A measurement study of Google Play

Performance Evaluation Review

Volumn 42, Issue 1, 2014, Pages 221-234

  Viennot, Nicolas ^a   Garcia, Edward ^a   Nieh, Jason ^a  

^a Columbia University ^*  (United States)

Author keywords

Android; Authentication; Clone detection; Decompilation; Google Play; Mobile computing; OAuth; Security

Indexed keywords

ANDROID (OPERATING SYSTEM); AUTHENTICATION; MOBILE COMPUTING; NETWORK SECURITY; PERSONAL COMPUTING; WEB SERVICES;

ANDROID; CLONE DETECTION; DECOMPILATION; GOOGLE PLAYS; OAUTH; SECURITY;

INTERNET;

EID: 84955581530     PISSN: 01635999     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2591971.2592003     Document Type: Conference Paper

References (44)

1. Amazon Mechanical Turk. https://www.mturk.com.
2. Amazon Web Services. IAM Best Practices, May 2010. http://docs.aws.amazon. com/IAM/latest/UserGuide/IAMBestPractices.html.
3. Amazon Web Services. Creating Temporary Security Credentials for Mobile Apps Using Identity Providers. AWS Security Token Service, June 2011. http://docs. aws.amazon. com/STS/latest/UsingSTS/CreatingWIF.html.
4. Amazon Web Services. Authenticating Users of AWS Mobile Applications with a Token Vending Machine. AWS Identity and Access Management, July 2013. http://aws.amazon. com/articles/4611615499399490.
5. Amazon Web Services. Getting Started with the AWS SDK for Android. AWS SDK for Android, Sept. 2013. http://docs.aws.amazon. com/mobile/sdkforandroid/gsg/Welcome.html.
6. AndroLib. http://www.androlib.com.
7. AppBrain. http://www.appbrain. com.
8. R. Bala. Amazon Is Downloading Apps From Google Play and Inspecting Them. Y Combinator Hacker News, Mar. 2014. https://news.ycombinator.com/item?id=7491272.
9. Capistrano. http://capistranorb.com.
10. Chef. http://www.getchef.com.
11. R. Chirgwin. Amazon Is Decompiling Our Apps in Security Gaff Hunt, Says Dev. The Register, Mar. 2014. http://www.theregister.co.uk/2014/03/31/dev-lashes-out-at-amazon-for-decompiling-his-app.
12. B.-G. Chun, S. Ihm, P. Maniatis, M. Naik, and A. Patti. CloneCloud: Elastic Execution Between Mobile Device and Cloud. In Proceedings of the 6th European Conference on Computer systems (EuroSys 2011), Apr. 2011.
13. J. Crussell, C. Gibler, and H. Chen. Attack of the Clones: Detecting Cloned Applications on Android Markets. In Proceedings of 17th European Symposium on Research in Computer Security (ESORICS 2012), Sept. 2012.
14. J. Crussell, C. Gibler, and H. Chen. AnDarwin: Scalable Detection of Semantically Similar Android Applications. In Proceedings of 18th European Symposium on Research in Computer Security (ESORICS 2013), Sept. 2013.
15. Death by Captcha. http://www.deathbycaptcha.com.
16. A. Desnos. Androguard. https://code.google.com/p/androguard.
17. dex2jar. http://code.google.com/p/dex2jar.
18. N. d'Heureuse, F. Huici, M. Arumaithurai, M. Ahmed, K. Papagiannaki, and S. Niccolini. What's App?: A Wide-Scale Measurement Study of Smart Phone Markets. Mobile Computing and Communications Review, 16(2):16-27, Apr. 2012.
19. Elasticsearch. http://www.elasticsearch.org.
20. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A Study of Android Application Security. In Proceedings of the 20th USENIX Security Symposium, Aug. 2011.
21. Facebook. Login Security. https://developers.facebook. com/docs/facebook-login/security.
22. A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner. A Survey of Mobile Malware in the Wild. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011), July 2011.
23. C. Gibler, R. Stevens, J. Crussell, H. Chen, H. Zang, and H. Choi. AdRob: Examining the Landscape and Impact of Android Application Plagiarism. In Proceedings of the 11th International Conference on Mobile Systems, Applications, and Services (MobiSys 2013), June 2013.
24. E. Girault. Google Play Unofficial Python API. https://github.com/egirault/googleplay-api.
25. M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang. RiskRanker: Scalable and Accurate Zero-day Android Malware Detection. In Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services (MobiSys 2012), June 2012.
26. B. Gruver. smali/baksmali assembler/disassembler. https://code.google.com/p/smali.
27. S. Hanna, L. Huang, E. X. Wu, S. Li, C. Chen, and D. Song. Juxtapp: A Scalable System for Detecting Code Reuse Among Android Applications. In Proceedings of the 9th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2012), July 2012.
28. M. Kotadia. AWS Admits Scanning Android App in Secret Key Hunt. iTnews, Apr. 2014. http://www.itnews.com.au/News/381432, aws-admits-scanning-android-app-in-secret-key-hunt. aspx.
29. MixRank. http://www.mixrank.com.
30. R. Mogull. My $500 Cloud Security Screwup-UPDATED. Securosis Blog, Jan. 2014. https://securosis.com/blog/my-500-cloud-security-screwup.
31. M. Perham. Sidekiq. http://sidekiq.org.
32. C. K. Roy, J. R. Cordy, and R. Koschke. Comparison and Evaluation of Code Clone Detection Techniques and Tools: A Qualitative Approach. Sci. Comput. Program., 74(7):470-495, May 2009.
33. S. Sanfilippo. Redis. http://redis.io.
34. A. Thiel. Android-market-api. https://code.google.com/p/android-market-api.
35. C. Tumbleson. Android-apktool. http://code.google.com/p/android-apktool.
36. Twitter. Implementing the Twitter OAuth flow in Android. https://dev. twitter.com/docs/implementing-twitter-oauth-flow-android.
37. N. Viennot. Java Library for JD-Core. https://github.com/nviennot/jd-core-java.
38. N. Viennot. PlayDrone sources. https://github.com/nviennot/google-play-crawler.
39. C. Warren. Google Play Hits 1 Million Apps. Mashable, July 2013. http://mashable.com/2013/07/24/google-play-1-million.
40. Y. Zhang, G. Huang, X. Liu, W. Zhang, H. Mei, and S. Yang. Refactoring Android Java Code for On-Demand Computation Offloading. In Proceedings of the 27th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2012), Oct. 2012.
41. W. Zhou, Y. Zhou, M. C. Grace, X. Jiang, and S. Zou. Fast, Scalable Detection of "Piggybacked" Mobile Applications. In Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy (CODASPY 2013), Feb. 2013.
42. W. Zhou, Y. Zhou, X. Jiang, and P. Ning. Detecting Repackaged Smartphone Applications in Third-party Android Marketplaces. In Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy (CODASPY 2012), Feb. 2012.
43. Y. Zhou and X. Jiang. Dissecting Android Malware: Characterization and Evolution. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP 12), May 2012.
44. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In Proceedings of the 19th Annual Symposium on Network and Distributed System Security (NDSS 2012), Feb. 2012.