Browse > Article
http://dx.doi.org/10.13089/JKIISC.2016.26.1.169

DroidSecure: A Technique to Mitigate Privilege Escalation in Android Application  

Nguyen-Vu, Long (Soongsil University)
Jung, Souhwan (Soongsil University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.26, no.1, 2016 , pp. 169-176 More about this Journal
Abstract
Android platform is designed to be user-friendly, yet sometimes its convenience introduces vulnerabilities that normal users cannot justify. In this paper, after making an overview of popular open source analysis tools for android applications, we point out the dangerous use of Permission Group in current Google Policy, and suggest a technique to mitigate the risks of privilege escalation that attackers are taking advantage of. By conducting the investigation of 21,064 malware samples, we conclude that the proposed technique is considered effective in detecting insecure application update, as well as giving users the heads-up in security awareness.
Keywords
Android Security; Privilege Escalation; Mobile Malware;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Smartphone OS Market Share, Q1 2015,http://www.idc.com/prodserv/smartpho ne-os-market-share.jsp
2 2014 Mobile Threat Report, https://www.lookout.com/resources/reports/mobile-threat-report
3 Android Group Permissions, https://support.google.com/googleplay/answer/6014972?p=app_permissions
4 Yajin Zhou, Zhi Wang, Wu Zhou and Xuxian Jiang, "Hey, You, Get off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets," Proceedings of the 19th Network and Distributed System Security Symposium, Feb. 2012.
5 Borja Sanz et al., "PUMA: Permission Usage to Detect Malware in Android," International Joint Conference CISIS'12-ICEUTE'12-SOCO'12, pp. 289-298, 2013
6 Android Permission Group, https://web.archive.org/web/20150319134451/http s://developer.android.com/reference/an droid/Manifest.permission_group.html.
7 Android Permission Group Update, https://developer.android.com/reference/android/Manifest.permission_group.html
8 Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M.S., Conti, M., and Rajarajan, M. "Android Security: A Survey of Issues, Malware Penetration and Defenses," Communications Surveys & Tutorials, vol.17, no.2, pp. 998-1022, 2015.   DOI
9 Play Store App: PPS (for Mobile), https://play.google.com/store/apps/details?id=tv.pps.mobile
10 Malware Android/System Monitor, https://www.virustotal.com/en/file/c98465 d75f31591b53345974eaa638faf0807f94ef 5f694c633fe4f6d5f547a3/analysis/1440845487/
11 Play Store App: Face Changer, https://play.google.com/store/apps/details?id=com.scoompa.facechanger
12 Malware Android/AdDisplay, https://www.virustotal.com/en/file/d26327e28c624bfbd99c45035344ccdbc125e8f30b9aace 842dc40f029825a0b/analysis/1440848439/
13 Play Store App: Talking Stanta, https://play.google.com/store/apps/details?id=com.outfit7.talkingsantafree
14 Androwarn, https://github.com/maaaaz/androwarn
15 Malware SMSKey1, https://www.virust otal.com/en/file/788b5b0b06cdfcd4f3d1 62b1090d722a7aae37c114d518eceae1730ceec6b070/analysis/1440853733/
16 Malware SMSKey2, https://www.virust otal.com/en/file/ca04bc361f83d028138c 65cc88110ce1ab27e14423715e8070c2486e200e2205/analysis/1440853768/
17 Androguard, https://github.com/androguard/androguard
18 APKinspector, https://github.com/honeynet/apkinspector
19 DidFail, https://www.cs.cmu.edu/-wklieber/didfail
20 Amandroid, https://github.com/sireum/amandroid
21 CFGScanDroid, https://github.com/douggard/CFGScanDroid
22 Maldrolyzer, https://github.com/maldroid/maldrolyzer
23 Ella, https://github.com/saswatanand/ella
24 Droidbox, https://code.google.com/p/droidbox
25 TaintDroid, https://github.com/TaintDroid
26 AndroidHooker, https://github.com/AndroidHooker/hooker
27 Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., and Vigna, G, "Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications," Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS) Feb. 2014
28 Android M Permissions: https://www.androidpit.com/android-m-permissions-explained