2015 5-June 3 top papers on Android user privacy protection "2015.5-2015.6"

Source: Internet
Author: User



1. Turkey abant Izzet baysal Universities and Gazi University researchers are targeting existingAndroidRights Management can not be dynamically adjusted, the user is difficult to understand the meaning of permissions and so on, proposed a permission-based Android Malware detection method , and implements its prototype systemApkauditor. Apkauditorserver-side can be applied to user devices andGoogle Playthe app in the store uses the permission analysis and scores the security of each permission based on the probability theory method, gives the probability score applied to the malicious application by the formula, andLogisticThe regression method determines the critical value of a malicious application score. The experimental data set uses an openContagiomobile,Drebin,Android Malware Genomeprojectdata sets, total8762an application. Experimental results show thatAPK Auditormalware detection rates up to88%, false alarm rate0.46%. And compared to other jobs,Apkauditorall of the analysis work on the server side, do not need to occupy the mobile phone resources, and the method has a small time cost, soAPKsize does not make a limit. The online analysis address is:Http://app.ibu.edu.tr:8080/apkinspectoradmin, user name, password is "Guest/guest1 ". The results can be used in the mobile app Store to better improve the security of the mobile phone ecosystem. ( APK auditor:permission-based Android malwaredetection System, Digital investigation (SCI, if=0.986), June)


2. Researchers at McGill University in Canada and Shanghai Jiaotong University have proposed an application audit method based on static analysis and dynamic analysis to solve the problem of user privacy data leakage in existing Android applications. -appaudit, static analysis adopts a rough judgment method to ensure the speed of analysis, and on the dynamic analysis This paper presents a dynamic analysis method based on approximated execution (approximate execution), while only executing part of the code, Effectively guessing unknown variables to ensure that the analysis path as complete as possible. Experimental results in three public datasets (1400) show that the Appaudit method has a privacy leak detection rate of up to 99.3% and 0 false positives. The Appaudit method is up to 8.3 times times faster than existing work, and memory usage is reduced by 90%. Appaudit found 30 data disclosure vulnerabilities in real-world applications, a large part of which was due to the transmission of user data through non-encrypted HTTP connections by third-party ad modules, which fully illustrated the significance of the Appaudit to the store, app developers, and end users. The results can be used in the mobile app Store to better improve the security of the mobile phone ecosystem. ( effective Real-time Android application Auditing, [IEEE Symposium on Security Andprivacy], may 201 5)


3. Researchers at the College of Computer Science at the University of California, Santa Barbara , are posing as normal programs for malicious androidapp, confusing users with privacy breaches such as phishing attacks, and proposing a set of A scenario for implementing an attack, and a solution for hardening the system and alerting the user . This framework provides a set of attacks by analyzing the Android source code using automated tools, identifying hidden attack vectors and classifying them (which could allow the app to do phishing attacks or click hijacking attacks). To address these threats, 1) at the application market level, researchers have developed a tool that uses static analysis to identify code that could initiate a GUI attack, 2) at the terminal level, by adding indicators to the Navigationbar, Allows the user to be informed of the actual source of the running program and to compare it to a normal source to alert the user. By accessing and testing 308 of users, our tools help users to prevent such threats from happening. The project's attack code and the defensive prototype code have been open source (https://github.com/ucsb-seclab/android_ui_deception). (What's the App is?) Deception and Countermeasures in the Android User Interface, IEEE Symposium on Security and Privacy,may)


2015 5-June 3 top papers on Android user privacy protection "2015.5-2015.6"

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.