Abstract
Numerous Android applications use the Internet to share and exchange data. Such data can range from posting simple status updates to private sensitive information such as the users’ location or business contacts. Popular Android applications from Google Play have been identified leaking private data to remote third party servers. Existing works focuses on protecting sensitive information from leaving the smartphone, or detecting which applications leak information based on API calls or the permission requests in their Manifest file. In this work, we propose to leverage the combination of static analysis and dynamic analysis to understand ultimately the network domain to which the Android applications are interacting. Network graphs are constructed and demonstrate implicitly the relation of application developers and the network domains used in the applications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Au, K., Zhou, Y., Huang, Z., Lie, D.: Pscout: analyzing the android permission specification. In: Proceedings of the 2012 ACM, CCS 2012, pp. 217–228. ACM (2012)
Enck, W., Gilbert, P., Chun, B., Cox, L., Jung, J., McDaniel, P., Sheth, A.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on OSDI, pp. 1–6 (2010)
Enck, W., Gilbert, P., Chun, B., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.: Taintdroid: an information flow tracking system for real-time privacy monitoring on smartphones. Communications of the ACM 57(3), 99–106 (2014)
Felt, A., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM, CCS 2011, pp. 627–638. ACM (2011)
Felt, A., Wang, H., Moshchuk, A., Hanna, S., Chin, E.: Permission re-delegation: attacks and defenses. In: USENIX Security Symposium (2011)
Google. Dalvik bytecode, November 2014
Google. Ui/application exerciser monkey, November 2014
Grace, M., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock android smartphones. In: NDSS (2012)
Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications. In: Proceedings of the 18th ACM, CCS 2011, pp. 639–652. ACM (2011)
Jääskeläinen, A., Takala, T., Katara, M.: Model-based GUI testing of Android applications. In: Experiences of Test Automation: Case Studies of Software Test Automation, chapter 14, pp. 253–275. Addison-Wesley (2012)
Sanders, C., Shah, A., Zhang, S.: Comprehensive analysis of the android google play’s auto-update policy. In: Lopez, J., Wu, Y. (eds.) ISPEC 2015. LNCS, vol. 9065, pp. 365–377. Springer, Heidelberg (2015)
Statista. Number of apps available in leading app stores as of May 2015 (2015)
Viennot, N., Garcia, E., Nieh, J.: A measurement study of google play. In: The 2014 ACM SIGMETRICS, pp. 221–233. ACM (2014)
Ryszard, W.: Android apktool: a tool for reverse engineering Android apk files, 2.0.0 rc2 edn., October 2014
Zhang, F., Huang, H., Zhu, S., Wu, D., Liu, P.: View-droid: towards obfuscation-resilient mobile application repackaging detection. In: Proceedings of WiSec 2014. ACM (2014)
Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang, X., Zang, B.: Vetting undesirable behaviors in android apps with permission use analysis. In: Proceedings of the ACM SIGSAC, CCS 2013, pp. 611–622. ACM (2013)
Zhang, Y., Yang, M., Yang, Z., Gu, G., Ning, P., Zang, B.: Permission use analysis for vetting undesirable behaviors in android apps (2013)
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95–109. IEEE (2012)
Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming information-stealing smartphone applications (on android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Fioravanti, M.E., Shah, A., Zhang, S. (2015). A Study of Network Domains Used in Android Applications. In: Qiu, M., Xu, S., Yung, M., Zhang, H. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science(), vol 9408. Springer, Cham. https://doi.org/10.1007/978-3-319-25645-0_35
Download citation
DOI: https://doi.org/10.1007/978-3-319-25645-0_35
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25644-3
Online ISBN: 978-3-319-25645-0
eBook Packages: Computer ScienceComputer Science (R0)