Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications

In the last decade, smartphones have gained widespread usage. Since the advent of online application stores, hundreds of thousands of applications have become instantly available to millions of smart-phone users. Within the Android ecosystem, application security is governed by digital signatures and a list of coarse-grained permissions. However, this mechanism is not fine-grained enough to provide the user with a sufficient means of control of the applications' activities. Abuse of highly sensible private information such as phone numbers without users' notice is the result. We show that there is a high frequency of privacy leaks even among widely popular applications. Together with the fact that the majority of the users are not proficient in computer security, this presents a challenge to the engineers developing security solutions for the platform. Our contribution is twofold: first, we propose a service which is able to assess Android Market applications via static analysis and provide detailed, but readable reports to the user. Second, we describe a means to mitigate security and privacy threats by automated reverse-engineering and refactoring binary application packages according to the users' security preferences.

Hammer: an Android based application for end-user industrial robot programming

This paper presents a novel tablet based end-user interface for industrial robot programming (called Hammer). This application makes easier to program tasks for industrial robots like polishing, milling or grinding. It is based on the Scratch programming language, but specifically design and created for Android OS. It is a visual programming concept that allows non-skilled programmer operators to create programs. The application also allows to monitor the tasks while it is being executed by overlapping real time information through augmented reality. The application includes a teach pendant screen that can be customized according to the operator needs at every moment.

Bubble detection in Brazil’s stock market: application of the generalized superior augmented Dickey-Fuller test

Considering the importance of the proper detection of bubbles in financial markets for policymakers and market agents, we used two techniques described in Diba and Grossman (1988b) and in Phillips, Shi, and Yu (2015) to detect periods of exuberance in the recent history of the Brazillian stock market. First, a simple cointegration test is applied. Secondly, we conducted several augmented, right-tailed Dickey-Fuller tests on rolling windows of data to determine the point in which there’s a structural break and the series loses its stationarity.

An Android application sandbox system for suspicious software detection

Smartphones are steadily gaining popularity, creating new application areas as their capabilities increase in terms of computational power, sensors and communication. Emerging new features of mobile devices give opportunity to new threats. Android is one of the newer operating systems targeting smartphones. While being based on a Linux kernel, Android has unique properties and specific limitations due to its mobile nature. This makes it harder to detect and react upon malware attacks if using conventional techniques. In this paper, we propose an Android Application Sandbox (AASandbox) which is able to perform both static and dynamic analysis on Android programs to automatically detect suspicious applications. Static analysis scans the software for malicious patterns without installing it. Dynamic analysis executes the application in a fully isolated environment, i.e. sandbox, which intervenes and logs low-level interactions with the system for further analysis. Both the sandbox and the detection algorithms can be deployed in the cloud, providing a fast and distributed detection of suspicious software in a mobile software store akin to Google's Android Market. Additionally, AASandbox might be used to improve the efficiency of classical anti-virus applications available for the Android operating system.

JChord : An Android application helping people learn guitar chords

Nowadays, a lot of interesting and useful and imaginative applications are springing to Android software market. And for guitar fans, some related apps bring great connivence to them, like a guitar tuner can save people from carrying a entity tuner all the time, some apps can simulate a real guitar, and some apps provide some simple lessons allowing people to learn some basic things. But these apps which can teach people, they can't really “monitor ” people, that is, they just give some instructions and hope people would follow them. So my project is to design an app which can detect if users are playing wrong and right real-timely. Guitar chords are always the first for new guitar beginners to learn, and a chord is a set of notes combined together in a regulated way ( get from the music theory having millions of developing ), and 'pitch' is the term for determining if the note different from other notes or noise, so the problem here is to manage the multi-pitch analysis in real time. And it's necessary to know some basics of digital signal processing ( DSP ) because digital signals are always more convenient for computers to analyze compared to analog signals. Then I found an audio processing Java library – TarsosDSP, and try to apply it to my Android project.

Taming transitive permission attack via bytecode rewriting on Android application

Google Android is popular for mobile devices in recent years. The openness and popularity of Android make it a primary target for malware. Even though Android's security mechanisms could defend most malware, its permission model is vulnerable to transitive permission attack, a type of privilege escalation attacks. Many approaches have been proposed to detect this attack by modifying the Android OS. However, the Android's fragmentation problem and requiring rooting Android device hinder those approaches large-scale adoption. In this paper, we present an instrumentation framework, called SEAPP, for Android applications (or “apps”) to detect the transitive permission attack on unmodified Android. SEAPP automatically rewrites an app without requiring its source codes and produces a security-harden app. At runtime, call-chains are built among these apps and detection process is executed before a privileged API is invoked. Our experimental results show that SEAPP could work on a large number of benign apps from the official Android market and malicious apps, with a repackaged success rate of over 99.8%. We also show that our framework effectively tracks call-chains among apps and detects known transitive permission attack with low overhead. Copyright © 2016 John Wiley & Sons, Ltd.

Private television production companies in China : new strength in the market

As most people know, all mass media, including television stations, are state-owned in China. However, with the economic reform in the broadcasting system and China entering the World Trade Organization (WTO), the television industry has expanded greatly and the television market has evolved, with an ensuing growth of competition. The players in China’s television industry have changed from a monologue of TV stations to stations that hold multiple roles and a growth of production companies and overseas television companies although the TV stations still dominate China’s television market. Private television production companies are, however, becoming increasingly active in this market.

Service bid comparisons by fuzzy ranking in open railway market timetabling

In an open railway access market, the Infrastructure Provider (IP), upon the receipts of service bids from the Train Service Providers (TSPs), assigns track access rights according to its own business objectives and the merits of the bids; and produces the train service timetable through negotiations. In practice, IP chooses to negotiate with the TSPs one by one in such a sequence that IP optimizes its objectives. The TSP bids are usually very complicated, containing a large number of parameters in different natures. It is a difficult task even for an expert to give a priority sequence for negotiations from the contents of the bids. This study proposes the application of fuzzy ranking method to compare and prioritize the TSP bids in order to produce a negotiation sequence. The results of this study allow investigations on the behaviors of the stakeholders in bid preparation and negotiation, as well as evaluation of service quality in the open railway market.

Internal market orientation and market-oriented behaviours

Purpose: The purpose of this empirical paper is to investigate internal marketing from a behavioural perspective. The impact of internal marketing behaviours, operationalised as an internal market orientation (IMO), on employees’ marketing and other in-role behaviours (IRB) were examined. ---------- Design/methodology/approach: Survey data measuring IMO, market orientation and a range of constructs relevant to the nomological network in which they are embedded were collected from the UK retail managers. These were tested to establish their psychometric properties and the conceptual model was analysed using structural equations modelling, employing a partial least squares methodology. ---------- Findings: IMO has positive consequences for employees’ market-oriented and other IRB. These, in turn, influence marketing success. Research limitations/implications – The paper provides empirical support for the long-held assumption that internal and external marketing are related and that organisations should balance their external focus with some attention to employees. Future research could measure the attitudes and behaviours of managers, employees and customers directly and explore the relationships between them. ---------- Practical implications: Firm must ensure that they do not put the needs of their employees second to those of managers and shareholders; managers must develop their listening skills and organisations must become more responsive to the needs of their employees. ---------- Originality/value: The paper contributes to the scarce body of empirical support for the role of internal marketing in services organisations. For researchers, this paper legitimises the study of internal marketing as a route to external market success; for managers, the study provides quantifiable evidence that focusing on employees’ wants and needs impacts their behaviours towards the market.

Did bankruptcy reform lead to looser mortgage lending standard? : evidence from the U. S. mortgage market 2000-2007

Resumen: El presente trabajo intenta encontrar una causa exógena al deterioro, a partir de 2005, en los estándares de crédito hipotecario que contribuyeron a la crisis subprime en los Estados Unidos. Sostenemos que la nueva provisión de la prueba de medios de la ley Bankruptcy Abuse Prevention and Consumer Protection Act (BAPCPA) de 2005 fue dicho shock exógeno en el mercado hipotecario. Mostramos que la prueba de medios, que impide solicitar la bancarrota bajo Chapter 7 a los deudores con mayores ingresos relativos, causó un desplazamiento de la oferta de crédito hipotecario de deudores con mayores ingresos a deudores con menores ingresos relativos. Simultáneamente, observamos que todos los deudores debieron pagar tasas de interés más altas, independientemente del nivel de ingresos. Nuestros resultados implican que la ley BAPCPA podría ser un factor que contribuyó al deterioro en los estándares de crédito en el mercado hipotecario de los Estados Unidos.

Analysis of Bayesian classification-based approaches for Android malware detection

Mobile malware has been growing in scale and complexity spurred by the unabated uptake of smartphones worldwide. Android is fast becoming the most popular mobile platform resulting in sharp increase in malware targeting the platform. Additionally, Android malware is evolving rapidly to evade detection by traditional signature-based scanning. Despite current detection measures in place, timely discovery of new malware is still a critical issue. This calls for novel approaches to mitigate the growing threat of zero-day Android malware. Hence, the authors develop and analyse proactive machine-learning approaches based on Bayesian classification aimed at uncovering unknown Android malware via static analysis. The study, which is based on a large malware sample set of majority of the existing families, demonstrates detection capabilities with high accuracy. Empirical results and comparative analysis are presented offering useful insight towards development of effective static-analytic Bayesian classification-based solutions for detecting unknown Android malware.

Application of adaptive neuro-fuzzy inference for wind power short-term forecasting

The increased integration of wind power into the electric grid, as nowadays occurs in Portugal, poses new challenges due to its intermittency and volatility. Hence, good forecasting tools play a key role in tackling these challenges. In this paper, an adaptive neuro-fuzzy inference approach is proposed for short-term wind power forecasting. Results from a real-world case study are presented. A thorough comparison is carried out, taking into account the results obtained with other approaches. Numerical results are presented and conclusions are duly drawn. (C) 2011 Institute of Electrical Engineers of Japan. Published by John Wiley & Sons, Inc.

Sistema de localização de veículos para smartphone android

Atualmente os sistemas Automatic Vehicle Location (AVL) fazem parte do dia-a-dia de muitas empresas. Esta tecnologia tem evoluído significativamente ao longo da última década, tornando-se mais acessível e fácil de utilizar. Este trabalho consiste no desenvolvimento de um sistema de localização de veículos para smartphone Android. Para tal, foram desenvolvidas duas aplicações: uma aplicação de localização para smarphone Android e uma aplicação WEB de monitorização. A aplicação de localização permite a recolha de dados de localização GPS e estabelecer uma rede piconet Bluetooth, admitindo assim a comunicação simultânea com a unidade de controlo de um veículo (ECU) através de um adaptador OBDII/Bluetooth e com até sete sensores/dispositivos Bluetooth que podem ser instalados no veículo. Os dados recolhidos pela aplicação Android são enviados periodicamente (intervalo de tempo definido pelo utilizador) para um servidor Web No que diz respeito à aplicação WEB desenvolvida, esta permite a um gestor de frota efetuar a monitorização dos veículos em circulação/registados no sistema, podendo visualizar a posição geográfica dos mesmos num mapa interativo (Google Maps), dados do veículo (OBDII) e sensores/dispositivos Bluetooth para cada localização enviada pela aplicação Android. O sistema desenvolvido funciona tal como esperado. A aplicação Android foi testada inúmeras vezes e a diferentes velocidades do veículo, podendo inclusive funcionar em dois modos distintos: data logger e data pusher, consoante o estado da ligação à Internet do smartphone. Os sistemas de localização baseados em smartphone possuem vantagens relativamente aos sistemas convencionais, nomeadamente a portabilidade, facilidade de instalação e baixo custo.

Testing for Hidden Information and Action in Automobile Insurance Market

I test the presence of hidden information and action in the automobile insurance market using a data set from several Colombian insurers. To identify the presence of hidden information I find a common knowledge variable providing information on policyholder s risk type which is related to both experienced risk and insurance demand and that was excluded from the pricing mechanism. Such unused variable is the record of policyholder s traffic offenses. I find evidence of adverse selection in six of the nine insurance companies for which the test is performed. From the point of view of hidden action I develop a dynamic model of effort in accident prevention given an insurance contract with bonus experience rating scheme and I show that individual accident probability decreases with previous accidents. This result brings a testable implication for the empirical identification of hidden action and based on that result I estimate an econometric model of the time spans between the purchase of the insurance and the first claim, between the first claim and the second one, and so on. I find strong evidence on the existence of unobserved heterogeneity that deceives the testable implication. Once the unobserved heterogeneity is controlled, I find conclusive statistical grounds supporting the presence of moral hazard in the Colombian insurance market.

Behind the decision making of the KFC coffee campaign, can KFC win the coffee market in UK?�

KFC, the chain fast-food restaurants in UK, planed to launched coffee products through campaigns. There are two main reasons for KFC to make the decision. The first one is KFC tried to promote its coffee products with KFC A.M. breakfast plan and it failed at last. The second reason is that KFC needs extension points of interest. The financial condition of KFC has been steady but no breakthrough growth. It has been showed that there is enormous potential of “fast-drink” market in UK. After the success of KFC “Krushems” series, it is reasonable for the company launched coffee products. However, KFC also faced to many challenges to win the market. Compare to the main competitor of McDonald’s, KFC’s quantity of restaurants is far too less. Moreover, KFC has a brand limitation that focuses more family than single urban. The dominant competitors are another challenge KFC need to manage. To sum up, KFC has to win these challenges to be a bigger player in UK coffee market.