On the effectiveness of API-level access control using bytecode rewriting in Android.

This work is the first systematic study on the effectiveness of using bytecode rewriting for API-level access control. ... We have provided a systematic evaluation to assess the effectiveness of API-level access control using bytecode rewriting on Android Operating System. ... EFFECTIVENESS OF API LEVEL ACCESS CONTROL To measure the effectiveness of the API-level access control using the methods described above, we need to understand what it is trying to protect and how these ...

doi:10.1145/2484313.2484317 dblp:conf/ccs/HaoSD13 fatcat:geln44uynngopptsdqdne6y7ba

URANOS is an Android application which uses syntactical static analysis to determine in which component of an Android application a permission is required. ... We show, how users can trigger bytecode rewriting to (de)activate selected or redundant permissions in Android applications without sacrificing functionality. ... Acknowledgements The research leading to these results has received funding from the European Union's FP7 project COMPOSE, under grant agreement 317862. ...

doi:10.1007/978-3-642-38530-8_4 fatcat:oxlkx7uur5f7vftsnkbhiukoda

automatic app localization, informing users of hidden behavior in apps, and updating apps depending on outdated APIs. ... We show that our system is capable of supporting a variety of useful policies, including providing flexible fine-grained network access control, building HTTPS-Everywhere functionality into apps, implementing ... Their work is based on a specialized replacement for some privacy-sensitive APIs and use Dalvik bytecode rewriting to modify apps to use their replacement API. ...

doi:10.1145/2462456.2464462 dblp:conf/mobisys/DavisC13 fatcat:sgzumimvyneodc5hdendkoc46a

Our system, PEDAL, contains a novel machine classifier for detecting ad libraries even in the presence of obfuscated code, and techniques for automatically instrumenting bytecode to effect privilege de-escalation ... We evaluate PEDAL on a large set of apps from the Google Play store and demonstrate that it has a 98% accuracy in detecting ad libraries and imposes less than 1% runtime overhead on apps. ... Acknowledgements We would like to thank our shepherd, Landon Cox, and the anonymous referees, for their insightful suggestions for improving the technical content and presentation of the paper. ...

doi:10.1145/2742647.2742668 dblp:conf/mobisys/LiuLJG15 fatcat:z7d2klkvgna5xoeoq6fse4ulqa

Besides, no effective mechanism is in place to distinguish malicious privacy leakage from those of legitimate uses. In this paper, we take a bytecode rewriting approach. ... As Android has become the most prevalent operating system in mobile devices, privacy concerns in the Android platform are increasing. ... In our experiment, we prepare a set of specific libraries which consist of Android SDK of API level 16 (Android 4.1, Jelly Bean), Google Maps of API level 16, Google Analytics SDK v2 and Google Admob SDK ...

doi:10.1145/2590296.2590312 dblp:conf/ccs/ZhangY14 fatcat:v65b5sfrrrfvlbi6g6taxubbea

AppCage leverages two complimentary user-level sandboxes to interpose and regulate an app's access to sensitive APIs. ... In this paper, we propose AppCage, a system that thoroughly confines the run-time behavior of third-party Android apps without requiring framework modifications or root privilege. ... This work was supported in part by the US National Science Foundation (NSF) under Grants 0855036 and 0952640. ...

doi:10.1145/2714576.2714598 dblp:conf/ccs/ZhouPWWJ15 fatcat:w5iqqjqyp5g2jozmif7ffa5zqu

In this paper, we present Sensor Guardian, a privacy protection system that mitigates this threat on Android by hooking and controlling applications' access to sensors. ... control. which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons ... JY participated in the Sensor Guardian's design and revised the manuscript. YW analyzed the experiment results and wrote the final version of the manuscript. ...

doi:10.1186/s13635-017-0061-8 fatcat:bguwnyw65rdtjhmzcbj6fin6je

DOAJ

As for functionalities, a BYOD solution should isolate an arbitrary number of entities, such as those relating to business and personal uses and provide fine-grained access control on multi-entity management ... Diverse personal devices are used to access enterprise resources, and deployment of the solutions with customized operating system (OS) dependency will thus be restricted. ... To eliminate the side effect of Android garbage collection when calculating memory usage, we used the tool dumpsys in Android Debug Bridge (adb) to get the maximal memory usage during the execution of ...

doi:10.1007/978-3-319-59608-2_1 fatcat:tmlogodjhvd4dmhlf7dvwksisu

We used these strategies to investigate fine-grained versions of five of the most common Android permissions, including access to the Internet, user contacts, and system settings. ... Google's Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access, GPS use, and telephony. ... Acknowledgements Thanks to Yixin Zhu for technical contributions to a precursor of this work and to Philip Phelps for help with the microbenchmarking app. ...

doi:10.1145/2381934.2381938 dblp:conf/ccs/JeonMVFRFM12 fatcat:3e6merthejgm7hyynikr75zhsq

For those suspicious applications, based on the reverse engineering, embed monitoring Smali code for those sensitive APIs such as sending SMS, accessing user location, device ID, phone number, etc. ... From experiments, it shows that almost 26% applications in Android market have privacy leakage risks. And our proposed method is feasible and effective for monitoring these kind of malicious behavior. ... The authors gratefully acknowledge the anonymous reviewers for their valuable comments. ...

dblp:journals/ijnsec/QianCXZ16 fatcat:p5k5iql4cjgwhf62afkwfn4z2m

Open Access

Its core technique is a bytecode decrypting and Dalvik executable (DEX) reassembling method, which is able to recover any protected bytecode effectively without the knowledge of the packer. ... A thorough investigation on 37,688 Android malware samples is conducted to take statistics of how widespread are those samples protected by Android packers. ... Acknowledgments We would like to thank our shepherd, Elias Athanasopoulos, and the anonymous reviewers for their insightful comments that greatly helped improve the manuscript of this paper. ...

doi:10.1007/978-3-319-26362-5_17 fatcat:xoxyebbexncjrhlagqkdje7oxe

We present our work in using the ACL2 theorem prover to formally model the Android platform and to formally verify Android apps. ... Our formal Android model is an executable simulator of a growing subset of the Android platform, and app proofs are done by automated symbolic execution of the app's event handlers using the formal model ... The proof methodology described in this paper, based on state machines and simulations, can verify a large class of app properties. ...

doi:10.1007/978-3-319-29613-5_11 fatcat:s7zqxdbnejhszjiyblwm4c5rpa

Both prototypes improve the privacy of Android systems thanks to in-vivo bytecode instrumentation. ... In this paper we claim that an efficient and readily applicable means to improve privacy of Android applications is: 1) to perform runtime monitoring by instrumenting the application bytecode and 2) in-vivo ... [20] presented an Android Application rewriting framework prototype, and discussed its use for monitoring an application, and for implementing fine-grained Access Control. ...

arXiv:1208.4536v2 fatcat:xvldrfefrfh3zlkoqwszkoyxxy

Multiple Versions

In the recovery stage, we use bytecode rewriting to alter app behavior as to avoid such situations in the future. ... Experiments on several real-world, popular Android apps and bugs show that our approach manages to recover the apps from crashes effectively, timely, and without introducing overhead. ... The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Army Research Laboratory ...

doi:10.1145/2642937.2642955 dblp:conf/kbse/AzimNM14 fatcat:4hdsy7qmr5c75cj4ackvs5vjey

The utility of AppGuard has already been demonstrated by more than 1,000,000 downloads. Android's security concept is based on isolation of third-party apps and access control [1] . ... -Our evaluation on typical Android apps has shown very little overhead in terms of space and runtime. ... and the Emmy Noether program of the German federal government. ...

doi:10.1007/978-3-642-54568-9_14 fatcat:oeino6qcrrcw3a7c57rkldvyhe

On the effectiveness of API-level access control using bytecode rewriting in Android

Preserved Fulltext

URANOS: User-Guided Rewriting for Plugin-Enabled ANdroid ApplicatiOn Security [chapter]

Preserved Fulltext

RetroSkeleton

Preserved Fulltext

Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps

Preserved Fulltext

Efficient, context-aware privacy leakage confinement for android applications without firmware modding

Preserved Fulltext

Hybrid User-level Sandboxing of Third-party Android Apps

Preserved Fulltext

Sensor Guardian: prevent privacy inference on Android sensors

Preserved Fulltext

AppShield: Enabling Multi-entity Access Control Cross Platforms for Mobile App Management [chapter]

Preserved Fulltext

Dr. Android and Mr. Hide

Preserved Fulltext

Malicious Behavior Monitoring for Android Applications

Preserved Fulltext

AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware [chapter]

Preserved Fulltext

Android Platform Modeling and Android App Verification in the ACL2 Theorem Prover [chapter]

Preserved Fulltext

In-Vivo Bytecode Instrumentation for Improving Privacy on Android Smartphones in Uncertain Environments [article]

Preserved Fulltext

Other Versions

Towards self-healing smartphone software via automated patching

Preserved Fulltext

AppGuard – Fine-Grained Policy Enforcement for Untrusted Android Applications [chapter]

Preserved Fulltext