The visual recognition of Android malicious applications (Apps) is mainly focused on the binary classification using grayscale images, while the multiclassification of malicious App families is rarely studied. If we can visualize the Android malicious Apps as color images, we will get more features than using grayscale images. In this paper, a method of color visualization for Android Apps is proposed and implemented. Based on this, combined with deep learning models, a multiclassifier for the Android malicious App families is implemented, which can classify 10 common malicious App families. In order to better understand the behavioral characteristics of malicious Apps, we conduct a comprehensive manual analysis for a large number of malicious Apps and summarize 1695 malicious behavior characteristics as customized features. Compared with the App classifier based on the grayscale visualization method, it is verified that the classifier using the color visualization method can achieve better classification results. We use four types of Android App features: classes.dex file, sets of class names, APIs, and customized features as input for App visualization. According to the experimental results, we find out that using the customized features as the color visualization input features can achieve the highest detection accuracy rate, which is 96% in the ten malicious families.
Nowadays, people's lifestyle is more and more dependent on mobile applications (Apps), such as shopping, financial management and surfing the internet. However, developers mainly focus on the implementation of Apps and the improvement of user experience while ignoring security issues. In this paper, we perform the comprehensive study on vulnerabilities caused by misuse of APIs and form a methodology for this type of vulnerability analysis. We investigate the security of three types of Android Apps including finance, shopping and browser which are closely related to human life. And we analyze four vulnerabilities including Improper certificate validation(CWE-295:ICV), WebView bypass certificate validation vulnerability(CVE-2014-5531:WBCVV), WebView remote code execution vulnerability(CVE-2014-1939:WRCEV) and Alibaba Cloud OSS credential disclosure vulnerability(CNVD-2017-09774:ACOCDV). In order to verify the effectiveness of our analysis method in large-scale Apps on the Internet, we propose a novel scalable tool-VulArcher, which is based on heuristic method and used to discover if the above vulnerabilities exist in Apps. We download a total of 6114 of the above three types of samples in App stores, and we use VulArcher to perform the above vulnerability detection for each App. We perform manual verification by randomly selecting 100 samples of each vulnerability. We find that the accuracy rate for ACOCDV can reach 100%, the accuracy rate for WBCVV can reach 95%, and the accuracy rate for the other two vulnerabilities can reach 87%. And one of vulnerabilities detected by VulArcher has been included in
As the Android application increases in number, it is a challenge for researchers to test Android applications automatically. Acteve based on dynamic symbolic execution proposes a new method and achieves higher coverage. But it cannot achieve the ideal test coverage due to incomplete events input and some missing activities. In this paper, we propose an improvement scheme, making Acteve can produce broadcast events as test inputs, and has the capability to find more activities. Based on these improved schemes, we design Android applications automatic tester, Acteve++. We experimented and analyzed existing representative Android automated testing tools: Monkey, Dynodroid, GUIRipper, Acteve, and Acteve++ on an open test set. The experiments show that Acteve++ achieves high average test coverage in an acceptable time.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.