• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.499-502
• /
• 2017

스마트폰 보급률이 올라감에 따라 마켓에 등록되는 앱 또한 폭발적으로 증가하고 있다. 이에 따라 앱을 대상으로 하는 다양한 연구가 진행되고 있어 연구자에게 다양한 앱을 모으는 작업이 중요해지고 있다. 이 논문에서는 안드로이드 앱을 효율적으로 저장하는 저장소를 제안하고자 한다. 제안 시스템은 임의의 앱을 입력으로 받아 자동으로 분류 후 기존 앱과 차이점만을 저장하는 것으로 용량 절감 효과가 있다. 이 논문에서는 실험을 통해 제안 시스템이 앱을 자동으로 분류함을 보였으며, 35개 앱(7종의 서로 다른 앱 5개)을 대상으로 실험한 경우 약 37~40%의 용량 절감 효과가 있는 것으로 나타났다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.04a
• /
• pp.792-795
• /
• 2012

최근 오픈 소스 커뮤니티가 활성화되고 수많은 오픈 소스들이 공개되고 있어서 많은 개발자들이 오픈 소스를 활용하고 있다. 그러나 오픈 소스도 정해진 라이선스 기반으로 공개되므로 오픈 소스를 사용할 때는 반드시 라이선스를 확인해야 한다. 본 논문에서는 안드로이드 앱의 라이선스 위반이나 코드 도용을 확인할 수 있는 방법으로서 안드로이드 앱 사이의 API 메소드 호출 유사도를 측정하는 방법을 제안한다. 원본 프로그램과 도용된 프로그램은 유사한 API 메소드를 사용할 것임을 예상할 수 있기 때문에 API 메소드 호출이 유사한 것을 확인하면 간접적으로 코드 도용을 확인할 수 있다. 본 논문에서 개발한 API 유사도 측정 도구는 안드로이드 앱의 소스 코드를 필요로 하지 않고, 안드로이드 달빅(Dalvik) 바이트 코드로부터 직접 API 호출 명령어를 분석하여 유사도를 측정한다는 특징이 있다. 본 논문에서 구현한 도구의 평가를 위해서 API 호출 유사도 비교 실험을 수행하였다. 그 결과, 실제로 API 호출 유사도가 높았던 두 앱이 서로 공통된 모듈을 포함하고 있음을 밝혀내었다. 그리고 선행 연구에서 제안했었던 안드로이드 달빅 코드 전체에 대한 유사도 비교 도구보다 비교 속도가 35% 정도 향상된 것을 확인하였다.

• Journal of Internet Computing and Services
• /
• v.15 no.3
• /
• pp.31-43
• /
• 2014

Large number of Android mobile application has been developed and deployed through the Android open market by increasing android-based smart work device users recently. But, it has been discovered security vulnerabilities on malicious applications that are developed and deployed through the open market or 3rd party market. There are issues to leak user's personal and financial information in mobile devices to external server without the user's knowledge in most of malicious application inserted Trojan Horse forms of malicious code. Therefore, in order to minimize the damage caused by malignant constantly increasing malicious application, it is required a proactive detection mechanism development. In this paper, we analyzed the existing techniques' Pros and Cons to detect a malicious application and proposed discrimination and detection result using malicious application discrimination mechanism based on Jaccard similarity after collecting events occur in real-time execution on android-mobile devices.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.11
• /
• pp.6849-6855
• /
• 2014

Recently, with the increasing use of smart phones, security issues, such as safety and reliability of the use of the Android application has become a topic to provide services in various forms. An Android application is performed using several important files in the form of an apk file. On the other hand, they may be subject to unauthorized use, such as the loss of rights and privileges due to the insertion of malicious source code of these apk files. This paper examines the Android environment to study ways to define the threats related to the unauthorized use of the application source code, and based on the results of the analysis, to prevent unauthorized use of the application source code. In this paper, a system is provided using a third body to prevent and detect applications that have been counterfeited or forged illegally and installed on Android devices. The application provides services to existing systems that are configured with only the service server that provides users and applications general, This paper proposes the use of a trusted third party for user registration and to verify the integrity of the application, add an institution, and provide a safe application.

• Journal of Internet Computing and Services
• /
• v.16 no.2
• /
• pp.67-75
• /
• 2015

According to the changes of the mobile environments, the usage and interest of the Android apps have been increased. But the usage of illegally-copied apps has been also increased. And the transparency and dependability of the app markets has been decreased. Therefore there are many cases for the copyright infringement of app developers. Although several methods for preventing illegally-copied apps have been studied, there may exist possible ways to bypass the methods. Since it is difficult to find out the first distributors of the illegally-copied apps, it is not easy to punish them legally. This paper proposes the method of detecting illegally-copied apps. The proposed detector can detect the illegally-copied apps using odex file, which is created when the app is installed. The detector can also find out the information of the first distributors based on forensic watermark technique. Since the illegally-copied app detector is running as a service on the system server, it is granted that the detector hides from the users. As an experiment result, the illegally-copied app detector takes on average within 0.2 seconds to detect and delete an illegally-copied app.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.5
• /
• pp.309-316
• /
• 2014

It is easy to reverse engineer an Android app package file(APK) and get its decompiled source code. Therefore, attackers obtains economic benefits by illegally using the decompiled source code, or modifies an app by inserting malware. To address these problems in Android, we propose an APK overwrite scheme that protects apps against illegal modification of themselves by using a new anti-reverse engineering technique. In this paper, the targets are the apps which have been written by any programmer. For a target app (original app), server system (1) makes a copy of a target app, (2) encrypts the target app, (3) creates a stub app by replacing the DEX (Dalvik Executable) of the copied version with our stub DEX, and then (4) distributes the stub app as well as the encrypted target app to users of smartphones. The users downloads both the encrypted target app and the corresponding stub app. Whenever the stub app is executed on smartphones, the stub app and our launcher app decrypt the encrypted target app, overwrite the stub app with the decrypted target one, and executes the decrypted one. Every time the target app ends its execution, the decrypted app is deleted. To verify the feasibility of the proposed scheme, experimentation with several popular apps are carried out. The results of the experiment demonstrate that our scheme is effective for preventing reverse engineering and tampering of Android apps.

• Journal of Internet Computing and Services
• /
• v.14 no.6
• /
• pp.125-139
• /
• 2013

Distribution of malicious applications developed by attackers is increasing along with general normal applications due to the openness of the Android-based open market. Mechanism that allows more accurate ways to distinguish normal apps and malicious apps for common mobile devices should be developed in order to reduce the damage caused by the rampant malicious applications. This paper analysed the normal event pattern from the most highly used game apps in the Android open market to analyse the event pattern from normal apps and malicious apps of mobile devices that are based on the Android platform, and analysed the malicious event pattern from the malicious apps and the disguising malicious apps in the form of a game app among 1260 malware samples distributed by Android MalGenome Project. As described, experiment that extracts normal app and malicious app events was performed using Strace, the Linux-based system call extraction tool, targeting normal apps and malicious apps on Android-based mobile devices. Relevance analysis for each event set was performed on collected events that occurred when normal apps and malicious apps were running. This paper successfully extracted event similarity through this process of analyzing the event occurrence characteristics, pattern and distribution on each set of normal apps and malicious apps, and lastly suggested a mechanism that determines whether any given app is malicious.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1209-1223
• /
• 2018

Android apps are made up of bytecode, so they are vulnerable to reverse engineering, and protection services are emerging that robustly repackage the app to compensate. Unlike cryptographic algorithms, the robustness of these protection services depends heavily on hiding the protection scheme. Therefore, there are few systematic discussions about the protection method even if destruction techniques of the protection service are various. And it is implemented according to the intuition of the developer. There is a need to discuss systematic protection schemes for robust security chains, rather than simple deployment of techniques disrupting static or dynamic analysis. In this paper, we analyze bangcle, a typical commercial Android app protection service, to examine the protection structure and vulnerable elements. We propose the requirements for robust structure and principles of protection structure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1049-1055
• /
• 2013

Smartphones are rapidly growing because of easy installation of the apps (application software) that users actually want. There are increasingly many apps that require cryptographic suites to be installed, for instance, for protecting account and financial data. Android platform provides protection mechanisms for memory and storage based on Linux kernel, but they are vulnerable to rooting attacks. In this paper, we analyze security mechanisms of Android platform and point out security problems. We show the security vulnerabilities of several commercial apps and suggest appropriate countermeasures.

• Journal of KIISE
• /
• v.44 no.4
• /
• pp.352-362
• /
• 2017

This paper analyzes security threats in Security Enhanced (SE) Android and proposes a new technique to efficiently protect application data including private information on rooted Android phones. On an unrooted device, application data can be accessed by the application itself according to the access control models. However, on a rooted device, a root-privileged shell can disable part or all of the access control model enforcement procedures. Therefore, a root-privileged shell can directly access sensitive data of other applications, and a malicious application can leak the data of other applications outside the device. To address this problem, the proposed technique allows only some specific processes to access to the data of other applications including private information by modifying the existing SEAndroid Linux Security Module (LSM) Hook function. Also, a new domain type of process is added to the target system to enforce stronger security rules. In addition, the proposed technique separates the directory type of a newly installed application and the directory type of previously installed applications. Experimental results show that the proposed technique can effectively protect the data of each application and incur performance overhead up to or less than 2 seconds.