2,071 research outputs found

    Encouraging Privacy-Aware Smartphone App Installation: Finding out what the Technically-Adept Do

    Get PDF
    Smartphone apps can harvest very personal details from the phone with ease. This is a particular privacy concern. Unthinking installation of untrustworthy apps constitutes risky behaviour. This could be due to poor awareness or a lack of knowhow: knowledge of how to go about protecting privacy. It seems that Smartphone owners proceed with installation, ignoring any misgivings they might have, and thereby irretrievably sacrifice their privacy

    Riskindroid: Machine Learning-Based risk analysis on Android

    Get PDF
    open2noRisk analysis on Android is aimed at providing metrics to users for evaluating the trustworthiness of the apps they are going to install. Most of current proposals calculate a risk value according to the permissions required by the app through probabilistic functions that often provide unreliable risk values. To overcome such limitations, this paper presents RiskInDroid, a tool for risk analysis of Android apps based on machine learning techniques. Extensive empirical assessments carried out on more than 112K apps and 6K malware samples indicate that RiskInDroid outperforms probabilistic methods in terms of precision and reliability.openMerlo, Alessio; Georgiu, Gabriel ClaudiuMerlo, Alessio; Georgiu, Gabriel Claudi

    Compartmentation policies for Android apps:A combinatorial optimization approach

    Get PDF
    Some smartphone platforms such as Android have a distinctive message passing system that allows for sophisticated interactions among app components, both within and across app boundaries. This gives rise to various security and privacy risks, including not only intentional collusion attacks via permission re-delegation but also inadvertent disclosure of information and service misuse through confused deputy attacks. In this paper, we revisit the perils of app coexistence in the same platform and propose a risk mitigation mechanism based on segregating apps into isolated groups following classical security compartmentation principles. Compartments can be implemented using lightweight approaches such as Inter-Component Communication (ICC) firewalling or through virtualization, effectively fencing off each group of apps. We then leverage recent works on quantified risk metrics for Android apps to couch compartmentation as a combinatorial optimization problem akin to the classical bin packing or knapsack problems. We study a number of simple yet effective numerical optimization heuristics, showing that very good compartmentation solutions can be obtained for the problem sizes expected in current’s mobile environments

    Design of Dependable Systems on Android

    Get PDF
    In this thesis we analyze the concepts of dependability and dependable systems. We investigate methods of designing and implementing dependable systems, in general, and on the Android operating system. A literature review was carried out with two main goals. Firstly, to gain and be able to spread knowledge of dependability according to both its qualitative and quantitative definitions. Secondly, to prove our theory that there is a lack of information regarding dependable systems on Android, establishing a need for this thesis. We then attempt to apply our newly acquired knowledge in a case study, where we design and implement a dependable system, in the form of a security camera application, on Android. This gives further insight into the challenges of designing dependable systems, and through our experience we learn how to overcome these challenges. While the scope was too large to fully cover every aspect of dependability, we gained valuable knowledge that is presented in this thesis

    Android Application Security Scanning Process

    Get PDF
    This chapter presents the security scanning process for Android applications. The aim is to guide researchers and developers to the core phases/steps required to analyze Android applications, check their trustworthiness, and protect Android users and their devices from being victims to different malware attacks. The scanning process is comprehensive, explaining the main phases and how they are conducted including (a) the download of the apps themselves; (b) Android application package (APK) reverse engineering; (c) app feature extraction, considering both static and dynamic analysis; (d) dataset creation and/or utilization; and (e) data analysis and data mining that result in producing detection systems, classification systems, and ranking systems. Furthermore, this chapter highlights the app features, evaluation metrics, mechanisms and tools, and datasets that are frequently used during the app’s security scanning process

    Permission-based Risk Signals for App Behaviour Characterization in Android Apps

    Get PDF
    With the parallel growth of the Android operating system and mobile malware, one of the ways to stay protected from mobile malware is by observing the permissions requested. However, without careful consideration of these permissions, users run the risk of an installed app being malware, without any warning that might characterize its nature. We propose a permission-based risk signal using a taxonomy of sensitive permissions. Firstly, we analyse the risk of an app based on the permissions it requests, using a permission sensitivity index computed from a risky permission set. Secondly, we evaluate permission mismatch by checking what an app requires against what it requests. Thirdly, we evaluate security rules based on our metrics to evaluate corresponding risks. We evaluate these factors using datasets of benign and malicious apps (43580 apps) and our result demonstrates that the proposed framework can be used to improve risk signalling of Android apps with a 95% accuracy

    Análisis de malware en Android

    Get PDF
    Trabajo de Fin de Grado en Grado en Ingeniería Informática, Facultad de Informática UCM, Departamento de Arquitectura de Computadores y Automática, Curso 2020/2021In the XXI century, the world has witnessed the creation, development and proliferation of mobile devices until the massive usage apparent nowadays. The portability, instantaneity and ease of use that these devices offer has encouraged the great majority of the population to have one of them at arm’s length. Thus, these devices have become a coveted target for malicious developers. This is the reason why the security of mobile devices has become a vital topic that must be addressed, since a suitable solution has yet to be found. From this necessity arises the present work, in which we elaborate the beginning of a response that serves as a starting point to promote further development that achieves the desired objective. With Android being the most representative Operating System among mobile devices, we are going to study the analysis of malware on Android and develop a static and dynamic antivirus based on signatures, permissions and logs, since they will prove useful when trying to detect malicious applications.En el siglo XXI se ha podido apreciar la aparición, desarrollo y proliferación de los dispositivos móviles hasta llegar a la masificación que tiene lugar en la actualidad. La portabilidad, instantaneidad y facilidad de uso que ofrecen ha hecho que la mayoría de la población tenga uno siempre al alcance de su mano. Es por ello que se han convertido en un objetivo codiciado por los desarrolladores de programas maliciosos. Así pues, la seguridad de estos dispositivos se ha convertido en un punto clave que debe ser abordado, ya que hasta la fecha no se ha encontrado una solución apropiada. De esta necesidad surge el presente trabajo, en el que elaboramos el comienzo de una respuesta que sirve como punto de partida para fomentar un posterior desarrollo que alcance el objetivo deseado. Siendo Android el sistema operativo más representativo entre los dispositivos móviles, vamos a hacer un estudio del análisis del malware en Android y a desarrollar un antivirus estático y dinámico basado en firmas, permisos y logs, pues estas evidencias serán de gran ayuda en la labor de detección de aplicaciones maliciosas.Depto. de Arquitectura de Computadores y AutomáticaFac. de InformáticaTRUEunpu

    CROSS-SECTIONAL EXAMINATION ON ANDROID SECURITY

    Get PDF
    • …
    corecore