8,001 research outputs found
A study on a feasible no-root approach on Android
National Research Foundation (NRF) Singapor
Ambient Sound-Based Collaborative Localization of Indeterministic Devices
Localization is essential in wireless sensor networks. To our knowledge, no prior work has utilized low-cost devices for collaborative localization based on only ambient sound, without the support of local infrastructure. The reason may be the fact that most low-cost devices are indeterministic and suffer from uncertain input latencies. This uncertainty makes accurate localization challenging. Therefore, we present a collaborative localization algorithm (Cooperative Localization on Android with ambient Sound Sources (CLASS)) that simultaneously localizes the position of indeterministic devices and ambient sound sources without local infrastructure. The CLASS algorithm deals with the uncertainty by splitting the devices into subsets so that outliers can be removed from the time difference of arrival values and localization results. Since Android is indeterministic, we select Android devices to evaluate our approach. The algorithm is evaluated with an outdoor experiment and achieves a mean Root Mean Square Error (RMSE) of 2.18 m with a standard deviation of 0.22 m. Estimated directions towards the sound sources have a mean RMSE of 17.5 ° and a standard deviation of 2.3 °. These results show that it is feasible to simultaneously achieve a relative positioning of both devices and sound sources with sufficient accuracy, even when using non-deterministic devices and platforms, such as Android
Conceptual evidence collection and analysis methodology for Android devices
Android devices continue to grow in popularity and capability meaning the
need for a forensically sound evidence collection methodology for these devices
also increases. This chapter proposes a methodology for evidence collection and
analysis for Android devices that is, as far as practical, device agnostic.
Android devices may contain a significant amount of evidential data that could
be essential to a forensic practitioner in their investigations. However, the
retrieval of this data requires that the practitioner understand and utilize
techniques to analyze information collected from the device. The major
contribution of this research is an in-depth evidence collection and analysis
methodology for forensic practitioners.Comment: in Cloud Security Ecosystem (Syngress, an Imprint of Elsevier), 201
A Forensically Sound Adversary Model for Mobile Devices
In this paper, we propose an adversary model to facilitate forensic
investigations of mobile devices (e.g. Android, iOS and Windows smartphones)
that can be readily adapted to the latest mobile device technologies. This is
essential given the ongoing and rapidly changing nature of mobile device
technologies. An integral principle and significant constraint upon forensic
practitioners is that of forensic soundness. Our adversary model specifically
considers and integrates the constraints of forensic soundness on the
adversary, in our case, a forensic practitioner. One construction of the
adversary model is an evidence collection and analysis methodology for Android
devices. Using the methodology with six popular cloud apps, we were successful
in extracting various information of forensic interest in both the external and
internal storage of the mobile device
Danger is My Middle Name: Experimenting with SSL Vulnerabilities in Android Apps
This paper presents a measurement study of information leakage and SSL
vulnerabilities in popular Android apps. We perform static and dynamic analysis
on 100 apps, downloaded at least 10M times, that request full network access.
Our experiments show that, although prior work has drawn a lot of attention to
SSL implementations on mobile platforms, several popular apps (32/100) accept
all certificates and all hostnames, and four actually transmit sensitive data
unencrypted. We set up an experimental testbed simulating man-in-the-middle
attacks and find that many apps (up to 91% when the adversary has a certificate
installed on the victim's device) are vulnerable, allowing the attacker to
access sensitive information, including credentials, files, personal details,
and credit card numbers. Finally, we provide a few recommendations to app
developers and highlight several open research problems.Comment: A preliminary version of this paper appears in the Proceedings of ACM
WiSec 2015. This is the full versio
An Empirical Study on Android for Saving Non-shared Data on Public Storage
With millions of apps that can be downloaded from official or third-party
market, Android has become one of the most popular mobile platforms today.
These apps help people in all kinds of ways and thus have access to lots of
user's data that in general fall into three categories: sensitive data, data to
be shared with other apps, and non-sensitive data not to be shared with others.
For the first and second type of data, Android has provided very good storage
models: an app's private sensitive data are saved to its private folder that
can only be access by the app itself, and the data to be shared are saved to
public storage (either the external SD card or the emulated SD card area on
internal FLASH memory). But for the last type, i.e., an app's non-sensitive and
non-shared data, there is a big problem in Android's current storage model
which essentially encourages an app to save its non-sensitive data to shared
public storage that can be accessed by other apps. At first glance, it seems no
problem to do so, as those data are non-sensitive after all, but it implicitly
assumes that app developers could correctly identify all sensitive data and
prevent all possible information leakage from private-but-non-sensitive data.
In this paper, we will demonstrate that this is an invalid assumption with a
thorough survey on information leaks of those apps that had followed Android's
recommended storage model for non-sensitive data. Our studies showed that
highly sensitive information from billions of users can be easily hacked by
exploiting the mentioned problematic storage model. Although our empirical
studies are based on a limited set of apps, the identified problems are never
isolated or accidental bugs of those apps being investigated. On the contrary,
the problem is rooted from the vulnerable storage model recommended by Android.
To mitigate the threat, we also propose a defense framework
- …