Android application behavioural analysis for data leakage

Shrivastava, Gulshan; Kumar, Prabhat

doi:10.1111/exsy.12468

Cited by 16 publications

(14 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These objects are applied for covert channels with the Android's middleware layer bypass. At last, the measurement demonstrates that the low throughput of covert channels is appropriate to exchange private data 38,57 …”

Section: Attack Of Permission Escalationmentioning

confidence: 99%

See 1 more Smart Citation

Privacy issues of android application permissions: A literature review

Shrivastava

Kumar

Gupta

et al. 2019

Trans Emerging Tel Tech

Self Cite

View full text Add to dashboard Cite

Android is an application platform for mobile devices. It comprises of the operating system, software framework, and core programs. This platform uses permissions to hide precious information about the user from untrusted apps. However, to install an application, device feature uses permissions that are granted by the user. User has the ability to analyze permissions and abort the setup if the permissions are unfriendly or unrestrained. Android permission analysis schemes show a significant role to fight against these undesirable behaviors of untrusted android apps in the aspect of security and privacy. This survey attempts to deal with the android application permissions that are related security and privacy challenges. It includes various research articles published in computers and security, digital investigation, decision support systems, systems and software security, and information forensics journals in the last 10 years. The survey is based on the following considerations: research issues motivated by the scheme, the methodology used, ability of result analysis conducted, and android features considered for performance evaluation.

show abstract

Section: Attack Of Permission Escalationmentioning

confidence: 99%

“…At last, the measurement demonstrates that the low throughput of covert channels is appropriate to exchange private data. 38,57…”

Section: Attack Of Permission Escalationmentioning

confidence: 99%

Privacy issues of android application permissions: A literature review

Shrivastava

Kumar

Gupta

et al. 2019

Trans Emerging Tel Tech

Self Cite

View full text Add to dashboard Cite

show abstract

“…If the expressions and constraints of an application are in this rule library, this application will be considered as a malicious application. For example, to reduce the high false- [15], [16], [27], [28], [29], [30], [31], [32], [33], [34], [35], [36], [37], [39], [40], [41], [42], [43], [44], [45], [46], [47], [48], [49], [50], [51], [52], [53], [54], [55], [56], [57], [58], [59], [60], [61], [62], [63], [64], [94], [95], [98], [99], [100], [101], [102], [105], [109], [111],…”

Section: ) Publication Sourcementioning

confidence: 99%

A Systematic Literature Review of Android Malware Detection Using Static Analysis

et al. 2020

View full text Add to dashboard Cite

Android malware has been in an increasing trend in recent years due to the pervasiveness of Android operating system. Android malware is installed and run on the smartphones without explicitly prompting the users or without the user's permission, and it poses great threats to users such as the leakage of personal information and advanced fraud. To address these threats, various techniques are proposed by researchers and practitioners. Static analysis is one of these techniques, which is widely applied to Android malware detection and can detect malware quickly and prohibit malware before installation. To provide a clarified overview of the latest work in Android malware detection using static analysis, we perform a systematic literature review by identifying 98 studies from January 2014 to March 2020. Based on the features of applications, we first divide static analysis in Android malware detection into four categories, which include Android characteristic-based method, opcode-based method, program graph-based method, and symbolic execution-based method. Then we assess the malware detection capability of static analysis, and we compare the performance of different models in Android malware detection by analyzing the results of empirical evidence. Finally, it is concluded that static analysis is effective to detect Android malware. Moreover, there is a preliminary result that neural network model outperforms the non-neural network model in Android malware detection. However, static analysis still faces many challenges. Thus, it is necessary to derive some novel techniques for improving Android malware detection based on the current research community. Moreover, it is essential to establish a unified platform that is used to evaluate the performance of a series of techniques in Android malware detection fairly. INDEX TERMS Android malware detection, static analysis, systematic literature review.

show abstract

“…Sharma and Gupta [31] proposed a novel approach, RNPDroid, to categorize the risks into four levels, i.e., high, medium, low, and none. Furthermore, Shrivastava and Kumar [32] proposed an algorithm that combines permission vectors to identify benign and malware app permissions, and conducted a systematic literature survey on permission-based malware detection [33], which provide useful guidance for the malware and benign permissions requirement.…”

Section: A Permission Rationales and Privacy Securitymentioning

confidence: 99%

Autonomous Permission Recommendation

et al. 2020

View full text Add to dashboard Cite

Modern smartphone operating systems (e.g., Android 6.0 and later versions) employ an askon-first-use policy to regulate app permissions. To assist users in policy decisions, relevant efforts have been focusing on leveraging contexts to capture users' privacy preferences. However, these techniques have various limitations, such as heavily relying on users' historical decisions on granting permissions, ignoring the fact that users are not experts on privacy protection, and hard to determine whether a permission shall be granted. To address this problem, we propose an autonomous permission recommendation system, AutoPer+, to automatically recommend users the permission decisions at runtime. The main insight of our proposed system is that the natural language description of an app reflects its functionality and its similarity to other apps, and thus can be used to analyze whether a permission is needed indeed by it, and the apps similar to it. First, we introduce a multi-topic model into app functionality mining, and design a topicpermission mapper for the proposed recommendation system. Then we propose a deep semi-supervised machine using Long Short-Term Memory (LSTM) neural networks to identify similar apps, by which we can explore privacy permission usage in a cluster of apps. Finally, we capture a trade-off between privacy and utility to present a systematic recommendation. In addition to the permission decision (''Allow'' or ''Deny''), the permission explanations are also provided for users to make decisions (called ''Ask''). We evaluate the proposed system via extensive comparison experiments on 31,023 Android apps. The results show that our approach achieves an accuracy of 84.1%. Moreover, we conduct user studies via installing AutoPer+ in the participants' own Android devices. We receive positive responses from the participants, which implies AutoPer+ is potentially for real-world deployment for enhancing current permission recommendation. INDEX TERMS Android, permission recommendation, deep semi-supervised machine, privacy and security.

show abstract

Android application behavioural analysis for data leakage

Cited by 16 publications

References 37 publications

Privacy issues of android application permissions: A literature review

Privacy issues of android application permissions: A literature review

A Systematic Literature Review of Android Malware Detection Using Static Analysis

Autonomous Permission Recommendation

Contact Info

Product

Resources

About