Repackaging android applications for auditing access to private data

Proceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012

Volumn , Issue , 2012, Pages 388-396

  Berthomé, Pascal ^a   Fécherolle, Thomas ^a   Guilloteau, Nicolas ^a   Lalande, Jean Francois ^a  

^a ENSI de Bourges   (France)

Author keywords

android; permissions; privacy; security

Indexed keywords

ANDROID; BYTECODES; MALWARES; PERMISSIONS; PRIVACY VIOLATION; PRIVATE DATA; SECURITY; THIRD PARTY APPLICATION (APPS);

COMMERCE; COMPUTER CRIME; DATA PRIVACY; MANAGEMENT;

ROBOTS;

EID: 84869458610     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2012.74     Document Type: Conference Paper

References (24)

1. C. Miller, "Mobile Attacks and Defense," IEEE Security & Privacy Magazine, vol. 9, no. 4, pp. 68-70, Jul. 2011.
2. C. Orthacker, P. Teufl, S. Kraxberger, A. Marsalek, J. Leibetseder, and O. Prevenhueber, "Android Security Permissions - Can we trust them?" in 3rd International ICST Conference on Security and Privacy in Mobile Information and Communication Systems, vol. 3, 2011, p. 12.
3. D. Barrera and P. Van Oorschot, "Secure Software Installation on Smartphones," IEEE Security & Privacy Magazine, vol. 9, no. 3, pp. 42-48, May 2011.
4. L. Batyuk, M. Herpich, S. A. Camtepe, K. Raddatz, A.-D. Schmidt, and S. Albayrak, "Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications," in 6th International Conference on Malicious and Unwanted Software. IEEE Computer Society, Oct. 2011, pp. 66-72.
5. G. Delac, M. Silic, and J. Krolo, "Emerging security threats for mobile platforms," in 34th International Convention, 2011, pp. 1468-1473.
6. Kaspersky, "Number of the Week: at Least 34% of Android Malware Is Stealing Your Data," 2011. [Online]. Available: http://www.kaspersky.com/ about/news/virus/2011/Number-of-the-Week-at-Least-34-of-Android-Malware-Is- Stealing-Your-Data
7. A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, "A survey of mobile malware in the wild," in 1st ACM workshop on Security and privacy in smartphones and mobile devices. New York, New York, USA: ACM Press, Oct. 2011, p. 3.
8. M. Balanza, O. Abendan, K. Alintanahin, J. Dizon, and B. Caraig, "DroidDreamLight lurks behind legitimate Android apps," in 6th International Conference on Malicious and Unwanted Software. IEEE Computer Society, Oct. 2011, pp. 73-78.
9. M. Nauman, S. Khan, and X. Zhang, "Apex: extending Android permission model and enforcement with user-defined runtime constraints," in 5th ACM Symposium on Information, Computer and Communications Security. Beijing, China: ACM Press, Apr. 2010, pp. 328-332.
10. G. Russello, B. Crispo, E. Fernandes, and Y. Zhauniarovich, "YAASE: Yet Another Android Security Extension," in Third IEEE International Conference on Information Privacy, Security, Risk and Trust. MIT, USA: IEEE Computer Society, Oct. 2011, pp. 1033-1040.
11. A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin, "Permission re-delegation: attacks and defenses," in 20th USENIX conference on Security, San Francisco, CA, USA, Aug. 2011, p. 22.
12. W. Shin, S. Kiyomoto, K. Fukushima, and T. Tanaka, "Towards Formal Analysis of the Permission-Based Security Model for Android," in Fifth International Conference on Wireless and Mobile Communications. Cannes/La Bocca, French Riviera, France: IEEE Computer Society, 2009, pp. 87-92.
13. -, "A Formal Model to Analyze the Permission Authorization and Enforcement in the Android Framework," in Second International Conference on Social Computing. Minneapolis, Minnesota, USA: IEEE Computer Society, Aug. 2010, pp. 944-951.
14. A. Barrera, David and Kayacik, H. Güneş and van Oorschot, Paul C. and Somayaji, "A methodology for empirical analysis of permission-based security models and its application to android," in 17th ACM conference on Computer and communications security. Chicago, Illinois, USA: ACM Press, Oct. 2010, pp. 73-84.
15. I. Rassameeroj and Y. Tanahashi, "Various approaches in analyzing Android applications with its permission-based security models," in International Conference on Electro/Information Technology. Mankato, Minnesota, USA: IEEE Computer Society, May 2011, pp. 1-6.
16. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, "TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones," in 9th USENIX conference on Operating systems design and implementation, Oct. 2010, pp. 1-6.
17. W. Zhou, Y. Zhou, X. Jiang, and P. Ning, "Detecting repackaged smartphone applications in third-party android marketplaces," in Second ACM conference on Data and Application Security and Privacy, E. Bertino and R. S. Sandhu, Eds. San Antonio, TX, USA: ACM Press, Feb. 2012, pp. 317-326.
18. Mila, "Contagio mobile," 2012. [Online]. Available: http://contagiominidump.blogspot.fr/
19. L. Botezatu, "All data stored on your smartphone ..... gone in 60 seconds," MalwareCity, 2011. [Online]. Available: http://www.malwarecity. com/blog/all-data-stored-on-your-smartphone-gone-in-60-seconds-1156.html
20. "Android.Fakesucon," Symantec Security Response's blog, 2011. [Online]. Available: http://www.symantec.com/security-response/writeup.jsp? docid=2011-120915-2524-99
21. X. Jiang, "New Android Malware - HippoSMS - Found in Alternative Android Markets," NC State University, 2011. [Online]. Available: http://www.csc.ncsu.edu/faculty/jiang/HippoSMS/
22. Y. Li, "Android.Lovetrap," 2011. [Online]. Available: http://www.symantec.com/security-response/writeup.jsp?docid=2011-072806-2905-99
23. "Server-side Polymorphic Android Applications," Symantec Security Response's blog, 2012. [Online]. Available: http://www.symantec.com/ connect/blogs/server-side-polymorphic-android-applications
24. I. Asrar, "Android Threat Tackles Piracy Using Austere Justice Measures," Irfan Asrar's blog, 2011. [Online]. Available: http://www.symantec.com/connect/blogs/android-threat-tackles-piracy-using- austere-justice-measures