Advertisement

Android Applications Analysis Using PerUpSecure

  • Latifa Er-rajyEmail author
  • My Ahemed El Kiram
  • Mohamed El Ghazouani
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 911)

Abstract

Since its introduction in 2008, Google’s Android has been a blazing success, far outstripping the market share of all other mobile operating systems. Android ships more than one billion new devices each year, and more than 1.5 million new devices are activated every day. This growth was not without pain, however. Recent measures estimate that 96–97% of today’s mobile malware targets the Android operating system, and 73% of them are specifically designed to satisfy profit motives. In addition, as the system becomes more popular and scrutinized, the number of vulnerabilities identified has exploded. The security of Android is a key issue for Google, the mobile OS is - by far - the most popular in the world. The Android security mechanism is founded on an instrument that gives users all the information about the permissions requested by the application before installing it. The main benefit of this Android permission system is to provide users an overview of the application by showing them the requested permissions list, which can help raise awareness of its risks on their private data. However, we still do not have enough information to allow us to say that standard users are able to clearly understand the permissions requested and their implications for their security. In this article, we present a tool called “PerUpSecure” multiphases that combines dynamic and static analysis and contrary to what we know about the installation process of Android applications that puts in front of the user only two options, either he accepts all requested permissions or he cancels the installation, our proposed tool allows the user to install any application with only the necessary permissions. At the end of this article, we present the analysis results of a set of normal applications and malicious programs collected from different markets.

Keywords

Static analysis Permissions Sandboxing Repackaging Tool 

References

  1. 1.
    Deloitte: State of the smart Consumer and business usage patterns. Mobile, Glob. Surv. Consum. Cut, UK (2017)Google Scholar
  2. 2.
    IDC: Smartphone market shares (2017). https://www.idc.com/promo/smartphone-market-share/os
  3. 3.
    Suarez-tangil, G., Stringhini, G.: Eight Years of Rider Measurement in the Android Malware Ecosystem: Evolution and Lessons Learned, arXiv, pp. 1–18 (2017)Google Scholar
  4. 4.
    Rajesh, B., Reddy, P., Patil, M., Pareek, H.: Droidswan: detecting malicious android applications based on static. In: Conference on Communications Security & Information Assurance, May 2015Google Scholar
  5. 5.
    Ahvanooey, M.T., Li, P.Q., Rabbani, M., Rajput, A.R.: A survey on smartphones security: software vulnerabilities, malware, and attacks. Int. J. Adv. Comput. Sci. Appl. 8(10), 30–45 (2017)Google Scholar
  6. 6.
    Sarma, B., Li, N., Gates, C., Potharaju, R., Nita-rotaru, C., Lafayette, W.: Android Permissions: a perspective combining risks and benefits, pp. 13–22 (2012)Google Scholar
  7. 7.
    Reshetova, E., Karhunen, J., Nyman, T., Asokan, N.: Security of OS-level virtualization technologies. In: Conference Security, IT (2014)Google Scholar
  8. 8.
    Skillen, A., Van Oorschot, P.C.: Deadbolt: locking down android disk encryption∗. In: Proceedings of the Third ACM Workshop on Security and Privacy on Smartphones Mobile Devices, pp. 3–14. ACM (2013)Google Scholar
  9. 9.
    Wijesekera, P., Columbia, B., Baokar, A., Hosseini, A., Egelman, S., Wagner, D.: Android permissions remystified: a field study on contextual integrity T. In: USENIX Security Symposium, pp. 499–514 (2015)Google Scholar
  10. 10.
    Chen, K.Z., Johnson, N., Silva, S.D., Macnamara, K., Magrino, T., Wu, E., Rinard, M., Song, D.: Contextual policy enforcement in android applications with permission event graphs. In: NDSS (2013)Google Scholar
  11. 11.
    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of 18th Conference on Computer & Communications Security - CCS ’11, p. 627 (2011)Google Scholar
  12. 12.
    Zhang, X., Breitinger, F., Baggili, I.: Rapid Android Parser for Investigating DEX Files (RAPID), vol. 17, pp. 28–39 (2016)CrossRefGoogle Scholar
  13. 13.
    Barros, P., Millstein, S., Vines, P., Dietl, W., Amorim, M., Ernst, M.D.: Static analysis of implicit control flow: resolving Java reflection and android intents. In: 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE) (2015)Google Scholar
  14. 14.
    Ding, J.: PQEMU : A parallel system emulator based on QEMU. In: 2011 IEEE 17th International Conference Parallel Distributed Systems (2011)Google Scholar
  15. 15.
    A. Developers: UI/Application Exerciser Monkey. August, 2012. http://developer.android.com/%0Atools/help/monkey.html
  16. 16.
    G. Play: Android official market. https://play.google.com/store/apps
  17. 17.
    A. Market: AndroidBest. http://androidbest.ru/
  18. 18.
    A. Market: AndroidDrawer. http://www.androiddrawer.com/
  19. 19.
    A. Market: AndroidLife. http://androidlife.ru/
  20. 20.
    A. Market: Anruan. http://www.anruan.com/
  21. 21.
    A. Market: AppsApk. http://www.appsapk.com/
  22. 22.
    A. Market: PandaApp. http://android.pandaapp.com/
  23. 23.
    A. Market: SlideMEGoogle Scholar
  24. 24.
    Barrera, D., Van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to android. Security 1, 73–84 (2010)Google Scholar
  25. 25.
    Enck, W., Ongtang, M., Mcdaniel, P.: Understanding android security. IEEE Secur. Priv. (1), 50–57 (2009)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Latifa Er-rajy
    • 1
    Email author
  • My Ahemed El Kiram
    • 1
  • Mohamed El Ghazouani
    • 1
  1. 1.Department of Computer SciencesUniversity Cadi AyyadMarrakeshMorocco

Personalised recommendations