Browse > Article
http://dx.doi.org/10.3837/tiis.2019.03.031

A Probabilistic Test based Detection Scheme against Automated Attacks on Android In-app Billing Service  

Kim, Heeyoul (Department of Computer Science, Kyonggi University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.13, no.3, 2019 , pp. 1659-1673 More about this Journal
Abstract
Android platform provides In-app Billing service for purchasing valuable items inside mobile applications. However, it has become a major target for attackers to achieve valuable items without actual payment. Especially, application developers suffer from automated attacks targeting all the applications in the device, not a specific application. In this paper, we propose a novel scheme detecting automated attacks with probabilistic tests. The scheme tests the signature verification method in a non-deterministic way, and if the method was replaced by the automated attack, the scheme detects it with very high probability. Both the analysis and the experiment result show that the developers can prevent their applications from automated attacks securely and efficiently by using of the proposed scheme.
Keywords
In-app Billing; automated attack; probabilistic test; Android; security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 R.L. Rivest, A. Shamir and L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems," Communications of the ACM 21, vol. 21, no. 2, pp. 120-126, 1978.   DOI
2 M. Rabin, "Probabilistic algorithm for testing primality," Journal of Number Theory, vol. 12, no. 1, pp. 128-138, 1980.   DOI
3 H. Kim and S. Kim, "Securing Android In-app Billing Service against Automated Attacks," International Journal of Security and Its Applications, vol. 10, no. 7, pp. 259-268, 2016.
4 Mulliner, Collin, William Robertson, and Engin Kirda, "Virtualswindle: An automated attack against in-app billing on android," in Proc. of the 9th ACM symposium on Information, computer and communications security, pp. 459-470, 2014.
5 Li Ma, Lei GU and Jin Wang, "Research and Development of Mobile Application for Android Platform," International Journal of Multimedia and Ubiquitous Engineering, vol. 9, no. 4, pp. 187-198, 2014.   DOI
6 "In-App Purchase for Developers - Apple Developer," https://developer.apple.com/in-app-purchase/
7 "Use In-app Billing with AIDL," https://developer.android.com/google/play/billing/api
8 Aditya Kurniawan, Doni Nathaniel Pranama, Junius, and Martina Megasari, "Droidglance: Network Topology Generator and Device Security Assessment Application on Android Mobile Device," International Journal of Software Engineering and Its Applications, vol. 8, no. 5, pp. 189-204, 2014.
9 Sujit Biswas, Wang Haipeng and Javed Rashid, "Android Permissions Management at App Installing," International Journal of Security and Its Applications, vol. 10, no. 3, pp. 223-232, 2016.   DOI
10 Wang, Pei, Qinkun Bao, Li Wang, Shuai Wang, Zhaofeng Chen, Tao Wei and Dinghao Wu, "Software Protection on the Go: A Large-Scale Empirical Study on Mobile App Obfuscation," in Proc. of the 40th International Conference on Software Engineering (ICSE 2018). 2018.
11 "Freedom APK v3.0.1+Officially 2018," https://freedomapk.info/
12 "Google Play Console," https://developer.android.com/distribute/console/
13 "Use the Google Play Billing Library," https://developer.android.com/google/play/billing/billing_library_overview
14 R. Xu, H. Saidi and R. Anderson, "Aurasium: Practical Policy Enforcement for Android Applications," in USENIX Security Symposium, August 2012.
15 Reynaud, Daniel, Dawn Xiaodong Song, Thomas R. Magrino, Edward XueJun Wu, and Eui Chul Richard Shin, "FreeMarket: Shopping for free in Android applications," in NDSS, 2012.
16 Google, "In-app Billing Security and Design," http://developer.android.com/google/play/billing/billing_best_practices.html, 2016.