An Empirical Study on Android for Saving Non-shared Data on Public Storage

With millions of apps that can be downloaded from official or third-party market, Android has become one of the most popular mobile platforms today. These apps help people in all kinds of ways and thus have access to lots of user's data that in general fall into three categories: sensitive data, data to be shared with other apps, and non-sensitive data not to be shared with others. For the first and second type of data, Android has provided very good storage models: an app's private sensitive data are saved to its private folder that can only be access by the app itself, and the data to be shared are saved to public storage (either the external SD card or the emulated SD card area on internal FLASH memory). But for the last type, i.e., an app's non-sensitive and non-shared data, there is a big problem in Android's current storage model which essentially encourages an app to save its non-sensitive data to shared public storage that can be accessed by other apps. At first glance, it seems no problem to do so, as those data are non-sensitive after all, but it implicitly assumes that app developers could correctly identify all sensitive data and prevent all possible information leakage from private-but-non-sensitive data. In this paper, we will demonstrate that this is an invalid assumption with a thorough survey on information leaks of those apps that had followed Android's recommended storage model for non-sensitive data. Our studies showed that highly sensitive information from billions of users can be easily hacked by exploiting the mentioned problematic storage model. Although our empirical studies are based on a limited set of apps, the identified problems are never isolated or accidental bugs of those apps being investigated. On the contrary, the problem is rooted from the vulnerable storage model recommended by Android. To mitigate the threat, we also propose a defense framework

Vulnerable GPU Memory Management: Towards Recovering Raw Data from GPU

In this paper, we present that security threats coming with existing GPU memory management strategy are overlooked, which opens a back door for adversaries to freely break the memory isolation: they enable adversaries without any privilege in a computer to recover the raw memory data left by previous processes directly. More importantly, such attacks can work on not only normal multi-user operating systems, but also cloud computing platforms. To demonstrate the seriousness of such attacks, we recovered original data directly from GPU memory residues left by exited commodity applications, including Google Chrome, Adobe Reader, GIMP, Matlab. The results show that, because of the vulnerable memory management strategy, commodity applications in our experiments are all affected

N′-(2-Hydr­oxy-5-chloro­benzyl­idene)-4-nitro­benzohydrazide methanol solvate

The title compound, C14H10ClN3O4·CH4O, was synthesized from the reaction of 5-chloro­salicylaldehyde with 4-nitro­benzohydrazide in methanol. The Schiff base mol­ecule is nearly planar, with a dihedral angle of 9.1 (3)° between the two benzene rings. The methanol solvent mol­ecules are linked to the Schiff base mol­ecules by N—H⋯O, O—H⋯N and O—H⋯O hydrogen bonds, forming chains running parallel to the a axis

Determinants of patient’s satisfaction and predicting Patient’s willingness to return: a case from a Chinese town hospital

As the amount of hospitals increases drastically in China and the need for high quality medical care keeps rising, awareness has been raised for hospitals to maintain their standards by being aligned with national requirements as well as to continuously improve their service for patients. It has been estimated that nearly 75% of clinical cases are not properly diagnosed, treated or supervised afterwards in many developing countries. Because different patients have various needs or requests for medical service, it can be extremely tough for hospitals to satisfy every patient. In order to increase satisfaction level, it is essential to measure patients’ satisfaction not only in favor of the overall experience of patients, but also of hospital itself such as better presentation, more patient’s visits and better reputation. Patients’ satisfaction can be referred as patients’ feedback towards various aspects of their subjective dimensions of experience. With the results from patients, hospitals are able to identify which need to be improved, and then make corresponding decisions in pursuit for better services and quality based on patients’ desires. The purpose of the thesis is to discover the significant determinants influencing patients’ satisfaction and to predict the willingness to return in the case hospital. The case hospital in Shahu central hospital. In this thesis, I will mainly focus on the determinants related to the case hospital and demographical predictors. Regarding determinants concerning the case hospital, they include the level of care, tangibles, price, accessibility and corruption level, which are partially based on SERVQUAL model. Furthermore, the demographical predictors are comprised of gender, age, education level, socio-economic status and health conditions. In order to implement the research, a questionnaire is distributed to patients visiting the case hospital. Results are then analyzed with python using various models: regression analysis, Pearson correlation, decision tree and random forest. The results indicate that price, tangibles, accessibility, the level of professional care and interpersonal care and patients’ health conditions are of great significant to patients’ satisfaction level in the case hospital. Besides, price is negatively associated with patients’ satisfaction level, while other significant predictors show positive relationship with patients’ satisfaction level

Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild

In this paper, we seek to better understand Android obfuscation and depict a holistic view of the usage of obfuscation through a large-scale investigation in the wild. In particular, we focus on four popular obfuscation approaches: identifier renaming, string encryption, Java reflection, and packing. To obtain the meaningful statistical results, we designed efficient and lightweight detection models for each obfuscation technique and applied them to our massive APK datasets (collected from Google Play, multiple third-party markets, and malware databases). We have learned several interesting facts from the result. For example, malware authors use string encryption more frequently, and more apps on third-party markets than Google Play are packed. We are also interested in the explanation of each finding. Therefore we carry out in-depth code analysis on some Android apps after sampling. We believe our study will help developers select the most suitable obfuscation approach, and in the meantime help researchers improve code analysis systems in the right direction