad Libraries
- Computer Science
- 2012
This work examines the effect on user privacy of thirteen popular Android ad providers by reviewing their use of permissions, and discovers the insecure use of Android’s JavaScript extension mechanism in several ad libraries.
AdDroid: privilege separation for applications and advertisers in Android
- Computer ScienceASIACCS '12
- 2012
AdDroid is introduced, a privilege separated advertising framework for the Android platform that enables AdDroid to separate privileged advertising functionality from host applications, allowing applications to show advertisements without requesting privacy-sensitive permissions.
Unsafe exposure analysis of mobile in-app advertisements
- Computer ScienceWISEC '12
- 2012
The investigation indicates the symbiotic relationship between embedded ad libraries and host apps is one main reason behind these exposed risks, and clearly shows the need for better regulating the way ad libraries are integrated in Android apps.
On lightweight mobile phone application certification
- Computer ScienceCCS
- 2009
The Kirin security service for Android is proposed, which performs lightweight certification of applications to mitigate malware at install time and indicates that security configuration bundled with Android applications provides practical means of detecting malware.
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
- Computer ScienceOSDI
- 2010
Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, this work found 68 instances of misappropriation of users' location and device identification information across 20 applications.
These aren't the droids you're looking for: retrofitting android to protect data from imperious applications
- Computer ScienceCCS '11
- 2011
Two privacy controls for Android smartphones that empower users to run permission-hungry applications while protecting private data from being exfiltrated are examined, finding that they can successfully reduce the effective permissions of the application without causing side effects for 66% of the tested applications.
A Study of Android Application Security
- Computer ScienceUSENIX Security Symposium
- 2011
A horizontal study of popular free Android applications uncovered pervasive use/misuse of personal/ phone identifiers, and deep penetration of advertising and analytics networks, but did not find evidence of malware or exploitable vulnerabilities in the studied applications.
Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android
- Computer Science
- 2011
This work presents a novel system that can replace existing platform permissions with finer-grained permissions, and found that it can replace many commonly used “dangerous” permissions with stricter permissions.
AdSplit: Separating Smartphone Advertising from Applications
- Computer ScienceUSENIX Security Symposium
- 2012
AdSplit is described, where Android is extended to allow an application and its advertising to run as separate processes, under separate user-ids, eliminating the need for applications to request permissions on behalf of their advertising libraries, and providing services to validate the legitimacy of clicks, locally and remotely.
Semantically Rich Application-Centric Security in Android
- Computer Science2009 Annual Computer Security Applications Conference
- 2009
This paper considers the security requirements of smartphone applications and augment the existing Android operating system with a framework to meet them, and presents Secure Application INTeraction (Saint), a modified infrastructure that governs install-time permission assignment and their run-time use as dictated by application provider policy.