Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications


Autoria(s): Batyuk, Leonid; Herpich, Markus; Camtepe, Seyit A.; Raddatz, Karsten; Schmidt, Aubrey-Derrick; Albayrak, Sahin
Data(s)

01/10/2011

Resumo

In the last decade, smartphones have gained widespread usage. Since the advent of online application stores, hundreds of thousands of applications have become instantly available to millions of smart-phone users. Within the Android ecosystem, application security is governed by digital signatures and a list of coarse-grained permissions. However, this mechanism is not fine-grained enough to provide the user with a sufficient means of control of the applications' activities. Abuse of highly sensible private information such as phone numbers without users' notice is the result. We show that there is a high frequency of privacy leaks even among widely popular applications. Together with the fact that the majority of the users are not proficient in computer security, this presents a challenge to the engineers developing security solutions for the platform. Our contribution is twofold: first, we propose a service which is able to assess Android Market applications via static analysis and provide detailed, but readable reports to the user. Second, we describe a means to mitigate security and privacy threats by automated reverse-engineering and refactoring binary application packages according to the users' security preferences.

Identificador

http://eprints.qut.edu.au/58298/

Publicador

IEEE Conference Publications

Relação

DOI:10.1109/MALWARE.2011.6112328

Batyuk, Leonid, Herpich, Markus, Camtepe, Seyit A., Raddatz, Karsten, Schmidt, Aubrey-Derrick, & Albayrak, Sahin (2011) Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications. In Proceedings of the 6th International Conference on Malicious and Unwanted Software (MALWARE 2011), IEEE Conference Publications, Fajardo, Puerto Rico, USA, pp. 66-72.

Direitos

Copyright 2011 IEEE

Fonte

School of Electrical Engineering & Computer Science; Information Security Institute; Science & Engineering Faculty

Palavras-Chave #080303 Computer System Security #data privacy #mobile computing #Android Market application #application security #binary application package refactoring #coarse-grained permission #static analysis
Tipo

Conference Paper