Discovering and understanding android sensor usage behaviors with data flow analysis

World Wide Web

Volumn 21, Issue 1, 2018, Pages 105-126

  Liu, Xing ^a   Liu, Jiqiang ^a   Wang, Wei ^a   He, Yongzhong ^a   Zhang, Xiangliang ^b  

^a BEIJING JIAOTONG UNIVERSITY   (China)

^b KING ABDULLAH UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Saudi Arabia)

Author keywords

Android system; Clustering; Data flow analysis; Sensor usage

Indexed keywords

COMMERCE; DATA FLOW ANALYSIS; DATA TRANSFER; LIBRARIES;

ANDROID SYSTEMS; CLUSTERING; EMBEDDED SENSORS; ENVIRONMENTAL CONDITIONS; RELATED FUNCTIONS; SECURITY ISSUES; THIRD PARTY APPLICATION (APPS); USAGE PATTERNS;

ANDROID (OPERATING SYSTEM);

EID: 85015638536     PISSN: 1386145X     EISSN: None     Source Type: Journal    
DOI: 10.1007/s11280-017-0446-0     Document Type: Article

References (40)

1. Apktool. Apktool. http://ibotpeaches.github.io/Apktool/, 2015-05-20
2. AppBrain. Google play stats. http://www.appbrain.com/stats/, 2016-10-28
3. Android. Android sensor overview. http://developer.android.com/guide/topics/sensors/sensors_overview.html, 2015-03-28
4. Android. Android sensor type. http://developer.android.com/reference/android/hardware/Sensor.html, 2015-03-29
5. Android. Dalvik bytecode. https://source.android.com/devices/tech/dalvik/dalvik-bytecode.html (2016)
6. Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, p 29. ACM (2014)
7. Aviv, A.J., Sapp, B., Blaze, M., Smith, J.M.: Practicality of accelerometer side channels on smartphones. In: ACSAC 2012, pp. 41–50. ACM (2012)
8. Cai, L., Chen, H.: Touchlogger: inferring keystrokes on touch screen from smartphone motion. In: Proceedings of the 6th USENIX conference on Hot topics in security, pp. 9–9. USENIX Association (2011)
9. Chen, K., Liu, P., Zhang, Y.: Achieving accuracy and scalability simultaneously in detecting application clones on android markets. In: Proceedings of the 36th International Conference on Software Engineering, pp. 175–186. ACM (2014)
10. Chen, K., Wang, P., Lee, Y., Wang, X.F., Zhang, N., Huang, H., Zou, W., Liu, P.: Finding unknown Malice in 10 seconds Mass vetting for new threats at the google-play scale. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 659–674 (2015)
11. Desnos, A.: Androguard: Reverse engineering, malware and goodware analysis of android applications.. and more (ninja!). http://code.google.com/p/androguard, 2013-03-26
12. Elish, K.O., Shu, X., Yao, D.D., Ryder, B.G, Jiang, X.: Profiling user-trigger dependence for android malware detection. Comput. Secur. 49, 255–273 (2015)
13. Ester, M., Kriegel, H.-P., Sander, J., Xiaowei, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: Kdd, vol. 96, pp. 226–231 (1996)
14. Gascon, H., Yamaguchi, F., Arp, D., Rieck, K.: Structural detection of android malware using embedded call graphs. In: Proceedings of the ACM Workshop on Artificial Intelligence and Security, p. 2013. ACM (2013)
15. Gephi: The open graph viz platform https://gephi.org (2016)
16. Hido, S., Hisashi, K.: Linear-Time Graph Kernel. In: 9th IEEE International Conference on Data Mining, 2009. ICDM ’09, pp. 179–188 (2009)
17. Hoffmann, J., Ussath, M., Holz, T., Spreitzenbarth, M.: Slicing droids: program slicing for smali code. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing, pp. 1844–1851. ACM (2013)
18. I.D.Corporation. Smartphone os market share, q2 2016. http://www.idc.com/prodserv/smartphone-os-market-share.jsp, 2016-08
19. Klieber, W., Flynn, L., Bhosale, A., Jia, L., Bauer, L.: Android taint flow analysis for app. sets. In: Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis, pp. 1–6. ACM (2014)
20. Lee, W.-H., Lee, R.B.: Multi-sensor authentication to improve smartphone security. In: Conference on Information Systems Security and Privacy (2015)
21. Li, L., Bartel, A., Bissyande, T.F.D.A., Klein, J., Le Traon, Y., Arzt, S., Rasthofer, S., Bodden, E., Octeau, D., McDaniel, P.: Iccta: detecting inter-component privacy leaks in android apps. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE 2015) (2015)
22. Lin, C.-C., Liang, D., Chang, C.-C., Yang, C.-H.: A new non-intrusive authentication method based on the orientation sensor for smartphone users. In: IEEE 6th International Conference on Software Security and Reliability (SERE), p. 2012. IEEE (2012)
23. Liu, X., Liu, J., Wang, W.: Exploring sensor usage behaviors of android applications based on data flow analysis. In: 34th IEEE International Performance Computing and Communications Conference, IPCCC 2015, Nanjing, China, December 14-16, 2015, pp. 1–8 (2015)
24. Liu, X., Zhu, S., Wang, W., Jiqiang, L.: Alde: Privacy risk analysis of analytics libraries in the android ecosystem. In: 12th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2016), Guangzhou, China, October, 10–12, 2016 (2016)
25. Miluzzo, E., Varshavsky, A., Balakrishnan, S., Choudhury, R.R.: Tapprints: your finger taps have fingerprints. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, pp. 323–336. ACM (2012)
26. Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., Le Traon, Y.: Effective inter-component communication mapping in android with epicc: An essential step towards holistic security analysis. In: Proceedings of the 22nd USENIX Security Symposium. Citeseer (2013)
27. Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: Accessory: password inference using accelerometers on smartphones. ACM (2012)
28. Soot. Soot. http://sable.github.io/soot/, 2015-12-09
29. Spreitzer, R., Skimming, P.: Exploiting the ambient-light sensor in mobile devices. In: Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, pp. 51–62. ACM (2014)
30. Su, D., Wang, W., Wang, X., Liu, J.: Anomadroid: profiling android application behaviors for identifying unknown malapps. In: 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2016), Tianjin, China, 23-26 August, 2016 (2016)
31. The Hacker News: Taplogger android trojan can determine tapped keys. http://thehackernews.com/2012/04/taplogger-android-trojan-can-determine.html, 2012-04-21
32. The Verge: Taplogger android app. can read your password based on motion sensor data. http://www.theverge.com/2012/4/20/2963110/taplogger-android-app-motion-sensor-data, 2012-04-20
33. Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in android applications for Malicious application detection. IEEE Trans. Inf. Forensics Secur. 9(11), 1869–1882 (2014)
34. Wei, F., Roy, S., Ou, X., et al.: Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps. In: CCS 2014, pp. 1329–1341. ACM (2014)
35. WIKI. Dbscan. http://en.wikipedia.org/wiki/DBSCAN, 2015-04-05
36. Zeng, Z., Tung, A.K.H., Wang, J., Feng, J., Lizhu, Z.: Comparing Stars: On Approximating Graph Edit Distance. In: Proceedings of the Vldb Endowment 2, 25–36 (2009)
37. Zhi, X., Bai, K., Zhu, S.: Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In: Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 113–124. ACM (2012)
38. Zhang, F., Huang, H., Zhu, S., Dinghao, W., Liu, P.: Viewdroid: Towards obfuscation-resilient mobile application repackaging detection. In: Proceedings of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks(WiSec 2014). Citeseer (2014)
39. Zhang, M., Duan, Y., Yin, H., Zhao, Z.: Semantics-aware android malware classification using weighted contextual api dependency graphs. In: CCS 2014, pp. 1105–1116. ACM (2014)
40. Zhu, J., Wu, P., Wang, X., Zhang, J.: Sensec: Mobile security through passive sensing. In: 2013 International Conference on Computing, Networking and Communications (ICNC), pp. 1128–1133. IEEE (2013)