2015 5-June 3 top papers on Android user privacy protection "2015.5-2015.6"

1. Turkey abant Izzet baysal Universities and Gazi University researchers are targeting existingAndroidRights Management can not be dynamically adjusted, the user is difficult to understand the meaning of permissions and so on, proposed a permission-based Android Malware detection method , and implements its prototype systemApkauditor. Apkauditorserver-side can be applied to user devices andGoogle Playthe app in the store uses the permission analysis and scores the security of each permission based on the probability theory method, gives the probability score applied to the malicious application by the formula, andLogisticThe regression method determines the critical value of a malicious application score. The experimental data set uses an openContagiomobile,Drebin,Android Malware Genomeprojectdata sets, total8762an application. Experimental results show thatAPK Auditormalware detection rates up to88%, false alarm rate0.46%. And compared to other jobs,Apkauditorall of the analysis work on the server side, do not need to occupy the mobile phone resources, and the method has a small time cost, soAPKsize does not make a limit. The online analysis address is:Http://app.ibu.edu.tr:8080/apkinspectoradmin, user name, password is "Guest/guest1 ". The results can be used in the mobile app Store to better improve the security of the mobile phone ecosystem. ( APK auditor:permission-based Android malwaredetection System, Digital investigation (SCI, if=0.986), June)


2. Researchers at McGill University in Canada and Shanghai Jiaotong University have proposed an application audit method based on static analysis and dynamic analysis to solve the problem of user privacy data leakage in existing Android applications. -appaudit, static analysis adopts a rough judgment method to ensure the speed of analysis, and on the dynamic analysis This paper presents a dynamic analysis method based on approximated execution (approximate execution), while only executing part of the code, Effectively guessing unknown variables to ensure that the analysis path as complete as possible. Experimental results in three public datasets (1400) show that the Appaudit method has a privacy leak detection rate of up to 99.3% and 0 false positives. The Appaudit method is up to 8.3 times times faster than existing work, and memory usage is reduced by 90%. Appaudit found 30 data disclosure vulnerabilities in real-world applications, a large part of which was due to the transmission of user data through non-encrypted HTTP connections by third-party ad modules, which fully illustrated the significance of the Appaudit to the store, app developers, and end users. The results can be used in the mobile app Store to better improve the security of the mobile phone ecosystem. ( effective Real-time Android application Auditing, [IEEE Symposium on Security Andprivacy], may 201 5)


3. Researchers at the College of Computer Science at the University of California, Santa Barbara , are posing as normal programs for malicious androidapp, confusing users with privacy breaches such as phishing attacks, and proposing a set of A scenario for implementing an attack, and a solution for hardening the system and alerting the user . This framework provides a set of attacks by analyzing the Android source code using automated tools, identifying hidden attack vectors and classifying them (which could allow the app to do phishing attacks or click hijacking attacks). To address these threats, 1) at the application market level, researchers have developed a tool that uses static analysis to identify code that could initiate a GUI attack, 2) at the terminal level, by adding indicators to the Navigationbar, Allows the user to be informed of the actual source of the running program and to compare it to a normal source to alert the user. By accessing and testing 308 of users, our tools help users to prevent such threats from happening. The project's attack code and the defensive prototype code have been open source (https://github.com/ucsb-seclab/android_ui_deception). (What's the App is?) Deception and Countermeasures in the Android User Interface, IEEE Symposium on Security and Privacy,may)

2015 5-June 3 top papers on Android user privacy protection "2015.5-2015.6"