Android applications : Data leaks via advertising libraries

Recent studies have determined that many Android applications in both official and non-official online markets expose details of the users' smartphones without user consent. In this paper, we explain why such applications leak, how they leak and where the data is leaked to. In order to achieve this, we combine static and dynamic analysis to examine Java classes and application behaviour for a set of popular, clean applications from the Finance and Games categories. We observed that all the applications in our data set which leaked information (10%) had third-party advertising libraries embedded in their respective Java packages.

Security and privacy of users' personal Information on smartphones

 This research investigated the proliferation of malicious applications on smartphones and a framework that can efficiently detect and classify such applications based on behavioural patterns was proposed. Additionally the causes and impact of unauthorised disclosure of personal information by clean applications were examined and countermeasures to protect smartphone users’ privacy were proposed.

A privacy-preserving location tracking system for smartphones based on cloud storage

With the widespread use of smartphones, the loss of a device is a critical problem, which results both in disrupting daily communications and losing valuable property. As a result, tracking systems have been developed to track mobile devices. Previous tracking systems focus on recovering the device's locations after it goes missing, with security methods implemented on the clients. However, users' locations are stored in untrusted third-party services, which may be attacked or eavesdropped. In this paper, we propose a system, named Android Cloud Tracker, to provide a privacy-preserving tracking client and safe storing of user's locations. We use cloud storage controlled by users themselves as storage facilities, and they do not need to worry about any untrusted third party. We implement Android Cloud Tracker prototype on Android phones, and the evaluation shows that it is both practical and lightweight: it generates a small amount of data flow and its distributed architecture provides strong guarantees of location privacy while preserving the ability to efficiently track missing devices.

A preliminary taxonomy of crowdsourcing

Many firms are now asking how they can benefit from the new form of outsourcing labelled “crowdsourcing”. Like many other forms of outsourcing, crowdsourcing is now being “talked up” by a somewhat credulous trade press. However, the term crowdsourcing has been used to describe several related, but different phenomena, and what might be successful with one form of crowdsourcing may not be with another. In this paper the notion of crowdsourcing is decomposed to create a taxonomy that expands our understanding of what is meant by the term. This taxonomy focuses on the different capability levels of crowdsourcing suppliers; different motivations; and different allocation of benefits. The management implications of these distinctions are then considered in light of what we know about other forms of outsourcing.

Web usability guidelines for smartphones : a synergic approach

The mobile phones that we carry with us all the time have started becoming increasingly sophisticated and consequently are referred to as “Smartphones”. Smartphones today are extremely powerful and, in addition to making phone calls, are capable of performing a variety of other functions. One very important function is the ability to access the Internet for a wide number of purposes. An obstacle that these users face is that access to the Internet is through a tiny interface, which is in sharp contrast to the typically large, flat-screen monitor. Unfortunately, many websites are neither designed for nor suitable to be accessed from these small devices. With relatively little effort, however, the developers of the websites can make the web interfaces more appropriate for Smartphones and hence accessible to a much larger audience. In this paper, we focus on “web usability”, a term essentially concerned with the ease of accessing and entering information on websites. We compile and synergize several different guidelines with the intent of increasing the web usability of Smartphones.

Patient use of smartphones to communicate subjective data in clinical trials

Purpose. Various methods have been used in clinical trials to collect time-sensitive subjective responses, including study diaries, telephone interviews, and use of text messaging. However, all of these methods are limited by the uncertainty of when the participants enrolled in the study actually record their responses. This technical note reports on the utility of the BlackBerry smartphone to collect such data and why such a system provides advantages over other methods to report subjective ratings in clinical studies.

Methods. The Centre for Contact Lens Research developed an on-line web-enabled system that permits participants to record and immediately transmit subjective rating scores in numerical form directly into a web-enabled database. This, combined with the utility of BlackBerrys, enabled time-specific e-mail requests to be sent to the study participants and then for that data to be simultaneously transmitted to the web-enabled database. This system has been used in several clinical trials conducted at the Centre for Contact Lens Research, in which data were collected at various times and in several specific locations or environments.

Results. In the clinical trials conducted using this system, participants provided responses on 97.5% of occasions to the requests for data generated by the automated system. When the request was for data on a set date, this method resulted in responses of 84.1% of the time.

Conclusions. The series of clinical trials reported here show the benefits of the utilization of the BlackBerry to collect time- or environment-sensitive data via a web-enabled system.

Crowdsourcing motivations in a not-for-profit GLAM context : the Australian newspapers digitisation program

Crowdsourcing in recent times has become popular among not-for-profits as a means of eliciting members of the public to contribute to activities that would normally have been carried out by staff or by contracting external expertise. The GLAM (galleries, libraries, archives, museums) sector does have a history of involving online volunteers (e.g. reviewing books). Extending that tradition, some GLAM institutions are engaging in crowdsourcing projects to enhance and enrich their collections. But what motivates the public to participate in these crowdsourcing activities? Understanding the unique motivations of participants is needed to establish a motivational framework for GLAM organisations in their not-for-profit context. We present findings from a study of the motivational factors affecting participation in the Australian Newspapers Digitisation Program (ANDP) by the National Library of Australia (NLA). Based on motivational theories and frameworks the study shows that the participants are motivated by a complex framework of personal, collective and external factors. Participants were highly intrinsically motivated, but valued altruistic and community motivations as well. Community and external factors played a vital role in their continued involvement. The paper concludes with a conceptual framework of the motivational factors for crowdsourcing participants in a GLAM context based on the motivational dynamics observed in the ANDP case.

Analysis of malicious and benign Android applications

Since its establishment, the Android applications market has been infected by a proliferation of malicious applications. Recent studies show that rogue developers are injecting malware into legitimate market applications which are then installed on open source sites for consumer uptake. Often, applications are infected several times. In this paper, we investigate the behavior of malicious Android applications, we present a simple and effective way to safely execute and analyze them. As part of this analysis, we use the Android application sandbox Droidbox to generate behavioral graphs for each sample and these provide the basis of the development of patterns to aid in identifying it. As a result, we are able to determine if family names have been correctly assigned by current anti-virus vendors. Our results indicate that the traditional anti-virus mechanisms are not able to correctly identify malicious Android applications.

Zero permission android applications - attacks and defenses

Google advertises the Android permission framework as one of the core security features present on its innovative and flexible mobile platform. The permissions are a means to control access to restricted AP/s and system resources. However, there are Android applications which do not request permissions at all.In this paper, we analyze the repercussions of installing an Android application that does not include any permission and the types of sensitive information that can be accessed by such an application. We found that even app/icaaons with no permissions are able to access sensitive information (such the device ID) and transmit it to third-parties.

Detecting SMS-based control commands in a Botnet from infected android devices

An increasing number of Android devices are being infected and at risk of becoming part of a botnet. Among all types of botnets, control and cornmand based botnets are very popular. In this paper we introduce an effective and efficient method to ddect SMS-based control commands ftvm infected Android devices. Specifically, we rely on the important radio activities recorded in Android log files. These radio activities are currently overlooked by researchers. We show the effectiveness of our rnethod by using the examples frorn published literature. Our method requires much less user knowledge but is more generic than traditional approaches.

Contrasting permission patterns between clean and malicious android applications

The Android platform uses a permission system model to allow users and developers to regulate access to private information and system resources required by applications. Permissions have been proved to be useful for inferring behaviors and characteristics of an application. In this paper, a novel method to extract contrasting permission patterns for clean and malicious applications is proposed. Contrary to existing work, both required and used permissions were considered when discovering the patterns. We evaluated our methodology on a clean and a malware dataset, each comprising of 1227 applications. Our empirical results suggest that our permission patterns can capture key differences between clean and malicious applications, which can assist in characterizing these two types of applications.