Academic literature on the topic 'Android App Security Analysis'

This dissertation presents a new approach to static analysis for security vetting of Android apps, and a general framework called Argus-SAF. Argus-SAF determines points-to information for all objects in an Android app component in a flow and context-sensitive (user-configurable) way and performs data-flow and data dependence analysis for the component. Argus-SAF also tracks inter-component communication activities. It can stitch the component-level information into the app- level information to perform intra-app or inter-app analysis. Moreover, Argus-SAF is NDK/JNI- aware and can efficiently track precise data-flow across language boundary. This dissertation shows that, (a) the aforementioned type of comprehensive app analysis is utterly feasible in terms of computing resources with modern hardware, (b) one can easily leverage the results from this general analysis to build various types of specialized security analyses – in many cases the amount of additional coding needed is around 100 lines of code, and (c) the result of those specialized analyses leveraging Argus-SAF is at least on par and often exceeds prior works designed for the specific problems, which this dissertation demonstrate by comparing Argus-SAF’s results with those of prior works whenever the tool can be obtained. Since Argus-SAF’s analysis directly handles intercomponent and inter-language control and data flows, it can be used to address security problems that result from interactions among multiple components from either the same or different apps and among java code and native code. Argus-SAF’s analysis is sound in that it can assure the absence of the specified security problems in an app with well-specified and reasonable assumptions on Android runtime system and its library.

Mobile apps can make use of the rich data and sensors available on smartphones to offer compelling services. However, the use of sensitive resources by apps is not always justified, which has led to new kinds of privacy risks and challenges. While it is possible for app market owners and third-parties to analyze the privacy-related behaviors of apps, present approaches are difficult and tedious. I present two iterations of the design, implementation, and evaluation of a system, Gort, which enables more efficient app analysis, by reducing the burden of instrumenting apps, making it easier to find potential privacy problems, and presenting sensitive behavior in context. Gort interacts with apps while instrumenting them to detect sensitive information transmissions. It then presents this information along with the associated app context to a crowd of users to obtain their expectations and comfort regarding the privacy implications of using the app. Gort also runs a set of heuristics on the app to flag potential privacy problems. Finally, Gort synthesizes the information obtained through its analysis and presents it in an interactive GUI, built specifically for privacy analysts. This work offers three distinct new advances over the state of the art. First, Gort uses a set of heuristics, elicited through interviews with 12 experts, to identify potential app privacy problems. Gort heuristics present high-level privacy problems instead of the overwhelming amount of information offered through existing tools. Second, Gort automatically interacts with apps by discovering and interacting with UI elements while instrumenting app behavior. This eliminates the need for analysts to manually interact with apps or to script interactions. Third, Gort uses crowdsourcing in a novel way to determine whether app privacy leaks are legitimate and desirable and raises red flags about potentially suspicious app behavior. While existing tools can detect privacy leaks, they cannot determine whether the privacy leaks are beneficial or desirable to the user. Gort was evaluated through two separate user studies. The experiences from building Gort and the insights from the user studies guide the creation of future systems, especially systems intended for the inspection and analysis of software.

The aim of mining and analysis of Apps in Google Play, the largest Android app store, is to provide in-depth insight on the hidden properties of the repository to app developers or app market contributors. This approach can help them to view the current circumstances of the market and make valuable decisions before releasing products. To perform this analysis, all available features (descriptions of the app, app developer information, app version, updating date, category, number of download, app size, user rating, number of participants in rating, price, user reviews and security policies) are collected for the repositoryand stored in structured prole for each app. This scientic study is mainly divided into two approaches: measuring pair-wise correlations between extracted features and clustering the dataset into number of groups with functionally similar apps. Two distinct datasets are exploited to perform the study, one of which is collected from Google Play (in 2012) and another one from Android Market, the former version of Google Play (in 2011). As soon as experiments and analysis is successfully conducted, signicant levels of pair-wise correlations are identied between some features for both datasets, which are further compared to achieve a generalized conclusion. Finally, cluster analysis is done to provide a similarity based recommendation system through probabilistic topic modeling method that can resolve Google Play's deciency upon app similarity.

Android malware collusion is a new threat model that occurs when multiple Android apps communicate in order to execute an attack. This threat model threatens all Android users' private information and system resource security. Although recent research has made advances in collusion detection and classification, security analysts still do not have robust tools which allow them to definitively identify colluding Android applications. Specifically, in order to determine whether an alert produced by a tool scanning for Android collusion is a true-positive or a false-positive, the analyst must perform manual analysis of the suspected apps, which is both time consuming and prone to human errors. In this thesis, we present a new approach to definitive Android collusion detection and confirmation by rendering inter-component communications between a set of potentially collusive Android applications. Inter-component communications (abbreviated to ICCs), are a feature of the Android framework that allows components from different applications to communicate with one another. Our approach allows Android security analysts to inspect all ICCs within a set of suspicious Android applications and subsequently identify collusive attacks which utilize ICCs. Furthermore, our approach also visualizes all potentially collusive data-flows within each component within a set of apps. This allows analysts to inspect, step-by-step, the the data-flows that are currently used by collusive attacks, or the data-flows that could be used for future collusive attacks. Our tool effectively visualizes the malicious and benign ICCs in sets of proof-of-concept and real-world colluding applications. We conducted a user study which revealed that our approach allows for accurate and efficient identification of true- and false-positive collusive ICCs while still maintaining usability.<br>Master of Science

This thesis examines Security Enhanced Android. Both its policy and its additional security features are explored. The policy is examined in depth, providing a better understanding of the security provided by SE Android. We analyze the default SE Android policy. We identify a potential weakness and change the policy to facilitate control over communication channels. A proof-of-concept set of applications is developed to demonstrate how SE Android can be used to improve application security. The proof-of-concept policy is then analyzed to determine if security goals are met.

Thesis (M.S.)--Boston University<br>Android is a major mobile operating system pre-installed and shipped with more than 60% of smart-phones in the market. The open source nature of android en- courages developers to innovate wide-range of applications. Meantime, the sweeping android acceptance with individuals and industries caught the attention of malicious software writers, which led to a sharp increase of security threats. Such threats raise a deeper concern in financial and healthcare applications that are inherently bound to handle private and sensitive information. The research provides a deeper analysis on security vulnerabilities of android applications in finance and healthcare category, from official Google app store. It is proposed and implemented a security analysis framework that takes account of a wide range of vulnerability metrics to provide unified and quantified method of measuring android applications vulnerability. The framework implementation automated the process of crawling google's app store, downloading applications package to a repository and conducting vulnerability analysis. It automatically extracts security parameters, measures vulnerability metrics and generates vulnerability report. The security parameters were extracted from manifest, de-compiled source code and app store meta-data. The analysis, on the top 632 free apps from finance and medical category revealed that on average financial apps found to be more vulnerable than medical apps. Medical apps have the maximum value for all types of vulnerabilities. Furthermore, a descriptive statistical analysis on the vulnerability metrics revealed that there is a linear relationship between implicitly open components and the number of times they access sensitive android resources.