rpt@altervista

engineers just want to have fun

Google

How dangerous is your Android app?

[9 January 2015]


Lo scorso dicembre si è tenuta a Londra l'11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous 2014); nell'ambito nella sessione "Security and Privacy", il mio co-tesista Tao ha presentato una pubblicazione dal titolo "How dangerous is your Android app? An evaluation methodology", nata dalla nostra tesi e scritta assieme ai nostri relatori.

[architettura]

E' stata una grande soddisfazione vedere il nostro lavoro accolto e apprezzato anche al di fuori dell'ambito accademico; certamente però il mondo del mobile malware è costantemente in evoluzione, e per quanto il nostro possa essere un utile contributo bisognerebbe continuare ad aggiornarlo e svilupparlo... ma non lavorando nell'ambito della ricerca o sul tema della sicurezza, mi è difficile dedicarci le energie necessarie!

L'articolo si può trovare tramite il DOI 10.4108/icst.mobiquitous.2014.257832.

Riporto in seguito l'abstract:

In the last decade, we have witnessed an unprecedented increase in the adoption of mobile devices. A substantial number of these devices run on the Android operating system. Android is an open-source operating system based on Linux, which provides a permission-based security model that demands each application to request explicit permissions (approved by the user) before it can be installed to run. However, end users cannot estimate application risk, so the user's decision is almost completely unrelated to the application risk level. Moreover, due to the platform openness and the plethora of available software, dangerous apps (even if not necessarily malware) are now also very common for Android devices. In this paper we propose a new approach and a tool to evaluate the potential risk of Android application packages to help end user security awareness. The tool exploits both static and dynamic analysis techniques. It examines the correlations between app required permissions and the invoked APIs, as well as the contents in the package, and subsequently it uses a dynamic analysis module to confirm the suspicions proposed by static modules. The risk activities detected by analysis modules are then mapped into finer-grained risk categories and further evaluated using the fuzzy logic algorithm. Fuzzy logic aims to deal with uncertainty which arises from the nature of automatic analysis, as not all detected activities intend to cause harm. For the sake of both tech-uninterested and tech-savvy users, the results contain a simple numerical value showing the risk level plus a detailed report of detected activities and their mappings to the risk categories. Finally, we tested our software on a large set of real-world samples, demonstrating its efficiency and showing a reasonable capacity to identify and evaluate the potential risk of application packages, both the benign and the malicious ones.


L'articolo è stato citato in:

poli android pubblicazioni


Share on Facebook Share on Twitter