DroidRay: A security evaluation system for customized Android firmwares

ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security

Volumn , Issue , 2014, Pages 471-482

  Zheng, Min ^a   Sun, Mingshen ^a   Lui, John C S ^a  

^a CHINESE UNIVERSITY OF HONG KONG   (Hong Kong)

Author keywords

[No Author keywords available]

Indexed keywords

ANDROID (OPERATING SYSTEM); COMPETITION; COMPUTER CRIME; FIRMWARE; MALWARE; MOBILE DEVICES; SMARTPHONES;

ANDROID MALWARE; ANDROID PLATFORMS; ANDROID SMART PHONES; CONFIDENTIAL INFORMATION; DESIGN AND IMPLEMENTS; DISTRIBUTION CHANNEL; SECURITY EVALUATION; STATIC AND DYNAMIC ANALYSIS;

MOBILE SECURITY;

EID: 84984924868     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2590296.2590313     Document Type: Conference Paper

References (41)

1. F. Adrienne, Porter, C. Erika, H. Steve, S. Dawn, and W. David. Android permissions demystified. In Proceedings of ACM Conference on Computer and Communications Security (CCS), 2011.
2. C-skill. Gingerbreak. http://c-skills.blogspot.hk/2011/04/yummyyummy-gingerbreak.html, 2011.
3. C-skill. Rageagainstthecage. https://github.com/bibanon/androiddevelopment-codex/wiki/rageagainstthecage, 2011.
4. A. Central. Android central (rom market). http://www.androidcentral.com/tags/firmware, 2013.
5. C. Daily. Low-end smartphone fight. http://www.chinadaily.com.cn/bizchina/2012smartphone/2012-07/16/content-15703750.htm, 2012.
6. N. V. Database. Cve-2009-1185. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1185, 2009.
7. DownloadAndroidROM. Downloadandroidrom (rom market). http://downloadandroidrom.com/, 2013.
8. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of android application security. In Proceedings of the 20th USENIX conference on Security, SEC'11, 2011.
9. A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner. A Survey of Mobile Malware in the Wild. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, 2011.
10. Google. Android open source project. http://source.android.com, 2008.
11. Google. virustotal. https://www.virustotal.com/, 2013.
12. M. Grace, Y. Zhou, Z. Wang, and X. Jiang. Systematic Detection of Capability Leaks in Stock Android Smartphones. In Proceedings of the 19th Annual Network & Distributed System Security Symposium, 2012.
13. I. D. C. (IDC). Apple cedes market share in smartphone operating system market as android surges and windows phone gains, according to idc. http://www.idc.com/getdoc.jsp?containerId=prUS24257413, 2013.
14. G. Inc. Google map apis. http://developers.google.com/maps/, 2012.
15. L. Inc. Security alert: Malware found targeting custom roms (jsmshider). https://blog.lookout.com/blog/2011/06/15/security-alert-malwarefound-targeting-custom-roms-jsmshider/, 2011.
16. Ipmart. Ipmart (rom forum). http://www.ipmart-forum.com/forum.php, 2013.
17. J. Janego. The security implications of custom android roms. http://labs.neohapsis.com/2011/12/21/thesecurity-implications-of-custom-android-roms/, 2012.
18. L. Jia, J. Aljuraidan, E. Fragkaki, L. Bauer, M. Stroucken, K. Fukushima, S. Kiyomoto, and Y. Miyake. Run-time enforcement of information-flow properties on Android (extended abstract). In Computer Security - ESORICS 2013: 18th European Symposium on Research in Computer Security, Sept. 2013.
19. Jidi. Rom jidi (rom market). http://www.romjd.com/, 2013.
20. W. Lei, G. Michael, Z. Yajin, W. Chiachih, and J. Xuxian. The impact of vendor customizations on android security. In Proceedings of ACM Conference on Computer and Communications Security (CCS), 2013.
21. K. McNamee. How to build a spyphone. Blackhat, 2013.
22. C. Mod. Cyanogen mod (rom forum). http://www.cyanogenmod.org/, 2013.
23. V. Rastogi, Y. Chen, and X. Jiang. Droidchameleon: evaluating android anti-malware against transformation attacks. In Proceedings of the ASIACCS '13.
24. Revolutionary. Zergrush. http://forum.xdadevelopers.com/showthread.php?t=1296916, 2011.
25. saurik. Android bug superior to master key. http://www.saurik.com/id/18, 2009.
26. saurik. Exploit and fix android master key. http://www.saurik.com/id/17, 2009.
27. saurik. Yet another android master key bug. http://www.saurik.com/id/19, 2009.
28. D. Security. Xray for android. http://www.xray.io/#vulnerabilities.
29. Shendu. Rom shendu (rom market). http://www.shendu.com/android/, 2013.
30. VR-ZONE. Research shows chinese manufacturers account for 20 percent of smartphones worldwide, india on the rise. http://vr-zone.com/articles/research-showschinese-manufacturers-account-for-20-percentof-smartphones-worldwide-india-on-therise/49868.html, 2013.
31. D. Walker. Pay-per-install pays big bucks in the mobile world. http://www.scmagazine.com/payper-install-pays-big-bucks-in-the-mobileworld/article/258731/, 2012.
32. Xda. Xda-developers (rom forum). http://www.xda-developers.com/, 2013.
33. L. Yang, N. Boushehrinejadmoradi, P. Roy, V. Ganapathy, and L. Iftode. Short paper: enhancing users' comprehension of android permissions. In Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices, SPSM '12, 2012.
34. C. Zheng, S. Zhu, S. Dai, G. Gu, X. Gong, X. Han, and W. Zou. Smartdroid: an automatic system for revealing ui-based trigger conditions in android applications. In Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices, SPSM '12, 2012.
35. M. Zheng, P. P. C. Lee, and J. C. S. Lui. Adam: an automatic and extensible platform to stress test android anti-virus systems. In Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA'12, 2013.
36. Zhijia. Rom zhijia (rom market). http://www.romzj.com/, 2013.
37. W. Zhou, Y. Zhou, X. Jiang, and P. Ning. DroidMOSS: Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces. In Proceedings of the second ACM conference on Data and Application Security and Privacy, 2012.
38. Y. Zhou and X. Jiang. Dissecting Android Malware: Characterization and Evolution. In Proceedings of the 33rd IEEE Symposium on Security and Privacy, 2012.
39. Y. Zhou and X. Jiang. Detecting passive content leaks and pollution in android applications. In Proceedings of the 20th Annual Symposium on Network and Distributed System Security, 2013.
40. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In Proceedings of the 19th Annual Network & Distributed System Security Symposium, 2012.
41. H. Z. Zihang Xiao, Qing Dong and X. Jiang. Oldboot: the first bootkit on Android. http://blogs.360.cn/360mobile/2014/01/17/oldboot-the-first-bootkit-on-android/, 2014.