Progettazione e sviluppo di un sistema per la gestione di pagamenti su piattaforme mobili android

Il processo di realizzazione di questo lavoro nasce con la ricerca di un'intuizione che potesse emergere come novità nell'oceano di possibilità offerte dal mercato degli applicativi per smartphone. Il risultato finale di questa ricerca ha prodotto una conclusione apparentemente ambiziosa: sostituire il vecchio concetto di 'portamonete' con una versione più pratica, innovativa ed in accordo con l'attuale direzione delle tecnologie moderne.

Can smartphone users turn off tracking service settings?

Tracking services play a fundamental role in the smartphone ecosystem. While their primary purpose is to provide a smartphone user with the ability to regulate the extent of sharing private information with external parties, these services can also be misused by advertisers in order to boost revenues. In this paper, we investigate tracking services on the Android and iOS smartphone platforms. We present a simple and effective way to monitor traffic generated by tracking services to and from the smartphone and external servers. To evaluate our work, we dynamically execute a set of Android and iOS applications, collected from their respective official markets. Our empirical results indicate that even if the user disables or limits tracking services on the smartphone, applications can by-pass those settings and, consequently, leak private information to external parties. On the other hand, when testing the location 'on' setting, we notice that generally location is not tracked.

Progettazione e implementazione di applicazioni context-aware su dispositivi mobili

Il progetto descritto in questo documento consiste fondamentalmente nell'integrazione di applicazioni context-aware su dispositivi mobili con reti di sensori e nello studio delle problematiche derivanti, vantaggi e potenziali utilizzi. La rete è stata costruita sfruttando l'insieme di protocolli per comunicazioni via radio Zigbee, particolarmente adatti per interazione tra dispositivi a basso consumo energetico e che necessitano di uno scarso tasso di trasferimento di dati. Le informazioni ottenute da sensori di varia natura sono processate da microcontrollori Arduino, scelti per la loro versatilità di utilizzo e design open source. Uno o più dispositivi sono designati per aggregare i dati rilevati dai singoli nodi in un unico pacchetto di informazioni, semanticamente correlate tra loro, quindi emetterle in broadcast su una diversa interfaccia di rete, in modo che diverse applicazioni esterne in ascolto possano riceverle e manipolarle. Viene utilizzato un protocollo specifico per la comunicazione tra i microcontrollori e le applicazioni che si interfacciano con la rete, costruito su misura per dispositivi con risorse limitate. L'applicazione context-aware che interagisce con la rete è stata sviluppata su piattaforma Android, la cui particolare flessibilità favorisce una migliore capacità di gestire i dati ottenuti. Questa applicazione è in grado di comunicare con la rete, manipolare i dati ricevuti ed eventualmente intraprendere azioni specifiche in totale indipendenza dal suo utilizzatore. Obiettivo del progetto è quello di costruire un meccanismo di interazione tra le tecnologie più adattivo e funzionale possibile.

Smartphone malware evolution revisited : Android next target?

Smartphones started being targets for malware in June 2004 while malware count increased steadily until the introduction of a mandatory application signing mechanism for Symbian OS in 2006. From this point on, only few news could be read on this topic. Even despite of new emerging smartphone platforms, e.g. android and iPhone, malware writers seemed to lose interest in writing malware for smartphones giving users an unappropriate feeling of safety. In this paper, we revisit smartphone malware evolution for completing the appearance list until end of 2008. For contributing to smartphone malware research, we continue this list by adding descriptions on possible techniques for creating the first malware(s) for Android platform. Our approach involves usage of undocumented Android functions enabling us to execute native Linux application even on retail Android devices. This can be exploited to create malicious Linux applications and daemons using various methods to attack a device. In this manner, we also show that it is possible to bypass the Android permission system by using native Linux applications.

Sistema de localização de veículos para smartphone android

Atualmente os sistemas Automatic Vehicle Location (AVL) fazem parte do dia-a-dia de muitas empresas. Esta tecnologia tem evoluído significativamente ao longo da última década, tornando-se mais acessível e fácil de utilizar. Este trabalho consiste no desenvolvimento de um sistema de localização de veículos para smartphone Android. Para tal, foram desenvolvidas duas aplicações: uma aplicação de localização para smarphone Android e uma aplicação WEB de monitorização. A aplicação de localização permite a recolha de dados de localização GPS e estabelecer uma rede piconet Bluetooth, admitindo assim a comunicação simultânea com a unidade de controlo de um veículo (ECU) através de um adaptador OBDII/Bluetooth e com até sete sensores/dispositivos Bluetooth que podem ser instalados no veículo. Os dados recolhidos pela aplicação Android são enviados periodicamente (intervalo de tempo definido pelo utilizador) para um servidor Web No que diz respeito à aplicação WEB desenvolvida, esta permite a um gestor de frota efetuar a monitorização dos veículos em circulação/registados no sistema, podendo visualizar a posição geográfica dos mesmos num mapa interativo (Google Maps), dados do veículo (OBDII) e sensores/dispositivos Bluetooth para cada localização enviada pela aplicação Android. O sistema desenvolvido funciona tal como esperado. A aplicação Android foi testada inúmeras vezes e a diferentes velocidades do veículo, podendo inclusive funcionar em dois modos distintos: data logger e data pusher, consoante o estado da ligação à Internet do smartphone. Os sistemas de localização baseados em smartphone possuem vantagens relativamente aos sistemas convencionais, nomeadamente a portabilidade, facilidade de instalação e baixo custo.

Applicazione Android per l'utilizzo di uno smartphone come scatola nera

La tecnologia rende ormai disponibili, per ogni tipologia di azienda, dispositivi elettronici a costo contenuto in grado di rilevare il comportamento dei propri clienti e quindi permettere di profilare bacini di utenza in base a comportamenti comuni. Le compagnie assicurative automobilistiche sono molto sensibili a questo tema poiché, per essere concorrenziali, il premio assicurativo che ogni cliente paga deve essere abbastanza basso da attirarlo verso la compagnia ma anche abbastanza alto da non diventare una voce negativa nel bilancio di quest'ultima. Negli ultimi anni vediamo dunque il diffondersi delle scatole nere, che altro non sono che dispositivi satellitari che aiutano le compagnie assicurative a definire più nel dettaglio il profilo del proprio cliente. Una migliore profilatura porta vantaggi sia all'assicurato che alla compagnia assicurativa, perché da un lato il cliente vede il premio dell'assicurazione abbassarsi, dall'altro la compagnia assicuratrice si sente rassicurata sull'affidabilità del cliente. Questi dispositivi sono costruiti per svolgere principalmente due compiti: raccogliere dati sulla guida dell'automobilista per una profilatura e rilevare un incidente. Come servizio aggiuntivo può essere richiesto supporto al primo soccorso. L'idea di questa tesi è quella di sviluppare un'applicazione per smartphone che funzioni da scatola nera e analizzare i vantaggi e i limiti dell'hardware. Prima di tutto l'applicazione potrà essere installata su diversi dispositivi e potrà essere aggiornata di anno in anno senza dover eliminare l'hardware esistente, d'altro canto lo smartphone permette di poter associare anche funzionalità di tipo client-care più avanzate. Queste funzionalità sarebbero di notevole interesse per l'automobilista, pensiamo ad esempio al momento dell'incidente, sarebbe impagabile un'applicazione che, rilevato l'incidente in cui si è rimasti coinvolti, avverta subito i soccorsi indicando esplicitamente l'indirizzo in cui è avvenuto.

Progettazione e sviluppo di un sistema software di pagamenti basato su NFC - applicazione esercente

La tesi in questione ha l'obiettivo di descrivere la progettazione e lo sviluppo di un’applicazione per la gestione di un sistema che permetta agli utenti di effettuare vari tipi di operazioni, tra i quali pagamento, ricarica, check-in e altre funzionalità. Tutte queste operazioni saranno implementate tramite l’utilizzo della tecnologia NFC (Near Field Communication). Il sistema prevede un'applicazione "cassa" per gestire le varie transazioni e un'applicazione "utente" per permettere ai clienti di visualizzare i dati relativi al proprio conto. Dopo una breve introduzione nella quale verrà descritto il sistema nel suo complesso, la presente tesi si occuperà di analizzare nel dettaglio lo sviluppo dell'applicazione "cassa".

Enhancing security of linux-based android devices

Our daily lives become more and more dependent upon smartphones due to their increased capabilities. Smartphones are used in various ways from payment systems to assisting the lives of elderly or disabled people. Security threats for these devices become increasingly dangerous since there is still a lack of proper security tools for protection. Android emerges as an open smartphone platform which allows modification even on operating system level. Therefore, third-party developers have the opportunity to develop kernel-based low-level security tools which is not normal for smartphone platforms. Android quickly gained its popularity among smartphone developers and even beyond since it bases on Java on top of "open" Linux in comparison to former proprietary platforms which have very restrictive SDKs and corresponding APIs. Symbian OS for example, holding the greatest market share among all smartphone OSs, was closing critical APIs to common developers and introduced application certification. This was done since this OS was the main target for smartphone malwares in the past. In fact, more than 290 malwares designed for Symbian OS appeared from July 2004 to July 2008. Android, in turn, promises to be completely open source. Together with the Linux-based smartphone OS OpenMoko, open smartphone platforms may attract malware writers for creating malicious applications endangering the critical smartphone applications and owners� privacy. In this work, we present our current results in analyzing the security of Android smartphones with a focus on its Linux side. Our results are not limited to Android, they are also applicable to Linux-based smartphones such as OpenMoko Neo FreeRunner. Our contribution in this work is three-fold. First, we analyze android framework and the Linux-kernel to check security functionalities. We survey wellaccepted security mechanisms and tools which can increase device security. We provide descriptions on how to adopt these security tools on Android kernel, and provide their overhead analysis in terms of resource usage. As open smartphones are released and may increase their market share similar to Symbian, they may attract attention of malware writers. Therefore, our second contribution focuses on malware detection techniques at the kernel level. We test applicability of existing signature and intrusion detection methods in Android environment. We focus on monitoring events on the kernel; that is, identifying critical kernel, log file, file system and network activity events, and devising efficient mechanisms to monitor them in a resource limited environment. Our third contribution involves initial results of our malware detection mechanism basing on static function call analysis. We identified approximately 105 Executable and Linking Format (ELF) executables installed to the Linux side of Android. We perform a statistical analysis on the function calls used by these applications. The results of the analysis can be compared to newly installed applications for detecting significant differences. Additionally, certain function calls indicate malicious activity. Therefore, we present a simple decision tree for deciding the suspiciousness of the corresponding application. Our results present a first step towards detecting malicious applications on Android-based devices.

Static analysis of executables for collaborative malware detection on Android

Smartphones are getting increasingly popular and several malwares appeared targeting these devices. General countermeasures to smartphone malwares are currently limited to signature-based antivirus scanners which efficiently detect known malwares, but they have serious shortcomings with new and unknown malwares creating a window of opportunity for attackers. As smartphones become host for sensitive data and applications, extended malware detection mechanisms are necessary complying with the corresponding resource constraints. The contribution of this paper is twofold. First, we perform static analysis on the executables to extract their function calls in Android environment using the command readelf. Function call lists are compared with malware executables for classifying them with PART, Prism and Nearest Neighbor Algorithms. Second, we present a collaborative malware detection approach to extend these results. Corresponding simulation results are presented.

An Android application sandbox system for suspicious software detection

Smartphones are steadily gaining popularity, creating new application areas as their capabilities increase in terms of computational power, sensors and communication. Emerging new features of mobile devices give opportunity to new threats. Android is one of the newer operating systems targeting smartphones. While being based on a Linux kernel, Android has unique properties and specific limitations due to its mobile nature. This makes it harder to detect and react upon malware attacks if using conventional techniques. In this paper, we propose an Android Application Sandbox (AASandbox) which is able to perform both static and dynamic analysis on Android programs to automatically detect suspicious applications. Static analysis scans the software for malicious patterns without installing it. Dynamic analysis executes the application in a fully isolated environment, i.e. sandbox, which intervenes and logs low-level interactions with the system for further analysis. Both the sandbox and the detection algorithms can be deployed in the cloud, providing a fast and distributed detection of suspicious software in a mobile software store akin to Google's Android Market. Additionally, AASandbox might be used to improve the efficiency of classical anti-virus applications available for the Android operating system.

Developing and benchmarking native Linux applications on Android

Smartphones get increasingly popular where more and more smartphone platforms emerge. Special attention was gained by the open source platform Android which was presented by the Open Handset Alliance (OHA) hosting members like Google, Motorola, and HTC. Android uses a Linux kernel and a stripped-down userland with a custom Java VM set on top. The resulting system joins the advantages of both environments, while third-parties are intended to develop only Java applications at the moment. In this work, we present the benefit of using native applications in Android. Android includes a fully functional Linux, and using it for heavy computational tasks when developing applications can bring in substantional performance increase. We present how to develop native applications and software components, as well as how to let Linux applications and components communicate with Java programs. Additionally, we present performance measurements of native and Java applications executing identical tasks. The results show that native C applications can be up to 30 times as fast as an identical algorithm running in Dalvik VM. Java applications can become a speed-up of up to 10 times if utilizing JNI.

Monitoring android for collaborative anomaly detection : a first architectural draft

Our daily lives become more and more dependent upon smartphones due to their increased capabilities. Smartphones are used in various ways, e.g. for payment systems or assisting the lives of elderly or disabled people. Security threats for these devices become more and more dangerous since there is still a lack of proper security tools for protection. Android emerges as an open smartphone platform which allows modification even on operating system level and where third-party developers first time have the opportunity to develop kernel-based low-level security tools. Android quickly gained its popularity among smartphone developers and even beyond since it bases on Java on top of "open" Linux in comparison to former proprietary platforms which have very restrictive SDKs and corresponding APIs. Symbian OS, holding the greatest market share among all smartphone OSs, was even closing critical APIs to common developers and introduced application certification. This was done since this OS was the main target for smartphone malwares in the past. In fact, more than 290 malwares designed for Symbian OS appeared from July 2004 to July 2008. Android, in turn, promises to be completely open source. Together with the Linux-based smartphone OS OpenMoko, open smartphone platforms may attract malware writers for creating malicious applications endangering the critical smartphone applications and owners privacy. Since signature-based approaches mainly detect known malwares, anomaly-based approaches can be a valuable addition to these systems. They base on mathematical algorithms processing data that describe the state of a certain device. For gaining this data, a monitoring client is needed that has to extract usable information (features) from the monitored system. Our approach follows a dual system for analyzing these features. On the one hand, functionality for on-device light-weight detection is provided. But since most algorithms are resource exhaustive, remote feature analysis is provided on the other hand. Having this dual system enables event-based detection that can react to the current detection need. In our ongoing research we aim to investigates the feasibility of light-weight on-device detection for certain occasions. On other occasions, whenever significant changes are detected on the device, the system can trigger remote detection with heavy-weight algorithms for better detection results. In the absence of the server respectively as a supplementary approach, we also consider a collaborative scenario. Here, mobile devices sharing a common objective are enabled by a collaboration module to share information, such as intrusion detection data and results. This is based on an ad-hoc network mode that can be provided by a WiFi or Bluetooth adapter nearly every smartphone possesses.

Google Android : a comprehensive introduction

Google Android, Google's new product and its first attempt to enter the mobile market, might have an equal impact on mobile users like Apple's hyped product, the iPhone. In this Technical report we are going to present the Google Android platform, what Android is, describe why it might be considered as a worthy rival to Apple's iPhone. We will describe parts of its internals, take a look "under the hood" while explaining components of the underlying operating system. We will show how to develop applications for this platform, which difficulties a developer might have to face, and how developers can possibly use other programming languages to develop for Android than the propagated language Java.

Cliente UCH para smartphones sobre Android

El objetivo del proyecto consiste en la creación de una aplicación cliente de UCH para Android, capaz de controlar “dispositivos objetivos”. Teniendo como base el PFC de Borja Gamecho, titulado “Estudio del estándar URC y su aplicación a sistemas embebidos usando una implementación Java del UCH”, proyecto que pertenece al campo de la inteligencia ambiental (AmI). La construcción de un sistema capaz de controlar dispositivos de manera sencilla y ubicua fue la motivación para la realización de este proyecto, ya que con él, se puede conseguir un control universal de nuestro entorno, permitiendo eliminar barreras por ejemplo, para personas con discapacidad. En este proyecto se ha estudiado el centro de control universal (UCH) junto con el protocolo URC-HTTP. También se ha investigado sobre la plataforma Android, para posteriormente usarlo como base para el desarrollo de un URC (cliente para el control del UCH y del entorno). Como principal conclusión, el presente trabajo permite avanzar en la propuesta de encontrar un estándar capaz de controlar nuestro entorno desde cualquier smartphone, tablet,... de forma ubicua y sencilla.

A New Android Malware Detection Method Using Bayesian Classification

Mobile malware has been growing in scale and complexity as smartphone usage continues to rise. Android has surpassed other mobile platforms as the most popular whilst also witnessing a dramatic increase in malware targeting the platform. A worrying trend that is emerging is the increasing sophistication of Android malware to evade detection by traditional signature-based scanners. As such, Android app marketplaces remain at risk of hosting malicious apps that could evade detection before being downloaded by unsuspecting users. Hence, in this paper we present an effective approach to alleviate this problem based on Bayesian classification models obtained from static code analysis. The models are built from a collection of code and app characteristics that provide indicators of potential malicious activities. The models are evaluated with real malware samples in the wild and results of experiments are presented to demonstrate the effectiveness of the proposed approach.