940 research outputs found
Prevention of Cross-update Privacy Leaks on Android
Updating applications is an important mechanism to enhance their availability, functionality, and security. However, without careful considerations, application updates can bring other security problems. In this paper, we consider a novel attack that exploits application updates on Android: a cross-update privacy-leak attack called COUPLE. The COUPLE attack allows an application to secretly leak sensitive data through the cross-update interaction between its old and new versions; each version only has permissions and logic for either data collection or transmission to evade detection. We implement a runtime security system, BREAKUP, that prevents cross-update sensitive data transactions by tracking permission-use histories of individual applications. Evaluation results show that BREAKUP’s time overhead is below 5%. We further show the feasibility of the COUPLE attack by analyzing the versions of 2,009 applications (28,682 APKs). © 2018, ComSIS Consortium. All rights reserved.11Ysciescopu
Privacy Leakage in Mobile Computing: Tools, Methods, and Characteristics
The number of smartphones, tablets, sensors, and connected wearable devices
are rapidly increasing. Today, in many parts of the globe, the penetration of
mobile computers has overtaken the number of traditional personal computers.
This trend and the always-on nature of these devices have resulted in
increasing concerns over the intrusive nature of these devices and the privacy
risks that they impose on users or those associated with them. In this paper,
we survey the current state of the art on mobile computing research, focusing
on privacy risks and data leakage effects. We then discuss a number of methods,
recommendations, and ongoing research in limiting the privacy leakages and
associated risks by mobile computing
A Multi-view Context-aware Approach to Android Malware Detection and Malicious Code Localization
Existing Android malware detection approaches use a variety of features such
as security sensitive APIs, system calls, control-flow structures and
information flows in conjunction with Machine Learning classifiers to achieve
accurate detection. Each of these feature sets provides a unique semantic
perspective (or view) of apps' behaviours with inherent strengths and
limitations. Meaning, some views are more amenable to detect certain attacks
but may not be suitable to characterise several other attacks. Most of the
existing malware detection approaches use only one (or a selected few) of the
aforementioned feature sets which prevent them from detecting a vast majority
of attacks. Addressing this limitation, we propose MKLDroid, a unified
framework that systematically integrates multiple views of apps for performing
comprehensive malware detection and malicious code localisation. The rationale
is that, while a malware app can disguise itself in some views, disguising in
every view while maintaining malicious intent will be much harder.
MKLDroid uses a graph kernel to capture structural and contextual information
from apps' dependency graphs and identify malice code patterns in each view.
Subsequently, it employs Multiple Kernel Learning (MKL) to find a weighted
combination of the views which yields the best detection accuracy. Besides
multi-view learning, MKLDroid's unique and salient trait is its ability to
locate fine-grained malice code portions in dependency graphs (e.g.,
methods/classes). Through our large-scale experiments on several datasets
(incl. wild apps), we demonstrate that MKLDroid outperforms three
state-of-the-art techniques consistently, in terms of accuracy while
maintaining comparable efficiency. In our malicious code localisation
experiments on a dataset of repackaged malware, MKLDroid was able to identify
all the malice classes with 94% average recall
Are HIV smartphone apps and online interventions fit for purpose?
Sexual health is an under-explored area of Human-Computer Interaction (HCI), particularly sexually transmitted infections such as HIV. Due to the stigma associated with these infections, people are often motivated to seek information online. With the rise of smartphone and web apps, there is enormous potential for technology to provide easily accessible information and resources. However, using online information raises important concerns about the trustworthiness of these resources and whether they are fit for purpose. We conducted a review of smartphone and web apps to investigate the landscape of currently available online apps and whether they meet the diverse needs of people seeking information on HIV online. Our functionality review revealed that existing technology interventions have a one-size-fits-all approach and do not support the breadth and complexity of HIV-related support needs. We argue that technology-based interventions need to signpost their offering and provide tailored support for different stages of HIV, including prevention, testing, diagnosis and management
PowerSpy: Location Tracking using Mobile Device Power Analysis
Modern mobile platforms like Android enable applications to read aggregate
power usage on the phone. This information is considered harmless and reading
it requires no user permission or notification. We show that by simply reading
the phone's aggregate power consumption over a period of a few minutes an
application can learn information about the user's location. Aggregate phone
power consumption data is extremely noisy due to the multitude of components
and applications that simultaneously consume power. Nevertheless, by using
machine learning algorithms we are able to successfully infer the phone's
location. We discuss several ways in which this privacy leak can be remedied.Comment: Usenix Security 201
Forensic Analysis of Spy Applications in Android Devices
Smartphones with Google\u27s Android operating system are becoming more and more popular each year, and with this increased user base, comes increased opportunities to collect more of these users\u27 private data. There have been several instances of malware being made available via the Google Play Store, which is one of the predominant means for users to download applications. One effective way of collecting users\u27 private data is by using Android Spyware. In this paper, we conduct a forensic analysis of a malicious Android spyware application and present our findings. We also highlight what information the application accesses and what it does with that information. We then provide our findings on how Google\u27s Play Protect service handles this spyware application. Lastly, we offer a simple framework that forensic investigators can follow for performing mobile application analysis
- …