20 Hits in 5.5 sec

Using Provenance Patterns to Vet Sensitive Behaviors in Android Apps [chapter]

Chao Yang, Guangliang Yang, Ashish Gehani, Vinod Yegneswaran, Dawood Tariq, Guofei Gu
2015 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
More specifically, Dagger uses three types of low-level execution information at runtime: system calls, Android Binder transactions, and app process details.  ...  App process details are extracted from the Android /proc file system [6].  ...  Compared with CopperDroid, we find that Dagger misses one network behavior and 2 reading contact behaviors due to the failure of triggering the execution paths.  ... 
doi:10.1007/978-3-319-28865-9_4 fatcat:enuvfzcm7zcofn4csqsanmk3ve

Autonomous smartphone apps: self-compilation, mutation, and viral spreading [article]

Paul Brussee, Johan Pouwelse
2015 arXiv   pre-print
We pioneered survival skills for mobile software in order to overcome disrupted Internet access due to natural disasters and human made interference, like Internet kill switches or censored networks.  ...  We present the first smart phone tool that is capable of self-compilation, mutation and viral spreading.  ...  Because of a missing dependency CynogenMod was used for all tested devices running an Android API level higher than 18.  ... 
arXiv:1511.00444v2 fatcat:ci54tky3ejdjnbqdswjaffjodq

On Tracking Information Flows through JNI in Android Applications

Chenxiong Qian, Xiapu Luo, Yuru Shao, Alvin T.S. Chan
2014 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks  
Android provides native development kit through JNI for developing high-performance applications (or simply apps).  ...  Based on these insights, we propose and implement NDroid, an efficient dynamic taint analysis system for checking information flows through JNI.  ...  they were not designed specifically for apps using NDK.  ... 
doi:10.1109/dsn.2014.30 dblp:conf/dsn/QianLSC14 fatcat:vmht76nc7zbkdgxfativ2sqrou

Information flow based defensive chain for data leakage detection and prevention: a survey [article]

Ning Xi, Chao Chen, Jun Zhang, Cong Sun, Shigang Liu, Pengbin Feng, Jianfeng Ma
2021 arXiv   pre-print
analysis, etc.  ...  Research communities and industries have proposed many Information Flow Control (IFC) techniques for data leakage detection and prevention, including secure modeling, type system, static analysis, dynamic  ...  For those IoT apps which are boomed in recent years, general and comprehensive modeling tools are still missing due to the filed-specific features.  ... 
arXiv:2106.04951v1 fatcat:apib4mmp3va43dv5he7xu3aay4

Snap and split: an android application for bill payment using tesseract OCR

Sugamya Kata, Suresh Pabboju, Vinaya Babu, Anudeep Medishetti
2018 International Journal of Engineering & Technology  
Users can tap and pay the bills instantly.Tesseract is one of the best image recognition tools present and uses separate packs for various languages.  ...  It provides an option to tag users and telling them about the shared bill by pushing a notification.  ...  This work is a mobile application developed with JDK 1.8 and Android NDK 11.0 runs on android platform.  ... 
doi:10.14419/ijet.v7i4.5.21175 fatcat:ir3w7onhjrcxvp4s23utapqn4u

Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks

Qi Alfred Chen, Zhiyun Qian, Zhuoqing Morley Mao
2014 USENIX Security Symposium  
In our evaluation, we show that for 6 out of 7 popular Android apps, the UI state inference accuracies are 80-90% for the first candidate UI states, and over 93% for the top 3 candidates.  ...  any permissions.  ...  Gordon, the anonymous reviewers, and our shepherd, Jaeyeon Jung, for providing valuable feedback on our work.  ... 
dblp:conf/uss/ChenQM14 fatcat:qlb7hsjugrgfrin2ynrq7wxdma

Let the Cat Out of the Bag: Popular Android IoT Apps under Security Scrutiny

Efstratios Chatzoglou, Georgios Kambourakis, Christos Smiliotopoulos
2022 Sensors  
For the sake of easy monitoring and administration, such devices are typically accompanied by smartphone apps, which are becoming increasingly popular, and sometimes are even required to operate the device  ...  In seek of concrete answers to the aforesaid question, this work scrutinizes more than forty chart-topping Android official apps belonging to six diverse mainstream categories of IoT devices.  ...  Dynamic Analysis For the needs of dynamic analysis, we used a Genymotion rooted VM on top of an Oracle's VirtualBox on Android v8.0.  ... 
doi:10.3390/s22020513 pmid:35062473 pmcid:PMC8779354 fatcat:6va2zmnlvrevding7izu4rie4m

A first look at Android applications in Google Play related to COVID-19

Jordan Samhi, Kevin Allix, Tegawendé F Bissyandé, Jacques Klein
2021 Empirical Software Engineering  
In this study, we focus on the Android ecosystem and investigate Covid-related Android apps.  ...  early as January 2020; (2) Covid-related apps deliver digital tools to users (e.g., health diaries), serve to broadcast information to users (e.g., spread statistics), and collect data from users (e.g., for  ...  The apps are loaded with Androguard (2020), a static analysis tool for Android apps.  ... 
doi:10.1007/s10664-021-09943-x pmid:33903798 pmcid:PMC8059429 fatcat:3de4lgndabho5bveclbhhybrty

A First Look at Android Applications in Google Play related to Covid-19 [article]

Jordan Samhi, Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein
2021 arXiv   pre-print
In this study, we focus on the Android ecosystem and investigate Covid-related Android apps.  ...  early as January 2020; (2) Covid-related apps deliver digital tools to users (e.g., health diaries), serve to broadcast information to users (e.g., spread statistics), and collect data from users (e.g., for  ...  The apps are loaded with Androguard (Androguard 2020), a static analysis tool for Android apps.  ... 
arXiv:2006.11002v2 fatcat:bfp4io5phnedrfkh7bd5mpljzm

A Multi-Tier Security Analysis of Official Car Management Apps for Android

Efstratios Chatzoglou, Georgios Kambourakis, Vasileios Kouliaridis
2021 Future Internet  
On the other hand, the continuous tracking of the vehicle data by such apps may also pose a risk to the car owner, if, say, sensitive pieces of information are leaked to third parties or the app is vulnerable  ...  The apps are scrutinised statically with the purpose of not only identifying surfeits, say, in terms of the permissions requested, but also from a vulnerability assessment viewpoint.  ...  on the findings of taint analysis.  ... 
doi:10.3390/fi13030058 fatcat:lohzk2a4cfguvfplv2q2ws3iyy

Identifying Open-Source License Violation and 1-day Security Risk at Large Scale

Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, Wenke Lee
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  
Given the intense competition, the time to market is a critical factor for the success and profitability of an app.  ...  In order to shorten the development cycle, developers often focus their efforts on the unique features and workflows of their apps and rely on third-party Open Source Software (OSS) for the common features  ...  We thank the anonymous reviewers for their helpful feedback. This  ... 
doi:10.1145/3133956.3134048 dblp:conf/ccs/DuanBXKL17 fatcat:xmcdoac4ivecbe5jsatwu63raa

Automated Testing of Android Apps: A Systematic Literature Review

Pingfan Kong, Li Li, Jun Gao, Kui Liu, Tegawende F. Bissyande, Jacques Klein
2018 IEEE Transactions on Reliability  
Given the widespread adoption of Android and the specificities of its development model, the literature has proposed various testing approaches for ensuring that not only functional requirements but also  ...  Our thorough examination of the relevant literature has led to several findings and highlighted the challenges that Android testing researchers should strive to address in the future.  ...  A systematic literature review is indeed important to analyse the contributions of a community to resolve the challenges of a specific topic. In the case of Android testing, such a review is missing.  ... 
doi:10.1109/tr.2018.2865733 fatcat:rshkb3a3ajev5gce3crha5netm

Patterns for reusable android development [article]

Kristina Denise Hager
The Android Native Development Kit (NDK) provides the required support for developing and packaging native code for usage in Android.  ...  At the moment, the Android NDK is transitioning between Android Studio and Eclipse.  ...  example queries is available at [47] . • A demonstration of creating a Spatialite-Android JAR file from NDK components is available [3] . • A demonstration of using the Spatialite-Android JAR file I  ... 
doi:10.15781/t23j9x fatcat:4zon6emrvfes7ctfxaznlg572a

Safe Software Dissemination in Distributed Application Marketplaces

Timothy Vidas
The facility for consumers to augment the base functionality of a smartphone has not only acted as acatalyst for the rapid adoption of the smartphone but continues to encourage regular use of the device  ...  Today's smartphone represents not only a complex device akin to an always-connected Personal Computer (PC), butalso a relatively new mechanism for software dissemination.  ...  to a specific site and let the user know exactly for what the permission is used.  ... 
doi:10.1184/r1/7416413 fatcat:xoey5ufncvc3josug7iqki6l2a

Understanding and assessing security on Android via static code analysis [article]

Erik Derr, Universität Des Saarlandes, Universität Des Saarlandes
This dissertation presents a line of work that advances security testing on Android via static code analysis.  ...  We provide the first classification of Android's protected resources within the framework and generate precise API-to-permission mappings that excel over prior work.  ...  Android Permission Analysis. Finally, to demonstrate the benefits of our insights for security analysis of the framework, we conduct an Android permission analysis.  ... 
doi:10.22028/d291-27345 fatcat:sa3xk5p4xfhafpv2h46ff4btoy
« Previous Showing results 1 — 15 out of 20 results