Evolution, detection and analysis of malware for smart devices

IEEE Communications Surveys and Tutorials

Volumn 16, Issue 2, 2014, Pages 961-987

  Suarez Tangil, Guillermo ^a   Tapiador, Juan E ^a   Peris Lopez, Pedro ^a   Ribagorda, Arturo ^a  

^a UNIVERSIDAD CARLOS III DE MADRID   (Spain)

Author keywords

grayware; malware; privacy; security; smart devices; smartphones

Indexed keywords

COMPUTER CRIME; DATA PRIVACY; PERSONAL COMPUTERS; SMARTPHONES;

DISTRIBUTION STRATEGIES; GRAYWARE; INTERNET APPLIANCES; PERSONAL INFORMATION; RESEARCH PROBLEMS; SECURITY; SECURITY ARCHITECTURE; SMART DEVICES;

MALWARE;

EID: 84901246064     PISSN: None     EISSN: 1553877X     Source Type: Journal    
DOI: 10.1109/SURV.2013.101613.00077     Document Type: Article

References (165)

1. H. Dediu, "When will tablets outsell traditional pcs?" March 2012, http://www.asymco.com/2012/03/02/when-will-the-tablet-market-be-larger- than-the-pc-market/.
2. Juniper, "2011 mobile threats report," Juniper Networks, Tech. Rep., 2012.
3. L. Goasduff and C. Pettey, "Gartner says worldwide smartphone sales soared in fourth quarter of 2011 with 47 percent growth," Visited April 2012, http://www.gartner.com/it/page.jsp?id=1924314.
4. Nielsen, "State of the appnation -a year of change and growth in u.s. smartphones," Nielsen, Tech. Rep., 2012.
5. R. van der Meulen and J. Rivera, "Gartner says worldwide mobile phone sales declined 1.7 percent in 2012," Visited March 2013, http://www.gartner.com/newsroom/id/2335616.
6. Samsung. (Visited March 2013) Samsung smart tv. [Online]. Available: http://www.samsung.com/us/2012-smart-tv/
7. Sony. (Visited March 2013) Smartwatch. [Online]. Available: http://www.sonymobile.com/us/products/accessories/smartwatch/
8. Google. (Visited March 2013) Google glass. [Online]. Available: http://http://www.google.com/glass/
9. CuteCircuit. (Visited March 2013) T-shirtos: The future is getting closer. [Online]. Available: http://www.cutecircuit.com/tshirtos-the-future-is- getting-closer/
10. D. Newcomb. (Visited March 2013) Weblink aims to bridge the nagging smartphone-car disconnect. [Online]. Available: http://www.wired.com/autopia/ 2013/03/weblink-abalta-auto-apps/
11. S. Larner, "Smartphones and tablets in the hospital environment," British J. of Healthcare Management, vol. 18, no. 8, pp. 404-405, 2012.
12. IIH. (Visited March 2013) Smart pillbox. [Online]. Available: http://www.innovatorsinhealth.org/solutions/
13. M. Chan, D. Estve, J.-Y. Fourniols, C. Escriba, and E. Campo, "Smart wearable systems: Current status and future challenges," Artificial Intelligence in Medicine, vol. 56, no. 3, pp. 137-156, 2012.
14. H. Dediu, D. Schmidt, and R. Salle. (Visited March 2013) Asymco. [Online]. Available: http://www.asymco.com/
15. D. Seifert. (Visited May 2013) Back from the dead: why do 2013's best smartphones have ir blasters? [Online]. Available: http://www.theverge.com/2013/ 4/24/4262074/is-this-the-year-of-the-ir-blaster
16. F. Wang and J. Liu, "Networked wireless sensor data collection: Issues, challenges, and approaches," IEEE Commun. Surveys & Tutorials, vol. 13, no. 4, pp. 673-687, 2011.
17. Y. Yan, Y Qian, H. Sharif, and D. Tipper, "A survey on smart grid communication infrastructures: Motivations, requirements and challenges," IEEE Commun. Surveys & Tutorials, vol. 15, no. 1, pp. 5-20, 2013.
18. Y Gu, A. Lo, and I. Niemegeers, "A survey of indoor positioning systems for wireless personal networks," IEEE Commun. Surveys & Tutorials, vol. 11, no. 1, pp. 13-32, 2009.
19. C. MacManus. (Visited Agoust 2013) Sony's smarttags could change phone habits. [Online]. Available: http://news.cnet.com/8301-17938\- 105-57359901-1/sonys-smarttags-could-change-phone-habits/
20. Y Lee, Y Ju, C. Mn, J. Yu, and J. Song, "Mobicon: Mobile context monitoring platform: Incorporating context-awareness to smartphone-centric personal sensor networks," in 9th Annu. IEEE Commun. Society Conf. on Sensor, Mesh and Ad Hoc Commun. and Netw. (SECON 2012), 2012, pp. 109-111.
21. D. Kelly, R. Raines, R. Baldwin, M. Grimaila, and B. Mullins, "Exploring extant and emerging issues in anonymous networks: A taxonomy and survey of protocols and metrics," IEEE Commun. Surveys & Tutorials, vol. 14, no. 2, pp. 579-606, 2012.
22. M. Mueck, V Ivanov, S. Choi, J. Kim, C. Ahn, H. Yang, G. Baldini, and A. Piipponen, "Future of wireless communication: Radioapps and related security and radio computer framework," IEEE Wireless Commun., vol. 19, no. 4, pp. 9-16, 2012.
23. C. Szongott, B. Henne, and M. Smith, "Evaluating the threat of epidemic mobile malware," in Proc. IEEE 8th Int. Conf. on Wireless and Mobile Computing, Netw. and Commun. (WiMob 2012), 2012, pp. 443-450.
24. La Polla, M. and Martinelli, F. and Sgandurra, D., "A Survey on Security for Mobile Devices," IEEE Commun. Surveys & Tutorials, vol. 15, no. 1, pp. 446-471, 2013.
25. X. Wei, N. C. Valler, B. Prakash, I. Neamtiu, M. Faloutsos, and C. Faloutsos, "Competing memes propagation on networks: A network science perspective," IEEE J. Sel. Areas Commun., vol. 31, no. 6, pp. 1049-1060, 2013.
26. Fernandes, Earlence and Crispo, Bruno and Conti, Mauro, "FM 99.9, Radio Virus: Exploiting FM Radio Broadcasts for Malware Deployment," IEEE Trans. Inf. Forens. Security, 2013.
27. G. Baldini, T. Sturman, A. Biswas, R. Leschhorn, G. Godor, and M. Street, "Security aspects in software defined radio and cognitive radio networks: A survey and a way ahead," IEEE Commun. Surveys & Tutorials, vol. 14, no. 2, pp. 355-379, 2012.
28. S. Amini, J. Lindqvist, J. Hong, J. Lin, E. Toch, and N. Sadeh, "Caché: caching location-enhanced content to improve user privacy," in Proc. 9th Int. Conf. on Mobile systems, applications, and services. ACM, 2011, pp. 197-210.
29. A. Parate, M.-C. Chiu, D. Ganesan, and B. M. Marlin, "Leveraging graphical models to improve accuracy and reduce privacy risks of mobile sensing," in Proc. 11th Int. Conf. on Mobile Systems, Applications and Services. ACM, 2013, pp. 83-96.
30. E. Chin, A. P. Felt, V. Sekar, and D. Wagner, "Measuring user confidence in smartphone security and privacy," in Symp. on Usable Privacy and Security. Washington: Advancing Science, Serving Society, March 2012.
31. J. Fenske, "Biometrics in new era of mobile access control," Biometric Technology Today, vol. 2012, no. 9, pp. 9-11, 2012.
32. N. Husted, H. Saïdi, and A. Gehani, "Smartphone security limitations: conflicting traditions," in Proc. 2011 Workshop on Governance of Technology, Information, and Policies, ser. GTIP '11. New York, NY, USA: ACM, 2011, pp. 5-12.
33. A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, "A survey of mobile malware in the wild," in Proc. 1st ACM workshop on Security and privacy in smartphones and mobile devices, ser. SPSM '11. New York, NY, USA: ACM, 2011, pp. 3-14.
34. K. Dunham, Mobile malware attacks and defense. Syngress, 2008.
35. D. Shih, B. Lin, H. Chiang, and M. Shih, "Security aspects of mobile phone virus: a critical survey," Industrial Management & Data Systems, vol. 108, no. 4, pp. 478-494, 2008. (Pubitemid 351590943)
36. Juniper, "2013 mobile threats report," Juniper Networks, Tech. Rep., 2013.
37. F-Secure, "Mobile threat report q1 2012," F-Secure, Tech. Rep., April 2012, "http://www.f-secure.com/weblog/archives/MobileThreatReport- Q12012.pdf".
38. McAfee, "Threats report:fourth quarter 2012," McAfee, Tech. Rep., January 2013, http://www.mcafee.com/us/resources/reports/rp-quarterly- threat-q4-2012.pdf.
39. M. Schipka, "Dollars for downloading," Network Security, vol. 2009, no. 1, pp. 7-11, 2009.
40. D. Guido and M. Arpaia, "Mobile exploit intelligence project," 2012, http://www.trailofbits.com/resources/mobile-eip-04-19-2012.pdf.
41. McAfee, "Threats report:fourth quarter 2010," McAfee, Tech. Rep., January 2011, http://www.mcafee.com/us/resources/reports/rp-quarterly- threat-q4-2010.pdf.
42. M. R. Rieback, P. N. Simpson, B. Crispo, and A. S. Tanenbaum, "Rfid malware: Design principles and examples," Pervasive and mobile computing, vol. 2, no. 4, pp. 405-426, 2006. (Pubitemid 44556556)
43. W. P. Burleson, S. S. Clark, B. Ransford, and K. Fu, "Design challenges for secure implantable medical devices," in Proc. 49th Design Automation Conf, ser. DAC'12. New York, NY, USA: ACM, 2012, pp. 12-17.
44. D. Halperin, T. S. Heydt-Benjamin, B. Ransford, S. S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W H. Maisel, "Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses," in Proc. 29th Annual IEEE Symp. Security and Privacy. USENIX Association, May 2008, pp. 129-142.
45. L. Cai and H. Chen, "Touchlogger: inferring keystrokes on touch screen from smartphone motion," in Proc. 6th USENIX conf. on Hot topics in security, ser. HotSec'11, Berkeley, CA, USA, 2011, pp. 9-9.
46. Y Zhou and X. Jiang, "Dissecting android malware: Characterization and evolution," in Proc. 33rd IEEE Symp. Security and Privacy (Oakland 2012), May 2012.
47. AV-Test, "Anti-malware solutions for android," AV Test, Tech. Rep., 2012, "http://www.av-test.org/fileadmin/pdf/avtest-2012-02-android- anti-malware-report-english.pdf".
48. M. Egele, T. Scholte, E. Kirda, and C. Kruegel, "A survey on automated dynamic malware-analysis techniques and tools," ACM Comput. Surv., vol. 44, no. 2, pp. 6:1-6:42, Mar. 2012.
49. K. Kostiainen, E. Reshetova, J.-E. Ekberg, and N. Asokan, "Old, new, borrowed, blue-: a perspective on the evolution of mobile platform security architectures," in Proc. 1st ACM conf. on Data and application security and privacy, ser. CODASPY '11. ACM, 2011, pp. 13-24.
50. W. Enck, "Defending users against smartphone apps: techniques and future directions," in Proc. 7th int. conf. on Information Systems Security, ser. ICISS'11. Springer-Verlag, 2011, pp. 49-70.
51. L. Batyuk, M. Herpich, S. Camtepe, K. Raddatz, A. Schmidt, and S. Al-bayrak, "Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within android applications," in 6th Int. Conf. on Malicious and Unwanted Software (MALWARE 2011), October 2011, pp. 66-72.
52. P. Gilbert, B.-G. Chun, L. P. Cox, and J. Jung, "Vision: automated security validation of mobile apps at app markets," in Proc. int. workshop on Mobile cloud computing and services, ser. MCS '11. New York, NY, USA: ACM, 2011, pp. 21-26.
53. H. Lockheimer. (Visited January 2013) Android and security. [Online]. Available: http://googlemobile.blogspot.com.es/2012/02/android-and-security.html
54. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, "Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets," in Proc. 19th Annu. Network and Distributed System Security Symp. (NDSS), 2012.
55. W. Zhou, Y. Zhou, X. Jiang, and P. Ning, "Detecting repackaged smartphone applications in third-party android marketplaces," in Proc. 2nd ACM conference on Data and Application Security and Privacy. ACM, 2012, pp. 317-326.
56. McAfee, "Threats report:fourth quarter 2011," McAfee, Tech. Rep., January 2012, http://www.mcafee.com/us/resources/reports/rp-quarterly- threat-q4-2011.pdf.
57. K. Au, Y. Zhou, Z. Huang, P. Gill, and D. Lie, "Short paper: a look at smartphone permission models," in Proc. 1st ACM workshop on Security and privacy in smartphones and mobile devices. ACM, 2011, pp. 63-68.
58. A. P. Felt, K. Greenwood, and D. Wagner, "The effectiveness of application permissions," in Proc. 2nd USENIX conf. on Web application development, ser. WebApps'11. USENIX Association, 2011, pp. 7-7.
59. Felt, Adrienne Porter and Chin, Erika and Hanna, Steve and Song, Dawn and Wagner, David, "Android permissions demystified," in Proc. 18th ACM conf. on Computer and commun. security. ACM, 2011, pp. 627-638.
60. Barrera, David and Kayacik, H Güneş and van Oorschot, Paul C and Somayaji, Anil, "A methodology for empirical analysis of permission-based security models and its application to android," i n Proc. 17th ACM conf. on Computer and communications security. ACM, 2010, pp. 73-84.
61. L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy, "Privilege escalation attacks on android," in Information Security, ser. Lecture Notes in Computer Science, M. Burmester, G. Tsudik, S. Magliveras, and I. Ilic, Eds. Springer Berlin/Heidelberg, 2011, vol. 6531, pp. 346-360.
62. K. Gudeth, M. Pirretti, K. Hoeper, and R. Buskey, "Delivering secure applications on commercial mobile devices: the case for bare metal hypervisors," in Proc. 1st ACM workshop on Security and privacy in smartphones and mobile devices, ser. SPSM '11. ACM, 2011, pp. 33-38.
63. M. Lange, S. Liebergeld, A. Lackorzynski, A. Warg, and M. Peter, "L4android: a generic operating system framework for secure smart-phones," in Proc. 1st ACM workshop on Security and privacy in smartphones and mobile devices, ser. SPSM '11. New York, NY, USA: ACM, 2011, pp. 39-50.
64. J. Andrus, C. Dall, A. V. Hof, O. Laadan, and J. Nieh, "Cells: a virtual mobile smartphone architecture," in Proc. 23rd ACM Symposium on Operating Systems Principles, ser. SOSP '11. ACM, 2011, pp. 173-187.
65. G. Russello, M. Conti, B. Crispo, and E. Fernandes, "Moses: supporting operation modes on smartphones," in Proc. 17th ACM symp. on Access Control Models and Technologies, ser. SACMAT '12. New York, NY, USA: ACM, 2012, pp. 3-12.
66. Y. Xu, F. Bruns, E. Gonzalez, S. Traboulsi, A. Mott, and A. Bil-gic, "Performance evaluation of para-virtualization on modern mobile phone platform," in Proc. Int. Conf. on Computer, Electrical, and Systems Science and Engineering, ser. ICCESSE '10. Waset, 2010, pp. 272-280.
67. A. Felt, H. Wang, A. Moshchuk, S. Hanna, and E. Chin, "Permission re-delegation: Attacks and defenses," in Proc. 20th USENIX Security Symp., 2011.
68. E. Chin, A. Felt, K. Greenwood, and D. Wagner, "Analyzing interapplication communication in android," in Proc. 9th int. conf. on Mobile systems, applications, and services. ACM, 2011, pp. 239-252.
69. M. Conti, V. Nguyen, and B. Crispo, "Crepe: Context-related policy enforcement for android," Information Security, pp. 331-345, 2011.
70. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A. Sadeghi, "Xmandroid: A new android evolution to mitigate privilege escalation attacks," Technische Universitat Darmstadt, Tech. Rep., 2011.
71. W. Enck, M. Ongtang, and P. McDaniel, "On lightweight mobile phone application certification," in Proc. 16th ACM conf. on Computer and communications security. ACM, 2009, pp. 235-245.
72. M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel, "Semantically rich application-centric security in android," in Computer Security Applications Conf., 2009. ACSAC '09. Annu., December 2009, pp. 340-349.
73. C. Mulliner, G. Vigna, D. Dagon, and W. Lee, "Using labeling to prevent cross-service attacks against smart phones," in Detection of Intrusions and Malware and Vulnerability Assessment, ser. Lecture Notes in Computer Science, R. Bschkes and P. Laskov, Eds. Springer Berlin Heidelberg, 2006, vol. 4064, pp. 91-108. (Pubitemid 44124004)
74. A. Shabtai, Y. Fledel, and Y. Elovici, "Securing android-powered mobile devices using selinux," IEEE Security & Privacy, vol. 8, no. 3, pp. 36-44, 2010.
75. M. Nauman, S. Khan, X. Zhang, and J.-P. Seifert, "Beyond kernel-level integrity measurement: enabling remote attestation for the android platform," in Trust and Trustworthy Computing. Springer, 2010, pp. 1-15.
76. X. Ni, Z. Yang, X. Bai, A. C. Champion, and D. Xuan, "Diffuser: Differentiated user access control on smartphones," in IEEE 6th Int. Conf. Mobile Adhoc and Sensor Systems, 2009. MASS'09. IEEE, 2009, pp. 1012-1017.
77. F. Rohrer, Y Zhang, L. Chitkushev, and T. Zlateva, "Poster: Role based access control for android (rbaca)," Boston University, MA USA, Tech. Rep., 2012.
78. S. Kraemer and P. Carayon, "Human errors and violations in computer and information security: The viewpoint of network administrators and security specialists," Applied Ergonomics, vol. 38, no. 2, pp. 143-154, 2007. (Pubitemid 44666662)
79. J. O'Connor, "Blackberry security: Ripe for the picking?" Symantec, Tech. Rep., 2006.
80. J. Jeon, K. Micinski, J. Vaughan, N. Reddy, Y Zhu, J. Foster, and T. Millstein, "Dr. android and mr. hide: Fine-grained security policies on unmodified android," University of Maryland, Tech. Rep., 2011.
81. D. Schreckling, J. Posegga, and D. Hausknecht, "Constroid: Data-Centric Access Control for Android," in Proc. 27th Symp. on Applied Computing (SAC): Computer Security Track, 2012.
82. S. Bugiel, L. Davi, A. Dmitrienko, S. Heuser, A.-R. Sadeghi, and B. Shastry, "Practical and lightweight domain isolation on android," in Proc. 1st ACM workshop on Security and privacy in smartphones and mobile devices, ser. SPSM '11. New York, NY, USA: ACM, 2011, pp. 51-62.
83. N. Husted, H. Saïdi, and A. Gehani, "Smartphone security limitations: conflicting traditions," in Proc. 2011 Workshop on Governance of Technology, Information, and Policies, ser. GTIP '11. New York, NY, USA: ACM, 2011, pp. 5-12.
84. W. Enck, P. Gilbert, B. Chun, L. Cox, J. Jung, P. McDaniel, and A. Sheth, "Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones," in Proc. 9th USENIX conf. on Operating systems design and implementation. USENIX Association, 2010, pp. 1-6.
85. P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall, "These aren't the droids you're looking for: retrofitting android to protect data from imperious applications," in Proc. 18th ACM conf. on Computer and communications security. ACM, 2011, pp. 639-652.
86. A. Shabtai, Y Fledel, U. Kanonov, Y Elovici, S. Dolev, and C. Glezer, "Google android: A comprehensive security assessment," IEEE Security & Privacy, vol. 8, no. 2, pp. 35-44, 2010.
87. W. Enck, M. Ongtang, and P. McDaniel, "Understanding android security," IEEE Security & Privacy, vol. 7, no. 1, pp. 50-57, 2009.
88. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, "A study of android application security," in Proc. 20th USENIX conf. on Security, ser. SEC'11. Berkeley, CA, USA: USENIX Association, 2011, pp. 21-21.
89. Apple. (May 2012) ios security. [Online]. Available: http://images. apple.com/ipad/business/docs/iOS-Security-May12.pdf
90. D. Chubb. (Visited May 2013) Data privacy of ios 6 release notes. [Online]. Available: http://www.product-reviews.net/2012/06/15/ios-6-release- notes-show-heightened-security/
91. C. Miller. (Visited May 2013) Comparision of ios and android security. [Online]. Available: http://www.accuvant.com/blog/2011/10/20/dr-charlie-miller- compares-security-ios-and-android
92. Apple. (Visited May 2013) Apple answers fcc questions. [Online]. Available: http://www.apple.com/hotnews/apple-ans wers-fcc-questions/
93. Mcrosoft, "Windows Phone 8 Security Overview," Microsoft Coor-poration, Tech. Rep., December 2012, http://go.microsoft.com/fwlink/? LinkId=266838.
94. C. Fleizach, M. Liljenstam, P. Johansson, G. Voelker, and A. Mehes, "Can you infect me now?: malware propagation in mobile phone networks," in Proc. 2007 ACM workshop on Recurring malcode. ACM, 2007, pp. 61-68.
95. R. Verdult and F. Kooman, "Practical attacks on nfc enabled cell phones," in 3rd Int. Workshop on Near Field Commun. (NFC), February 2011, pp. 77-82.
96. L. Auriemma. (Visited May 2013) Samsung devices with support for remote controllers. [Online]. Available: http://aluigi.org/adv/samsux- 1-adv.txt
97. Sophos. (Visited May 2013) First anti-virus software for connected tv. [Online]. Available: http://goo.gl/Ww67D
98. D. Halperin, T. Kohno, T. Heydt-Benjamin, K. Fu, and W. Maisel, "Security and privacy for implantable medical devices," IEEE Pervasive Comput., vol. 7, no. 1, pp. 30-39, January 2008.
99. M. Vockley, "Safe and secure? healthcare in the cyberworld." Biomedical instrumentation & technology/Association for the Advancement of Medical Instrumentation, vol. 46, no. 3, p. 164, 2012.
100. S. Corporation, "Symantec security threats," Visited May 2013, http://www.symantec.com/security-response/landing/threats.jsp.
101. F-Secure, "F-secure mobile threats," Visited May 2013, http://www.f-secure.com/en/web/labs-global/mobile-security.
102. Lookout. (Visited May 2013) Notcompatible. [Online]. Available: http://goo.gl/yJEgn
103. P. Traynor, M. Lin, M. Ongtang, V Rao, T. Jaeger, P. McDaniel, and T. La Porta, "On cellular botnets: measuring the impact of malicious devices on a cellular network core," in Proc. 16th ACM conf. on Computer and communications security, ser. CCS '09. New York, NY, USA: ACM, 2009, pp. 223-234.
104. P. A. Porras, H. Saidi, and V Yegneswaran, "An analysis of the ikee.b iphone botnet," in Security and Privacy in Mobile Information and Communication Systems (MobiSec), 2nd Int. ICST Conf, ser. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, A. U. Schmidt, G. Russello, A. Lioy N. R. Prasad, and S. Lian, Eds., vol. 47. Springer, May 2010, pp. 141-152.
105. C. Mulliner and J.-P. Seifert, "Rise of the iBots: 0wning a telco network," in Proc. 5th IEEE Int. Conf. Malicious and Unwanted Software (Malware), Nancy, France, October 2010, pp. 71-80.
106. C. Xiang, F. Binxing, Y Lihua, L. Xiaoyi, and Z. Tianning, "Andbot: towards advanced mobile botnets," in Proc. 4th USENIX conf. on Large-scale exploits and emergent threats, ser. LEET'11. Berkeley, CA, USA: USENIX Association, 2011, pp. 11-11.
107. D. Damopoulos, G. Kambourakis, and S. Gritzalis, "isam: An iphone stealth airborne malware," in Future Challenges in Security and Privacy for Academia and Industry, ser. IFIP Advances in Information and Communication Technology, J. Camenisch, S. Fischer-Hbner, Y Murayama, A. Portmann, and C. Rieder, Eds. Springer Berlin Heidelberg, 2011, vol. 354, pp. 17-28.
108. S. Ldt, "Sophos endpoint protection," Visited May 2013, http://www.sophos.com.
109. Kramer, S, "Rage against the cage," 2010.
110. Luo, Tongbo and Hao, Hao and Du, Wenliang and Wang, Yifei and Yin, Heng, "Attacks on WebView in the Android system," in Proc. 27th Annu. Computer Security Applications Conf. ACM, 2011, pp. 343-352.
111. NakedSecurity, "Malicious cloned games attack google android market," Visited May 2013, http://nakedsecurity.sophos.com/2011/12/12/ malicious-cloned-games-attack-google-android-market/.
112. A. Apvrille, "Cryptography for mobile malware obfuscation," in RSA Conf, RSA, Ed. Fortinet, October 2011.
113. Skycure. (Visited May 2013) Malicious Profiles-The Sleeping Giant of iOS Security. [Online]. Available: \textcolor{black}{http://blog. skycure.com/2013/03/malicious-profiles-sleeping-giant-of.html}
114. N. Seriot, "iphone privacy," Black Hat DC, p. 30, 2010.
115. D. Goodin. (Visited June 2012) Apple expels serial hacker for publishing iphone exploit. [Online]. Available: http://www.theregister. co.uk/2011/11/08/apple-excommunicates-charlie-miller/
116. J. Bickford, R. O'Hare, A. Baliga, V Ganapathy, and L. Iftode, "Rootk-its on smart phones: attacks, implications and opportunities," in Proc. 11th Workshop on Mobile Computing Systems &38; Applications, ser. HotMobile '10. New York, NY, USA: ACM, 2010, pp. 49-54.
117. F. Shahzad, M. A. Akbar, and M. Farooq, "A survey on recent advances in malicious applications analysis and detection techniques for smartphones," National University of Computer & Emerging Sciences, Islamabad, Pakistan, Tech. Rep., 2012.
118. G. Suarez-Tangil, J. E. Tapiador, P. Peris-Lopez, and J. B. Alis, "Dendroid: A text mining approach to analyzing and classifying code structures in android malware families," Expert Systems with Applications, 2013, in Press.
119. J. M. Estévez-Tapiador, P. Garcia-Teodoro, and J. E. Díaz-Verdejo, "Anomaly detection methods in wired networks: a survey and tax-onomy," Computer Communications, vol. 27, no. 16, pp. 1569-1584, 2004.
120. P. Garcia-Teodoro, J. E. Díaz-Verdejo, G. Maciá- Fernández, and E. Vázquez, "Anomaly-based network intrusion detection: Techniques, systems and challenges," Computers & Security, vol. 28, no. 1-2, pp. 18-28, 2009.
121. M. Knappmeyer, S. L. Kiani, E. S. Reetz, N. Baker, and R. Tonjes, "Survey of context provisioning middleware," IEEE Commun. Surveys & Tutorials, vol. 15, no. 3, pp. 1492-1519, 2013.
122. I. Rassameeroj and Y. Tanahashi, "Various approaches in analyzing android applications with its permission-based security models," in 2011 IEEE Int. Conf. Electro/Information Technology (EIT), May 2011, pp. 1-6.
123. S. Rosen, Z. Qian, and Z. M. Mao, "Appprofiler: a flexible method of exposing privacy-related behavior in android applications to end users," in Proc. 3rd ACM conference on Data and application security and privacy. ACM, 2013, pp. 221-232.
124. V. Rastogi, Y. Chen, and W. Enck, "Appsplayground: automatic security analysis of smartphone applications," in Proc. 3rd ACM conference on Data and application security and privacy. ACM, 2013, pp. 209-220.
125. S. Zonouz, A. Houmansadr, R. Berthier, N. Borisov, and W. Sanders, "Secloud: A cloud-based comprehensive and lightweight security solution for smartphones," Computers & Security, 2013.
126. F. Shahzad, M. Akbar, S. Khan, and M. Farooq, "Tstructdroid: Realtime malware detection using in-execution dynamic analysis of kernel process control blocks on android," National University of Computer & Emerging Sciences, Islamabad, Pakistan, Tech. Rep., 2013.
127. A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, and Y. Weiss, ""andro-maly": a behavioral malware detection framework for android devices," J. of Intelligent Information Systems, vol. 38, pp. 161-190, 2012.
128. M. Backes, S. Gerling, C. Hammer, M. Maffei, and P. Styp-Rekowsky, "Appguard real-time policy enforcement for third-party applications," Universitats-und Landesbibliothek, Postfach 151141, 66041 Saarbracken, Tech. Rep., 2012. [Online]. Available: http://scidok.sulb.uni-saarland.de/volltexte/ 2012/4902
129. I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, "Crowdroid: behavior-based malware detection system for android," in 1st ACM workshop on Security and privacy in smartphones and mobile devices. ACM, 2011, pp. 15-26.
130. L. Yan and H. Yin, "Droidscope: Seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis," in Proc. 21st USENIX conf. on Security symp. USENIX Association, 2012, pp. 29-29.
131. G. Dini, F. Martinelli, A. Saracino, and D. Sgandurra, "Madam: a multi-level anomaly detector for android malware," in Proc. 6th int. conf. on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security, ser. MMM-ACNS'12. Springer-Verlag, 2012, pp. 240-253.
132. H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy, "Using probabilistic generative models for ranking risks of android apps," in Proc. 2012 ACM conf. on Computer and communications security. ACM, 2012, pp. 241-252.
133. M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang, "Riskranker: scalable and accurate zero-day android malware detection," in Proc. 10th int. conf. on Mobile systems, applications, and services. ACM, 2012, pp. 281-294.
134. C. Zheng, S. Zhu, S. Dai, G. Gu, X. Gong, X. Han, and W. Zou, "Smartdroid: an automatic system for revealing ui-based trigger conditions in android applications," in Proc. 2nd ACM workshop on Security and privacy in smartphones and mobile devices. ACM, 2012, pp. 93-104.
135. M. Grace, Y. Zhou, Z. Wang, and X. Jiang, "Systematic detection of capability leaks in stock android smartphones," in Proc. 19th Annu. Symp. on Network and Distributed System Security, 2012.
136. M. Egele, C. Kruegel, E. Kirda, and G. Vigna, "Pios: Detecting privacy leaks in ios applications," in Proc. Network and Distributed System Security Symp., 2011.
137. A.-D. Schmidt, "Detection of smartphone malware," Ph.D. dissertation, Universitätsbibliothek, 2011.
138. K. O. Elish, D. D. Yao, B. G. Ryder, and X. Jiang, "A static assurance analysis of android applications," Virginia Polytechnic Institute and State University, Tech. Rep., 2013.
139. L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang, "Chex: statically vetting android apps for component hijacking vulnerabilities," in Proc. 2012 ACM conf. on Computer and communications security. ACM, 2012, pp. 229-240.
140. T. Blasing, L. Batyuk, A. Schmidt, S. Camtepe, and S. Albayrak, "An android application sandbox system for suspicious software detection," in 5th Int. Conf. on Malicious and Unwanted Software (MALWARE 2010). IEEE, 2010, pp. 55-62.
141. G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos, "Paranoid android: versatile protection for smartphones," in Proc. 26th Annu. Computer Security Applications Conf., 2010, pp. 347-356.
142. H. Kim, J. Smith, and K. Shin, "Detecting energy-greedy anomalies and mobile malware variants," in Proc. 6th int. conf. on Mobile systems, applications, and services. ACM, 2008, pp. 239-252.
143. T. Garfinkel, M. Rosenblum et al., "A virtual machine introspection based architecture for intrusion detection," in Proc. Network and Distributed Systems Security Symp., 2003.
144. B.-G. Chun, S. Ihm, P. Maniatis, M. Naik, and A. Patti, "Clonecloud: elastic execution between mobile device and cloud," in Proc. 6th conf. on Computer systems, 2011, pp. 301-314.
145. S. Kosta, A. Aucinas, P. Hui, R. Mortier, and X. Zhang, "Thinkair: Dynamic resource allocation and parallel execution in the cloud for mobile code offloading," in Proc. IEEE Int. Conf. Comput. Commun. (INFOCOM). IEEE, 2012, pp. 945-953.
146. A. Desnos, "Android: Static analysis using similarity distance," in System Science (HICSS), 2012 45th Hawaii Int. Conf. on. IEEE, 2012, pp. 5394-5403.
147. J. Crussell, C. Gibler, and H. Chen, "Attack of the clones: Detecting cloned applications on android markets," Computer Security-ESORICS 2012, pp. 37-54, 2012.
148. S. Cesare and Y. Xiang, "Classification of malware using structured control flow," in Proc. 8th Australasian Symp. on Parallel and Distributed Computing-Volume 107. Australian Computer Society, Inc., 2010, pp. 61-70.
149. W. Zhou, Y. Zhou, M. Grace, X. Jiang, and S. Zou, "Fast, scalable detection of piggybacked mobile applications," in Proc. 3rd ACM conf. on Data and application security and privacy. ACM, 2013, pp. 185-196.
150. S. Hanna, L. Huang, E. Wu, S. Li, C. Chen, and D. Song, "Juxtapp: A scalable system for detecting code reuse among android applications," in Proc. 9th Conf. on Detection of Intrusions and Malware & Vulnerability Assessment, 2012.
151. S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy, "Return-oriented programming without returns," in Proc. of CCS 2010, A. Keromytis and V. Shmatikov, Eds. ACM Press, Oct. 2010, pp. 559-72.
152. L. Davi, A.-R. Sadeghi, and M. Winandy, "Ropdefender: A detection tool to defend against return-oriented programming attacks," in Proc. 6th ACM Symposium on Information, Computer and Communications Security. ACM, 2011, pp. 40-51.
153. Y. Boshmaf, I. Muslukhov, K. Beznosov, and M. Ripeanu, "Design and analysis of a social botnet," Computer Networks, vol. 57, no. 2, pp. 556-578, 2013.
154. F. Yamaguchi, F. Lindner, and K. Rieck, "Vulnerability extrapolation: assisted discovery of vulnerabilities using machine learning," in Proc. 5th USENIX conference on Offensive technologies. USENIX Association, 2011, pp. 13-13.
155. G. Zacharia, A. Moukas, and P. Maes, "Collaborative reputation mechanisms for electronic marketplaces," Decision Support Systems, vol. 29, no. 4, pp. 371-388, 2000. (Pubitemid 32034316)
156. W. Viriyasitavat and A. Martin, "A survey of trust in workflows and relevant contexts," IEEE Commun. Surveys & Tutorials, vol. 14, no. 3, pp. 911-940, 2012.
157. K. Govindan and P. Mohapatra, "Trust computations and trust dynamics in mobile adhoc networks: A survey," IEEE Commun. Surveys & Tutorials, vol. 14, no. 2, pp. 279-298, 2012.
158. S. Saroiu and A. Wolman, "I am a sensor, and i approve this message," in Proc. 11th Workshop on Mobile Computing Systems & Applications, ser. HotMobile '10. New York, NY, USA: ACM, 2010, pp. 37-42.
159. Q. Yan, Y. Li, T. Li, and R. Deng, "A comprehensive study for rfid malwares on mobile devices," in 5th Workshop on RFID Security (RFIDsec 2009 Asia), January 2009.
160. S. S. Clark and K. Fu, "Recent results in computer security for medical devices," in Wireless Mobile Communication and Healthcare, ser. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 83. Springer Berlin Heidelberg, 2012, pp. 111-118.
161. K. Fu, "Trustworthy medical device software," in In Public Health Effectiveness of the FDA 510(k) Clearance Process: Measuring Postmarket Performance and Other Select Topics: Workshop Report. Washington, DC: National Academies Press, 2011.
162. S. Hanna, R. Rolles, A. Molina-Markham, P. Poosankam, K. Fu, and D. Song, "Take two software updates and see me in the morning: The case for software security evaluations of medical devices," in Proc. 2nd USENIX Workshop on Health Security and Privacy (HealthSec). USENIX Association, Aug. 2011, pp. 6-6.
163. WhatsApp. (Visited March 2013) Legal info. [Online]. Available: http://www.whatsapp.com/legal/?l=en-en
164. Google. (Visited May 2013) Google app engine. [Online]. Available: www.google.com/enterprise/cloud/appengine
165. A. Distefano, G. Me, and F. Pace, "Android anti-forensics through a local paradigm," Digital Investigation, vol. 7, Supplement, pp. S83-S94, 2010.