An Android application sandbox system for suspicious software detection

Smartphones are steadily gaining popularity, creating new application areas as their capabilities increase in terms of computational power, sensors and communication. Emerging new features of mobile devices give opportunity to new threats. Android is one of the newer operating systems targeting smartphones. While being based on a Linux kernel, Android has unique properties and specific limitations due to its mobile nature. This makes it harder to detect and react upon malware attacks if using conventional techniques. In this paper, we propose an Android Application Sandbox (AASandbox) which is able to perform both static and dynamic analysis on Android programs to automatically detect suspicious applications. Static analysis scans the software for malicious patterns without installing it. Dynamic analysis executes the application in a fully isolated environment, i.e. sandbox, which intervenes and logs low-level interactions with the system for further analysis. Both the sandbox and the detection algorithms can be deployed in the cloud, providing a fast and distributed detection of suspicious software in a mobile software store akin to Google's Android Market. Additionally, AASandbox might be used to improve the efficiency of classical anti-virus applications available for the Android operating system.

Could mobile telephony be harnessed for development in Papua New Guinea?

Could mobile telephony be harnessed for development in Papua New Guinea (PNG)? Could mobile phones be utilised to enhance the security and prosperity of rural communities? Could mobile phones be a useful tool in the achievement of the PNG 2050 Vision targets? This paper is based on literature review around use of mobile phones in development in Asia, Africa, and the Caribbean. It also draws on discussions with key players in PNG, such as NGOs, UN agencies, donor partners, telecommunication companies and the government of PNG. Anticipated benefits of mobile phone availability have not been fully realised in rural areas of PNG to date due to pricing, difficulties with recharging handset batteries in communities which do not have mains electricity supply, and also concerns about negative social changes related to mobile telephony, for example parental stress over youth forming unsuitable relationships. Nonetheless, there are manifest possible ways for mobile phone technology to change user communication patterns positively regarding economic output. In sectors as diverse as health, education and law and justice, discussions are currently underway to establish how mobile phones could be used to increase service delivery, particularly to rural and marginal communities.

Developing and benchmarking native Linux applications on Android

Smartphones get increasingly popular where more and more smartphone platforms emerge. Special attention was gained by the open source platform Android which was presented by the Open Handset Alliance (OHA) hosting members like Google, Motorola, and HTC. Android uses a Linux kernel and a stripped-down userland with a custom Java VM set on top. The resulting system joins the advantages of both environments, while third-parties are intended to develop only Java applications at the moment. In this work, we present the benefit of using native applications in Android. Android includes a fully functional Linux, and using it for heavy computational tasks when developing applications can bring in substantional performance increase. We present how to develop native applications and software components, as well as how to let Linux applications and components communicate with Java programs. Additionally, we present performance measurements of native and Java applications executing identical tasks. The results show that native C applications can be up to 30 times as fast as an identical algorithm running in Dalvik VM. Java applications can become a speed-up of up to 10 times if utilizing JNI.

Monitoring android for collaborative anomaly detection : a first architectural draft

Our daily lives become more and more dependent upon smartphones due to their increased capabilities. Smartphones are used in various ways, e.g. for payment systems or assisting the lives of elderly or disabled people. Security threats for these devices become more and more dangerous since there is still a lack of proper security tools for protection. Android emerges as an open smartphone platform which allows modification even on operating system level and where third-party developers first time have the opportunity to develop kernel-based low-level security tools. Android quickly gained its popularity among smartphone developers and even beyond since it bases on Java on top of "open" Linux in comparison to former proprietary platforms which have very restrictive SDKs and corresponding APIs. Symbian OS, holding the greatest market share among all smartphone OSs, was even closing critical APIs to common developers and introduced application certification. This was done since this OS was the main target for smartphone malwares in the past. In fact, more than 290 malwares designed for Symbian OS appeared from July 2004 to July 2008. Android, in turn, promises to be completely open source. Together with the Linux-based smartphone OS OpenMoko, open smartphone platforms may attract malware writers for creating malicious applications endangering the critical smartphone applications and owners privacy. Since signature-based approaches mainly detect known malwares, anomaly-based approaches can be a valuable addition to these systems. They base on mathematical algorithms processing data that describe the state of a certain device. For gaining this data, a monitoring client is needed that has to extract usable information (features) from the monitored system. Our approach follows a dual system for analyzing these features. On the one hand, functionality for on-device light-weight detection is provided. But since most algorithms are resource exhaustive, remote feature analysis is provided on the other hand. Having this dual system enables event-based detection that can react to the current detection need. In our ongoing research we aim to investigates the feasibility of light-weight on-device detection for certain occasions. On other occasions, whenever significant changes are detected on the device, the system can trigger remote detection with heavy-weight algorithms for better detection results. In the absence of the server respectively as a supplementary approach, we also consider a collaborative scenario. Here, mobile devices sharing a common objective are enabled by a collaboration module to share information, such as intrusion detection data and results. This is based on an ad-hoc network mode that can be provided by a WiFi or Bluetooth adapter nearly every smartphone possesses.

Google Android : a comprehensive introduction

Google Android, Google's new product and its first attempt to enter the mobile market, might have an equal impact on mobile users like Apple's hyped product, the iPhone. In this Technical report we are going to present the Google Android platform, what Android is, describe why it might be considered as a worthy rival to Apple's iPhone. We will describe parts of its internals, take a look "under the hood" while explaining components of the underlying operating system. We will show how to develop applications for this platform, which difficulties a developer might have to face, and how developers can possibly use other programming languages to develop for Android than the propagated language Java.

Security ceremonies : including humans in cryptographic protocols

Whether by using electronic banking, by using credit cards, or by synchronising a mobile telephone via Bluetooth to an in-car system, humans are a critical part in many cryptographic protocols daily. We reduced the gap that exists between the theory and the reality of the security of these cryptographic protocols involving humans, by creating tools and techniques for proofs and implementations of human-followable security. After three human research studies, we present a model for capturing human recognition; we provide a tool for generating values called Computer-HUman Recognisable Nonces (CHURNs); and we provide a model for capturing human perceptible freshness.

Security analysis of linearly filtered NLFSRs

Non-linear feedback shift register (NLFSR) ciphers are cryptographic tools of choice of the industry especially for mobile communication. Their attractive feature is a high efficiency when implemented in hardware or software. However, the main problem of NLFSR ciphers is that their security is still not well investigated. The paper makes a progress in the study of the security of NLFSR ciphers. In particular, we show a distinguishing attack on linearly filtered NLFSR (or LF-NLFSR) ciphers. We extend the attack to a linear combination of LF-NLFSRs. We investigate the security of a modified version of the Grain stream cipher and show its vulnerability to both key recovery and distinguishing attacks.

Luxury brand identity : the influence of mobile digital technology

This thesis examined the influence of mobile digital technology on the brand identity of luxury brands. Specifically it focused on the use of mobile applications by automobile, hotel and beauty brands and compared the perceptions of marketing managers with consumers on how mobile applications influenced luxury brand identity and image. Outcomes of this research included a model to depict the ongoing process between mobile-mediated luxury brand identity and image, and a typology of luxury brand mobile applications listing key features of mobile-mediated luxemosphere. Overall findings suggest that the influence of mobile applications on luxury brand identity has been negative, as their brand image appeared to be degraded, resulting in diminishing the brand identity.

Is there an app for that? A case study of the potentials and limitations of the participator turn and networked publics for classical music audience engagement

The participatory turn, fuelled by discourses and rhetoric regarding social media, and in the aftermath of the dot.com crash of the early 2000s, enrols to some extent an idea of being able to deploy networks to achieve institutional aims. The arts and cultural sector in the UK, in the face of funding cuts, has been keen to engage with such ideas in order to demonstrate value for money; by improving the efficiency of their operations, improving their respective audience experience and ultimately increasing audience size and engagement. Drawing on a case study compiled via a collaborative research project with a UK-based symphony orchestra (UKSO) we interrogate the potentials of social media engagement for audience development work through participatory media and networked publics. We argue that the literature related to mobile phones and applications (‘apps’) has focused primarily on marketing for engagement where institutional contexts are concerned. In contrast, our analysis elucidates the broader potentials and limitations of social-media-enabled apps for audience development and engagement beyond a marketing paradigm. In the case of UKSO, it appears that the technologically deterministic discourses often associated with institutional enrolment of participatory media and networked publics may not necessarily apply due to classical music culture. More generally, this work raises the contradictory nature of networked publics and argues for increased critical engagement with the concept.

UbiOpticon : participatory sousveillance with urban screens and mobile phone cameras

In many cities around the world, surveillance by a pervasive net of CCTV cameras is a common phenomenon in an attempt to uphold safety and security across the urban environment. Video footage is being recorded and stored, sometimes live feeds are being watched in control rooms hidden from public access and view. In this study, we were inspired by Steve Mann’s original work on sousveillance (surveillance from below) to examine how a network of camera equipped urban screens could allow the residents of Oulu in Finland to collaborate on the safekeeping of their city. An agile, rapid prototyping process led to the design, implementation and ‘in the wild’ deployment of the UbiOpticon screen application. Live video streams captured by web cams integrated at the top of 12 distributed urban screens were broadcast and displayed in a matrix arrangement on all screens. The matrix also included live video streams of two roaming mobile phone cameras. In our field study we explored the reactions of passers-by and users of this screen application that seeks to inverse Bentham’s original panopticon by allowing the watched to be watchers at the same time. In addition to the original goal of participatory sousveillance, the system’s live video feature sparked fun and novel user-led apprlopriations.

Formal analysis of card-based payment systems in mobile devices

To provide card holder authentication while they are conducting an electronic transaction using mobile devices, VISA and MasterCard independently proposed two electronic payment protocols: Visa 3D Secure and MasterCard Secure Code. The protocols use pre-registered passwords to provide card holder authentication and Secure Socket Layer/ Transport Layer Security (SSL/TLS) for data confidentiality over wired networks and Wireless Transport Layer Security (WTLS) between a wireless device and a Wireless Application Protocol (WAP) gateway. The paper presents our analysis of security properties in the proposed protocols using formal method tools: Casper and FDR2. We also highlight issues concerning payment security in the proposed protocols.

Food talks back : Exploring the role of mobile applications in reducing domestic food wastage

Mitigating domestic food waste reduces its environmental and economic impacts. In our study, we have identified the use of mobile technology to support behaviour change as a key tool to assist the process of reducing food waste. This paper reports on three mobile applications designed to reduce domestic food waste: Fridge Pal, LeftoverSwap and EatChaFood. The paper examines how each app can influence consumer knowledge of domestic food supply, location, and literacy. We discuss our findings with respect to three considerations: (i) assisting with the user’s food supply and location knowledge; (ii) improving the user’s food literacy; (iii) facilitating social food sharing of excess food. We present new insights for mobile interventions that encourage changes towards more sustainable behaviours to reduce food waste.

Street reads - Creating mobile walking events

By 2012 mobile devices had become the main interface for people to access information about anything from their current GPS position to the latest book reviews. What was less accessible were tools and techniques for writers to leverage this new technology to construct and distribute located stories. This project began with a series of master classes for local Brisbane writers to demonstrate processes and techniques for imagining, constructing and distributing stories. Most significantly, this project equipped writers with how to identify and adopt various mobile services and applications to research, produce and deliver packaged multi-modal content for readers to access and experience stories in the very locations from which they were inspired. Four stories by four writers were selected to be developed and published as location-based events in four different neighbourhoods across Brisbane. These writers were mentored throughout the writing process and a model was developed for them to simply upload several multi-modal chapters for access on location by readers using QR codes. These activities culminated in a major 25 day event presented by Brisbane City Council and supported by Brisbane Writers Festival and Queensland Writers Centre. The 'Street Reads' event presented the four stories on location in Cannon Hill, Darra, Toowong and West End. The significance of the Street Reads project went beyond extending the capacity for writers to access mobile technologies as a new platform for distributing stories. This event also motivated readers to travel to neighbourhoods to experience them in ways that had not previously imagined possible. These located stories were fictionalisations of actual events and characters that have current and historic importance to these places. These histories are hidden from view and yet can provide locals and visitors with a new found appreciation for the past and set an example for how neighbourhoods can become active stages for the sharing of stories inspiring a deeper connection with each other and an agency for participating in the development of the identity of the local places they inhabit together. Due to the success of the project and by employing more advanced tools now available, Street reads has been further developed by Brisbane City Council and is now available as a the Story City App available for download at itunes.

‘Healthy mobile check-ins’ study: using GIS in smartphones to track use of urban environment by survivors of endometrial cancer

Aims/Objectives Our study aims to test the capacity of a newly developed smartphone innovation to obtain data on social, structural, and spatial determinants of the daily health-related behaviours of women living in urban Brisbane neighbourhoods who have survived endometrial cancer. Methods The women used a mobile web app designed specifically for the project to record GIS/location data on every destination they visited within their local urban neighbourhoods over a two-week period. Additionally, we gathered textual data on the social context/reasons for travel, as well as mode of transport to reach these destinations. The data was transported to SPSS and Google Earth for statistical and spatial analysis. We then met with the women to discuss lifestyle interventions to maximise their use of their local neighbourhoods in ways that could increase their physical activity levels and improve their overall health and well-being. These interventions will be evaluated and translated into a large-scale national study if effective. Results Initial findings about patterns in the group’s use of the local urban environment will be displayed, including daily distances travelled, types of locations visited, walking levels, use of public transport, use of green spaces and use of health-related resources. Any socio-demograpahic differences found between the women will be reported. Qualitative, quantitative, and spatial/mapping data will be displayed Conclusion The benefits and limitations of the mobile website designed to collect a range of data types about human-neighbourhood interactions with implications for intervention design will be discussed.

Mobile interaction design approaches for reducing domestic food waste

This thesis is a trans-disciplinary study of domestic food waste in Australia. Firstly, it examines why consumers are prone to waste food. Secondly, it explores several situated design interventions to reduce domestic food waste by informing consumer food supply and location awareness, and improving the level of food literacy among consumers. The thesis outcomes have implications for academic and industry domains within the fields of Human-Computer Interaction, urban informatics, environmental sustainability, food security and public health.