Execution Recording and Reconstruction for Detecting Information Flows in Android Apps

Inayoshi, Hiroki; Kakei, Shohei; Saito, Shôichi

doi:10.1109/access.2023.3240724

Cited by 2 publications

(1 citation statement)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Throughout this paper, we use the term "covert malicious activity" to refer to activities (like making phone calls, sending SMS, clicking pictures, or recording audio/video) initiated by an application without the user's explicit permission. Covert behavior may have undesired consequences due to monetary loss, information theft, and sensitive information leaks [4], [5]. An ICC-based component-interaction-based classification technique is proposed to detect misuse of hidden features not detectable by conventional antimalware tools.…”

Section: Introductionmentioning

confidence: 99%

Detection of Sensitive Malicious Android Functionalities using Inter-component Control-flow Analysis

Bhan,

Faruki,

Pamula

2024

IEEE Access

View full text Add to dashboard Cite

Android Smartphone's popularity among users and developers is due to its open architecture and third-party apps. The exponential growth of third-party developer apps needs a robust code audit before upload. The weak program analysis at app stores adversely affects security. Third-party developers can update the app to introduce malicious activities. Sensitive sensor hardware and software resources are exfiltrated for leaking sensitive user data like messages, contacts, audio, and images. Malicious hidden features undermine user permission, including short message service (SMS), audio and video recording, voice calls, and image capturing. This paper treats the covert activities as called malicious features. The paper proposes a robust inter-component communication (ICC) based detection approach to identify such hidden functionality exploited by adversaries. The proposed technique detects sensitive features exploited by persistent malware without user knowledge. Despite the asynchronous characteristics of the ICC Application Programming Interface (API), we develop a precise ICC-based component-interaction graph (CIG) from the app bytecode. Moreover, we enrich the CIG with data flow analysis to identify the component reachability utilizing malicious features from legitimate user interactions. The proposed static app analysis framework identifies the prominent malware which exploits sensitive device resources. We assessed 25K benign and 13.3K malicious apps from 211 malware families with a classification rate of 0.40 % false positive (FP) and 0.37 % false negative (FN), better than existing state-of-the-art. In addition, we detect hidden features in unseen apps that subvert traditional antimalware.

show abstract

Section: Introductionmentioning

confidence: 99%

Detection of Sensitive Malicious Android Functionalities using Inter-component Control-flow Analysis

Bhan,

Faruki,

Pamula

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

Dynamic Security Analysis on Android: A Systematic Literature Review

Sutter,

Kehrer,

Rennhard

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Dynamic analysis is a technique that is used to fully understand the internals of a system at runtime. On Android, dynamic security analysis involves real-time assessment and active adaptation of an app's behaviour, and is used for various tasks, including network monitoring, system-call tracing, and taint analysis. The research on dynamic analysis has made significant progress in the past years. However, to the best of our knowledge, there is a lack in secondary studies that analyse the novel ideas and common limitations of current security research. The main aim of this work is to understand dynamic security analysis research on Android to present the current state of knowledge, highlight research gaps, and provide insights into the existing body of work in a structured and systematic manner. We conduct a systematic literature review (SLR) on dynamic security analysis for Android. The systematic review establishes a taxonomy, defines a classification scheme, and explores the impact of advanced Android app testing tools on security solutions in software engineering and security research. The study's key findings centre on tool usage, research objectives, constraints, and trends. Instrumentation and network monitoring tools play a crucial role, with research goals focused on app security, privacy, malware detection, and software testing automation. Identified limitations include code coverage constraints, security-related analysis obstacles, app selection adequacy, and non-deterministic behaviour. Our study results deepen the understanding of dynamic analysis in Android security research by an indepth review of 43 publications. The study highlights recurring limitations with automated testing tools and concerns about detecting or obstructing dynamic analysis.

show abstract

Execution Recording and Reconstruction for Detecting Information Flows in Android Apps

Cited by 2 publications

References 37 publications

Detection of Sensitive Malicious Android Functionalities using Inter-component Control-flow Analysis

Detection of Sensitive Malicious Android Functionalities using Inter-component Control-flow Analysis

Dynamic Security Analysis on Android: A Systematic Literature Review

Contact Info

Product

Resources

About