Filters








2,359 Hits in 4.9 sec

To Update or Not to Update

Vincent F. Taylor, Ivan Martinovic
2017 Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security - ASIA CCS '17  
In many cases, app updates serve to increase the number of distinct vulnerabilities contained within apps, especially for popular apps.  ...  Our research is two-fold: we take quarterly snapshots of the Google Play Store over a twoyear period to understand how permission usage by apps has changed; and we analyse 30,000 apps to understand how  ...  Taylor is supported by a Rhodes Scholarship and the UK EPSRC.  ... 
doi:10.1145/3052973.3052990 dblp:conf/ccs/TaylorM17 fatcat:2fxpfqoab5fkrcyn2xlyk7o2ji

Short Paper: A Longitudinal Study of Financial Apps in the Google Play Store [chapter]

Vincent F. Taylor, Ivan Martinovic
2017 Lecture Notes in Computer Science  
We analyse 10,400 apps to understand how apps in general and financial apps in particular have evolved over the past two years in terms of dangerous permission usage and the vulnerabilities they contain  ...  Moreover, we discover that while financial apps tend to have less vulnerabilities, the rate of increase in vulnerabilities in financial apps is three times as much as that of other apps.  ...  Taylor is supported by a Rhodes Scholarship and the UK EPSRC.  ... 
doi:10.1007/978-3-319-70972-7_16 fatcat:hwww6dmdlrecjnk3kdvfcp5xka

The impact of vendor customizations on android security

Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
Such provenance analysis allows for proper attribution of detected security issues in the examined Android images.  ...  Our evaluation results are worrisome: vendor customizations are significant on stock Android devices and on the whole responsible for the bulk of the security problems we detected in each device.  ...  Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the NSF.  ... 
doi:10.1145/2508859.2516728 dblp:conf/ccs/WuGZWJ13 fatcat:bo5ynxv6wvdsno2733lpxleysq

Scalable Online Vetting of Android Apps for Measuring Declared SDK Versions and Their Consistency with API Calls [article]

Daoyuan Wu and Debin Gao and David Lo
2020 arXiv   pre-print
by remote code execution, and half of them invoke the vulnerable API via embedded third-party libraries.  ...  To successfully analyze a modern dataset of 22,687 popular apps (with an average app size of 25MB), we design a scalable approach that operates on the Android bytecode level and employs a lightweight bytecode  ...  This work is partially supported by a direct grant (ref. no. 4055127) from The Chinese University of Hong Kong.  ... 
arXiv:1912.12982v3 fatcat:m4wr4ce3pbdgvimitecn5yaqgy

On the Evolution of Mobile App Complexity

Jun Gao, Li Li, Tegawende F. Bissyande, Jacques Klein
2019 2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS)  
This process leads a trail in the ecosystem with multiple successive app versions which record historical evolutions of a variety of apps.  ...  In this work, we fill this gap by presenting a largescale empirical study: we leverage the AndroZoo dataset to obtain a significant number of app lineages (i.e., successive releases of the same Android  ...  (2) nature updates do not really impact on the complexity of Android apps, (3) the update of Android framework could mitigate app complexity but very limited, (4) complexity evolution is more like to wavily  ... 
doi:10.1109/iceccs.2019.00029 dblp:conf/iceccs/Gao0BK19 fatcat:bqg5s7cqy5fi7pj2qwl3ulovw4

A Preliminary Study On the Sustainability of Android Malware Detection [article]

Haipeng Cai
2018 arXiv   pre-print
However, due to the evolution of Android platforms and malware, existing such techniques are widely limited by their need for constant retraining that are costly, and reliance on new malware samples that  ...  Our study reveals, during the long evolution, a consistent, clear differentiation between malware and benign apps regarding such accesses, measured by relative statistics of relevant method calls.  ...  More importantly, our characterization aims at a longitudinal examination of the evolution of Android apps.  ... 
arXiv:1807.08221v3 fatcat:jexir6e6lvbsddcgqmvq4e7ubi

DCDroid

Yingjie Wang, Xing Liu, Weixuan Mao, Wei Wang
2019 Proceedings of the ACM Turing Celebration Conference - China on - ACM TURC '19  
By analyzing the categories, ranks and version evolution of these detected vulnerable apps, we find * Corresponding author.  ...  in Android apps) with the combination of static analysis and dynamic analysis.  ...  ACKNOWLEDGEMENTS The work reported in this paper was supported in part by Natural Science Foundation of China, under Grant U1736114, and in part by National Key R&D Program of China, under grant 2017YFB0802805  ... 
doi:10.1145/3321408.3326665 dblp:conf/acmturc/WangLM019 fatcat:7gj2yd6huncrzj3uwtkd5op7ry

An investigation study for risk calculation of security vulnerabilities on android applications

Radhwan M. Abdullah, Abedallah Zaid Abualkishik, Najla Matti Isaacc, Ali A. Alwan, Yonis Gulzar
2022 Indonesian Journal of Electrical Engineering and Computer Science  
We conduct a comprehensive review of the leading studies accomplished on investigating the vulnerabilities of the applications for the Android mobile platform.  ...  The review examines various well-known vulnerabilities prediction models and highlights the sources of the vulnerabilities, prediction technique, applications and the performance of these models.  ...  ACKNOWLEDGMENT The authors are very grateful to the University of Mosul/College of Agriculture and Forestry for their provided facilities, which helped to improve the quality of this work.  ... 
doi:10.11591/ijeecs.v25.i3.pp1736-1748 fatcat:2bwar445ozgvhepykjsh4vhjay

Darwin: a static analysis dataset of malicious and benign Android apps

Nuthan Munaiah, Casey Klimkowsky, Shannon McRae, Adam Blaine, Samuel A. Malachowsky, Cesar Perez, Daniel E. Krutz
2016 Proceedings of the International Workshop on App Market Analytics - WAMA 2016  
In order to address these issues, we need a better understanding of the apps we use everyday.  ...  The Android platform comprises the vast majority of the mobile market.  ...  Analyzing multiple app versions can be extremely useful in understanding the evolution of quality and security attributes.  ... 
doi:10.1145/2993259.2993264 dblp:conf/sigsoft/MunaiahKMBMPK16 fatcat:itsgtv6favffnk2jsnflc3bhrq

AndroZoo++: Collecting Millions of Android Apps and Their Metadata for the Research Community [article]

Li Li, Jun Gao, Médéric Hurier, Pingfan Kong, Tegawendé F. Bissyandé, Alexandre Bartel, Jacques Klein, Yves Le Traon
2017 arXiv   pre-print
We present a growing collection of Android apps collected from several sources, including the official Google Play app market and a growing collection of various metadata of those collected apps aiming  ...  at facilitating the Android-relevant research works.  ...  Conclusion We have presented the AndroZoo dataset of millions of Android apps collected from various data sources and their metadata collected via various means.  ... 
arXiv:1709.05281v1 fatcat:fizz6iwbuvbehgckc5iexj3x2a

Ghera

Joydeep Mitra, Venkatesh-Prasad Ranganath
2017 Proceedings of the 13th International Conference on Predictive Models and Data Analytics in Software Engineering - PROMISE  
This has fueled the development of techniques to automatically detect vulnerabilities in mobile apps and help developers secure their apps; specifically, in the context of Android platform due to openness  ...  Despite a slew of research efforts in this space, there is no comprehensive repository of up-to-date and lean benchmarks that contain most of the known Android app vulnerabilities and, consequently, can  ...  To appreciate this characteristic, consider a vulnerability that was affected by the rapid evolution of Android framework -evolved from level (version) 1 thru 25 from 2008 to 2017.  ... 
doi:10.1145/3127005.3127010 dblp:conf/promise/MitraR17 fatcat:vrvln3mcybbn5er45ovurbecpy

Mining AndroZoo: A Retrospect

Li Li
2017 2017 IEEE International Conference on Software Maintenance and Evolution (ICSME)  
AndroZoo is a growing collection of Android apps from various markets including the official Google Play. At the moment, over five million Android apps have been collected.  ...  This paper presents a retrospect of an Android app collection named AndroZoo and some research works conducted on top of the collection.  ...  App Evolution Analysis App Variant Analysis.  ... 
doi:10.1109/icsme.2017.49 dblp:conf/icsm/Li17 fatcat:nsi57zsvivcgndoatsnqxlh5fm

A Journey Through Android App Analysis: Solutions and Open Challenges

Jacques Klein
2021 Proceedings of the 2021 International Symposium on Advanced Security on Software and Systems  
tools, and other artifacts (such as repositories) making the analysis of Android apps possible.  ...  We will conclude by listing several open challenges that we are currently facing towards improving the analysis and security of Android apps.  ...  In the literature, the set of the successive versions of a given app is defined as "app lineage". However, investigating these app lineages, i.e., the evolution of Android apps, is not trivial.  ... 
doi:10.1145/3457340.3458298 fatcat:ei5vjazjz5akrgj5nlt3cvfodm

Permission evolution in the Android ecosystem

Xuetao Wei, Lorenzo Gomez, Iulian Neamtiu, Michalis Faloutsos
2012 Proceedings of the 28th Annual Computer Security Applications Conference on - ACSAC '12  
Unfortunately, we have little understanding of the evolution of Android permissions since their inception (2008). Is the permission model allowing the Android platform and apps to become more secure?  ...  In this paper, we present arguably the first longterm study that is centered around both permission evolution and usage, of the entire Android ecosystem (platform, third-party apps, and pre-installed apps  ...  In this paper, we study the evolution of the Android ecosystem to understand whether the permission model is allowing the platform and its apps to become more secure.  ... 
doi:10.1145/2420950.2420956 dblp:conf/acsac/WeiGNF12 fatcat:rqi4joi42ffcpjs2wwvtlch75e

Upgrading Your Android, Elevating My Malware: Privilege Escalation through Mobile OS Updating

Luyi Xing, Xiaorui Pan, Rui Wang, Kan Yuan, XiaoFeng Wang
2014 2014 IEEE Symposium on Security and Privacy  
apps designed to exploit Pileup vulnerabilities, based upon the vulnerability-related information automatically collected from newly released Android OS images.  ...  Specifically, we found that by exploiting the Pileup vulnerabilities, the app can not only acquire a set of newly added system and signature permissions but also determine their settings (e.g., protection  ...  ACKNOWLEDGEMENTS This work is supported in part by the NSF CNS-1017782, 1117106, 1223477 and 1223495. We also thank Shaz Qadeer for his help on VeriFast.  ... 
doi:10.1109/sp.2014.32 dblp:conf/sp/XingPWYW14 fatcat:2f3lpfsw5be63geybh7pjrjlu4
« Previous Showing results 1 — 15 out of 2,359 results