Skip to main content
SpringerLink
Log in

Android Security Analysis Based on Inter-application Relationships

  • Conference paper
  • First Online:
Information Science and Applications (ICISA) 2016

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 376))

Abstract

There is a large share market of Android operating system and the number of new malware on Android has a significantly upward trend in recent. The current studies identified a behavior that is dangerous or not by only analyzing each single application. In fact, there are many behaviors just discovered by analyzing on variety of applications which related to each other. This study proposes an inter-application analysis technique to detect sensitive data leakage. This technique allows to detect dangerous behavior which was not detected by using former techniques. The system, named IACDroid, was tested on DroidBench dataset and IAC Extended DroidBench datatset with the high accuracy. The authors create ten cases of inter-application communications to test the system. Besides the system was used to analyze over 1000 most popular applications on Android market. This study shows that there are many application groups in the real world. This groups perform sensitive data leakage by using inter-application communication.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 329.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. I.D. Corporation (2015). http://www.idc.com/prodserv/smartphone-os-market-share.jsp

  2. F-Secure (2014).https://www.f-secure.com/documents/996508/1030743/Mobile_Threat_Report_Q1_2014.pdf

  3. Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. Presented at the Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, Edinburgh, United Kingdom (2014)

    Google Scholar 

  4. Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. Presented at the Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, Bethesda, Maryland, USA (2011)

    Google Scholar 

  5. Fang, Z., Liu, Q., Zhang, Y., Wang, K., Wang, Z.: IVDroid: static detection for input validation vulnerability in android inter-component communication. In: Lopez, J., Wu, Y. (eds.) Information Security Practice and Experience, vol. 9065, pp. 378–392. Springer International Publishing (2015)

    Google Scholar 

  6. Feng, Y., Anand, S., Dillig, I., Aiken, A.: Apposcopy: semantics-based detection of android malware through static analysis. Presented at the Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, Hong Kong, China (2014)

    Google Scholar 

  7. Klieber, W., Flynn, L., Bhosale, A., Jia, L., Bauer, L.: Android taint flow analysis for app sets. Presented at the Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis, Edinburgh, United Kingdom (2014)

    Google Scholar 

  8. Li, L., Bartel, A., Bissyande, T., Klein, J., Le Traon, Y., Arzt, S., et al.: IccTA: detecting inter-component privacy leaks in android apps. Presented at the The 37th International Conference on Software Engineering (ICSE), Firenze, Italy (2015)

    Google Scholar 

  9. Li, L., Bartel, A., Klein, J., Le Traon, Y.: Automatically exploiting potential component leaks in android applications. In: 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 388–397 (2014)

    Google Scholar 

  10. Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., et al.: Effective inter-component communication mapping in android with epicc: an essential step towards holistic security analysis. Presented at the Proceedings of the 22nd USENIX Conference on Security, Washington, D.C. (2013)

    Google Scholar 

  11. Rasthofer, S., Arzt, S., Bodden, E.: A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks (2014)

    Google Scholar 

  12. Wei, F., Roy, S., Ou, X., Robby, X.: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. Presented at the Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, Arizona, USA (2014)

    Google Scholar 

  13. Spride, E.: DroidBench – Benchmarks, March 10, 2015. http://sseblog.ec-spride.de/tools/droidbench/

  14. Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. Presented at the Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, Illinois, USA (2009)

    Google Scholar 

  15. ApkTool (2015). https://github.com/iBotPeaches/Apktool

  16. dex2jar: Tools to work with android.dex and java.class files, May 20, 2015. https://github.com/pxb1988/dex2jar

  17. Vallée-Rai, R., Gagnon, E., Hendren, L., Lam, P., Pominville, P., Sundaresan, V.: Optimizing java bytecode using the soot framework: is it feasible? In: Watt, D. (ed.) Compiler Construction, vol. 1781, pp. 18–34. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  18. Bodden, E.: Inter-procedural data-flow analysis with IFDS/IDE and soot. Presented at the Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program Analysis, Beijing, China (2012)

    Google Scholar 

  19. Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R.: XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks. Technische Universitt Darmstadt Technical Report of Center for Advanced Security Research Darmstadt (2011)

    Google Scholar 

  20. Li, L., Bartel, A., Bissyandé, T., Klein, J., Le Traon, Y.: ApkCombiner: combining multiple android apps to support inter-app analysis. In: Federrath, H., Gollmann, D. (eds.) ICT Systems Security and Privacy Protection, vol. 455, pp. 513–527. Springer International Publishing (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Science and Technology, Hoa Sen University, Ho Chi Minh City, Vietnam

    Nguyen Tan Cam

  2. Faculty of Computer Network and Communication, University of Information Technology, Vietnam National University, Ho Chi Minh City, Vietnam

    Pham Van Hau & Tuan Nguyen

Authors
  1. Nguyen Tan Cam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pham Van Hau
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tuan Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nguyen Tan Cam .

Editor information

Editors and Affiliations

  1. Kyonggi University, iCatse Kyonggi University, Seongnam-si, Kyonggi-do, Korea (Republic of)

    Kuinam J. Kim

  2. Chair of IEEE CS STCOS, IBM T.J.Watson Research Center Chair of IEEE CS STCOS, Yorktown Heights, New York, USA

    Nikolai Joukov

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer Science+Business Media Singapore

About this paper

Cite this paper

Cam, N.T., Van Hau, P., Nguyen, T. (2016). Android Security Analysis Based on Inter-application Relationships. In: Kim, K., Joukov, N. (eds) Information Science and Applications (ICISA) 2016. Lecture Notes in Electrical Engineering, vol 376. Springer, Singapore. https://doi.org/10.1007/978-981-10-0557-2_68

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-0557-2_68

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-0556-5

  • Online ISBN: 978-981-10-0557-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation