Permlyzer: Analyzing permission usage in Android applications

2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013

Volumn , Issue , 2013, Pages 400-410

  Xu, Wei ^a   Zhang, Fangfang ^a   Zhu, Sencun ^a  

^a PENNSYLVANIA STATE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANDROID APPLICATIONS; ANDROID SYSTEMS; IN-DEPTH ANALYSIS; INFORMED DECISION; MALWARES; MOBILE PLATFORM; RUN-TIME ANALYSIS;

ENGINEERING; INDUSTRIAL ENGINEERING;

SOFTWARE RELIABILITY;

EID: 84893330207     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ISSRE.2013.6698893     Document Type: Conference Paper

References (34)

1. Distimo, "Google android market tops 675, 000 applications", http://officialandroid.blogspot.com/2012/09/google-play-hits-25-billion- downloads.html 2012.
2. AppBrain, "Number of available android applications", http://www.appbrain. com/stats/number-of-android-apps 2012.
3. K. W. Y. Au, Y. F. Zhou, Z. Huang, P. Gill, and D. Lie, "Short paper: a look at smartphone permission models", in Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, ser. SPSM'11, 2011, pp. 63-68.
4. A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, "Android permissions demystified", in Proceedings of the 18th ACM conference on Computer and communications security, ser. CCS'11, 2011, pp. 627-638.
5. O. Tripp, M. Pistoia, S. J. Fink, M. Sridharan, and O. Weisman, "Taj: effective taint analysis of web applications", in Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation, ser. PLDI'09, 2009, pp. 87-97.
6. M. Sridharan and R. Bod́ik, "Refinement-based context-sensitive pointsto analysis for java", in Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation, ser. PLDI'06, 2006, pp. 387-400.
7. "Android manifest.permission. " http://developer.android.com/ reference/android/Manifest.permission.html 2012.
8. "Android developer: monkeyrunner", http://developer.android. com/guide/developing/tools/monkeyrunner concepts. html, 2012.
9. "Virustotal", http://www.virustotal.com 2012.
10. "Platform versions", http://developer.android.com/about/ dashboards/index.html, 2012.
11. "Android api differences report (8-9)", http://developer. android.com/sdk/api diff/9/changes.html, 2012.
12. "Android api differences report (9-10)", http://developer. android.com/sdk/api diff/9/changes.html, 2012.
13. "Mobile threat report (q4 2011)", F-Secure Labs, Tech. Rep., 2011.
14. E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, "Analyzing interapplication communication in android", in Proceedings of the 9th international conference on Mobile systems, applications, and services, ser. MobiSys'11, 2011, pp. 239-252.
15. W. Enck, M. Ongtang, and P. McDaniel, "On lightweight mobile phone application certification", in Proceedings of the 16th ACM conference on Computer and communications security, ser. CCS'09, 2009, pp. 235-245.
16. D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji, "A methodology for empirical analysis of permission-based security models and its application to android", in Proceedings of the 17th ACM conference on Computer and communications security, ser. CCS'10, 2010, pp. 73-84.
17. A. P. Felt, K. Greenwood, and D. Wagner, "The effectiveness of application permissions", in Proceedings of the 2nd USENIX conference on Web application development, ser. WebApps'11, 2011, pp. 7-7.
18. J. Andrus, C. Dall, A. V. Hof, O. Laadan, and J. Nieh, "Cells: a virtual mobile smartphone architecture", in Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, ser. SOSP'11, 2011, pp. 173-187.
19. A. R. Beresford, A. Rice, N. Skehin, and R. Sohan, "Mockdroid: trading privacy for application functionality on smartphones", in Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, ser. HotMobile'11, 2011, pp. 49-54.
20. M. Egele, C. Kruegel, E. Kirda, and G. Vigna, "Pios: Detecting privacy leaks in ios applications", in 18th Annual Symposium on Network and Distributed System Security. San Diego, California: Internet Society, February 2011.
21. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, "A study of android application security", in Proceedings of the 20th USENIX conference on Security, ser. SEC'11, 2011, pp. 21-21.
22. A. P. Fuchs, A. Chaudhuri, and J. S. Foster, "Scandroid: Automated security certification of android applications", Tech. Rep.
23. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, "Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones", in Proceedings of the 9th USENIX Symposium on Operating System Design and Implementation, ser. OSDI'10. USENIX, October 2010.
24. J. Jung, A. Sheth, B. Greenstein, D. Wetherall, G. Maganis, and T. Kohno, "Privacy oracle: a system for finding application leaks with black box differential testing", in Proceedings of the 15th ACM conference on Computer and communications security, ser. CCS'08, 2008, pp. 279-288.
25. A. R. Yumerefendi, B. Mickle, and O. P. Cox, "Tightlip: Keeping applications from spilling the beans", in Proceedings of the 4th USENIX Symposium on Networked Systems Design and Implementation, ser. NSDI'07. USENIX, April 2007.
26. M. Grace, Y. Zhou, Z. Wang, and X. Jiang, "Systematic detection of capability leaks in stock android smartphones", in 19th Annual Symposium on Network and Distributed System Security. San Diego, California: Internet Society, February 2012.
27. Y. Zhou, X. Zhang, X. Jiang, and V. W. Freeh, "Taming informationstealing smartphone applications (on android)", in Proceedings of the 4th international conference on Trust and trustworthy computing, ser. TRUST'11, 2011, pp. 93-107.
28. A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin, "Permission re-delegation: Attacks and defenses", in Proceedings of the 20th USENIX Security Symposium, ser. USENIX'11, 2011.
29. M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach, "Quire: Lightweight provenance for smart phone operating systems", in 20th USENIX Security Symposium, San Francisco, CA, Aug. 2011.
30. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischera, and A.-R. Sadeghi, "Xmandroid: A new android evolution to mitigate privilege escalation attacks", Technische Universitat Darmstadt, Center for Advanced Security Research, Tech. Rep., 2011.
31. P. Gilbert, B.-G. Chun, L. P. Cox, and J. Jung, "Vision: automated security validation of mobile apps at app markets", in Proceedings of the second international workshop on Mobile cloud computing and services, ser. MCS'11, 2011, pp. 21-26.
32. Y. Zhou and X. Jiang, "Dissecting android malware: Characterization and evolution", Security and Privacy, IEEE Symposium on, pp. 95-109, 2012.
33. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, "Hey, you, get off of my market: detecting malicious apps in official and alternative android markets", in 19th Annual Symposium on Network and Distributed System Security. San Diego, California: Internet Society, February 2012.
34. M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang, "Riskranker: scalable and accurate zero-day android malware detection", in Proceedings of the 10th international conference on Mobile systems, applications, and services, ser. MobiSys'12, 2012, pp. 281-294.