ABSTRACT
User interface (UI) interactions are essential to Android applications, as many Activities require UI interactions to be triggered. This kind of UI interactions could also help malicious apps to hide their sensitive behaviors (e.g., sending SMS or getting the user's device ID) from being detected by dynamic analysis tools such as TaintDroid, because simply running the app, but without proper UI interactions, will not lead to the exposure of sensitive behaviors. In this paper we focus on the challenging task of triggering a certain behavior through automated UI interactions. In particular, we propose a hybrid static and dynamic analysis method to reveal UI-based trigger conditions in Android applications. Our method first uses static analysis to extract expected activity switch paths by analyzing both Activity and Function Call Graphs, and then uses dynamic analysis to traverse each UI elements and explore the UI interaction paths towards the sensitive APIs. We implement a prototype system SmartDroid and show that it can automatically and efficiently detect the UI-based trigger conditions required to expose the sensitive behavior of several Android malwares, which otherwise cannot be detected with existing techniques such as TaintDroid.
- Android market growth. http://android-developers.blogspot.com/2011/12/closer-look-at-10-billion-downloads.html.Google Scholar
- Android snapshot. http://pastebin.com/bCieGJVV.Google Scholar
- Antiy corp. ltd. http://www.antiy.com/cn/about/index.htm.Google Scholar
- Apktool. http://code.google.com/p/android-apktool/.Google Scholar
- Bouncer. http://googlemobile.blogspot.com/2012/02/android-and-security.html.Google Scholar
- Contagio. http://contagiominidump.blogspot.co.il/search/label/Russian.Google Scholar
- The horoscope app. https://play.google.com/store/apps/details?id=fr.telemaque.horoscope.Google Scholar
- Introducing google play. http://googleblog.blogspot.com/2012/03/introducing-google-play-all-your.html.Google Scholar
- Jni. http://developer.android.com/guide/practices/jni.html.Google Scholar
- Operaupdater. http://www.18digi.com/news/7361/tencent-security-laboratory-december-11-mobile-phone-viruses/.Google Scholar
- Sensitive apis. http://www.android-permissions.org/.Google Scholar
- A. K. Benjamin Davis, Ben Sanders and H. Chen. I-arm-droid: A rewriting framework for in-app reference monitors for android applications. In Proceedings of the Mobile Security Technologies 2012, MOST '12. IEEE, 2012.Google Scholar
- I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani. Crowdroid: behavior-based malware detection system for android. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, SPSM '11, pages 15--26, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- P. P. Chan, L. C. Hui, and S. M. Yiu. Droidchecker: analyzing android applications for capability leak. In Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks, WISEC '12, pages 125--136, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
- E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in android. In Proceedings of the 9th international conference on Mobile systems, applications, and services, MobiSys '11, pages 239--252, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- S. Dienst and T. Berger. Mining interactions of android applications static analysis of dalvik bytecode. Technical report, Department of Computer Science, University of Leipzig, Germany, May 2011. Technical Note.Google Scholar
- W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, OSDI'10, pages 1--6, Berkeley, CA, USA, 2010. USENIX Association. Google ScholarDigital Library
- W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of android application security. In Proceedings of the 20th USENIX conference on Security, SEC'11, pages 21--21, Berkeley, CA, USA, 2011. USENIX Association. Google ScholarDigital Library
- A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In Proceedings of the 18th ACM conference on Computer and communications security, CCS '11, pages 627--638, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner. A survey of mobile malware in the wild. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, SPSM '11, pages 3--14, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- C. Gibler, J. Crussell, J. Erickson, and H. Chen. Androidleaks: Automatically detecting potential privacy leaks in android applications on a large scale. In Proceedings of the 5th International Conference on Trust & Trustworthy Computing, TRUST '12, pages 291--307, Vienna, Austria, 2012. Google ScholarDigital Library
- P. Gilbert, B.-G. Chun, L. P. Cox, and J. Jung. Vision: automated security validation of mobile apps at app markets. In Proceedings of the second international workshop on Mobile cloud computing and services, MCS '11, pages 21--26, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- C. Hu and I. Neamtiu. Automating gui testing for android applications. In Proceedings of the 6th International Workshop on Automation of Software Test, AST '11, pages 77--83, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- E. Manuel, K. Christopher, K. Engin, and V. Giovanni. Pios: Detecting privacy leaks in ios applications. In Proceedings of the 19th Network and Distributed System Security Symposium, NDSS '11, 2011.Google Scholar
- G. Michael, Z. Yajin, W. Zhi, and J. Xuxian. Systematic detection of capability leaks in stock android smartphones. In Proceedings of the 19th Network and Distributed System Security Symposium, NDSS '12, 2012.Google Scholar
- J. Midtgaard and T. P. Jensen. Control-flow analysis of function calls and returns by abstract interpretation. In Proceedings of the 14th ACM SIGPLAN international conference on Functional programming, ICFP '09, pages 287--298, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- A. Saswat, N. Mayur, Y. Hongseok, and J. H. Mary. Automated concolic testing of smartphone apps. In Proceedings of the ACM Symposium on Foundations of Software Engineering, FSE '12, March 2012. Google ScholarDigital Library
- A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, and Y. Weiss. "andromaly": a behavioral malware detection framework for android devices. J. Intell. Inf. Syst., 38(1):161--190, Feb. 2012. Google ScholarDigital Library
- B. Thomas, B. Leonid, S. Aubrey-Derrick, and A. C. Seyit. An android application sandbox system for suspicious software detection. In Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on, Malware '10, pages 55--62, 2012.Google Scholar
- X. J. Yajin Zhou. Dissecting android malware: Characterization and evolution. Security and Privacy, IEEE Symposium on, 0:95--109, 2012. Google ScholarDigital Library
- W. Zhou, Y. Zhou, X. Jiang, and P. Ning. Detecting repackaged smartphone applications in third-party android marketplaces. In Proceedings of the second ACM conference on Data and Application Security and Privacy, CODASPY '12, pages 317--326, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
Index Terms
- SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications
Recommendations
Android Applications Repackaging Detection Techniques for Smartphone Devices
The problem of malwares affecting Smartphones has been widely recognized by the researchers across the world. Majority of these malwares target Android OS. Studies have found that most of the Android malwares hide inside repackaged apps to get inside ...
Permission-Educator: App for Educating Users About Android Permissions
Intelligent Human Computer InteractionAbstractCyberattacks and malware infestation are issues that surround most operating systems (OS) these days. In smartphones, Android OS is more susceptible to malware infection. Although Android has introduced several mechanisms to avoid cyberattacks, ...
Machine Learning for Android Malware Detection Using Permission and API Calls
ICTAI '13: Proceedings of the 2013 IEEE 25th International Conference on Tools with Artificial IntelligenceThe Google Android mobile phone platform is one of the most anticipated smartphone operating systems on the market. The open source Android platform allows developers to take full advantage of the mobile operation system, but also raises significant ...
Comments