Abstract
There is a large share market of Android operating system and the number of new malware on Android has a significantly upward trend in recent. The current studies identified a behavior that is dangerous or not by only analyzing each single application. In fact, there are many behaviors just discovered by analyzing on variety of applications which related to each other. This study proposes an inter-application analysis technique to detect sensitive data leakage. This technique allows to detect dangerous behavior which was not detected by using former techniques. The system, named IACDroid, was tested on DroidBench dataset and IAC Extended DroidBench datatset with the high accuracy. The authors create ten cases of inter-application communications to test the system. Besides the system was used to analyze over 1000 most popular applications on Android market. This study shows that there are many application groups in the real world. This groups perform sensitive data leakage by using inter-application communication.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
I.D. Corporation (2015). http://www.idc.com/prodserv/smartphone-os-market-share.jsp
F-Secure (2014).https://www.f-secure.com/documents/996508/1030743/Mobile_Threat_Report_Q1_2014.pdf
Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. Presented at the Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, Edinburgh, United Kingdom (2014)
Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. Presented at the Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, Bethesda, Maryland, USA (2011)
Fang, Z., Liu, Q., Zhang, Y., Wang, K., Wang, Z.: IVDroid: static detection for input validation vulnerability in android inter-component communication. In: Lopez, J., Wu, Y. (eds.) Information Security Practice and Experience, vol. 9065, pp. 378–392. Springer International Publishing (2015)
Feng, Y., Anand, S., Dillig, I., Aiken, A.: Apposcopy: semantics-based detection of android malware through static analysis. Presented at the Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, Hong Kong, China (2014)
Klieber, W., Flynn, L., Bhosale, A., Jia, L., Bauer, L.: Android taint flow analysis for app sets. Presented at the Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis, Edinburgh, United Kingdom (2014)
Li, L., Bartel, A., Bissyande, T., Klein, J., Le Traon, Y., Arzt, S., et al.: IccTA: detecting inter-component privacy leaks in android apps. Presented at the The 37th International Conference on Software Engineering (ICSE), Firenze, Italy (2015)
Li, L., Bartel, A., Klein, J., Le Traon, Y.: Automatically exploiting potential component leaks in android applications. In: 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 388–397 (2014)
Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., et al.: Effective inter-component communication mapping in android with epicc: an essential step towards holistic security analysis. Presented at the Proceedings of the 22nd USENIX Conference on Security, Washington, D.C. (2013)
Rasthofer, S., Arzt, S., Bodden, E.: A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks (2014)
Wei, F., Roy, S., Ou, X., Robby, X.: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. Presented at the Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, Arizona, USA (2014)
Spride, E.: DroidBench – Benchmarks, March 10, 2015. http://sseblog.ec-spride.de/tools/droidbench/
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. Presented at the Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, Illinois, USA (2009)
ApkTool (2015). https://github.com/iBotPeaches/Apktool
dex2jar: Tools to work with android.dex and java.class files, May 20, 2015. https://github.com/pxb1988/dex2jar
Vallée-Rai, R., Gagnon, E., Hendren, L., Lam, P., Pominville, P., Sundaresan, V.: Optimizing java bytecode using the soot framework: is it feasible? In: Watt, D. (ed.) Compiler Construction, vol. 1781, pp. 18–34. Springer, Heidelberg (2000)
Bodden, E.: Inter-procedural data-flow analysis with IFDS/IDE and soot. Presented at the Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program Analysis, Beijing, China (2012)
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R.: XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks. Technische Universitt Darmstadt Technical Report of Center for Advanced Security Research Darmstadt (2011)
Li, L., Bartel, A., Bissyandé, T., Klein, J., Le Traon, Y.: ApkCombiner: combining multiple android apps to support inter-app analysis. In: Federrath, H., Gollmann, D. (eds.) ICT Systems Security and Privacy Protection, vol. 455, pp. 513–527. Springer International Publishing (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer Science+Business Media Singapore
About this paper
Cite this paper
Cam, N.T., Van Hau, P., Nguyen, T. (2016). Android Security Analysis Based on Inter-application Relationships. In: Kim, K., Joukov, N. (eds) Information Science and Applications (ICISA) 2016. Lecture Notes in Electrical Engineering, vol 376. Springer, Singapore. https://doi.org/10.1007/978-981-10-0557-2_68
Download citation
DOI: https://doi.org/10.1007/978-981-10-0557-2_68
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-0556-5
Online ISBN: 978-981-10-0557-2
eBook Packages: EngineeringEngineering (R0)