• Information and Communications Magazine
• /
• v.29 no.8
• /
• pp.65-71
• /
• 2012

스마트폰을 비롯한 다양한 모바일 기기 보급이 급속도로 증가하고 있고, 이들 기기에 저장된 각종 개인정보에 대한 불법적 접근을 노라는 악성 앱들로 인한 피해가 발생하고 있다. 이들 위변조 앱 출현의 원인 중의 하나는 앱 실행화일의 역컴파일이 쉽기 때문이다. 앱 역컴파일이 쉽게 이루어지지 않도록 하기 위한 기술 중의 하나가 코드 난독화 기술이다. 따라서, 본 고에서는 일반적인 난독화 기술들을 분류하고, 현존하는 안드로이드, 아이폰, 윈도폰에 적용가능한 난독화 도구들의 기능에 대하여 조사 분석한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2014.01a
• /
• pp.75-76
• /
• 2014

스마트폰의 처리장치 능력이 점점 향상되고, 스마트폰에 장착된 센서들이 점점 더 소형화되면서 동시에 정확해짐에 따라 지능적인 스마트폰 애플리케이션이 무수히 출시되고 있다. 본 논문은 안드로이드 스마트폰의 GPS 센서 값을 이용하여 차량이 정지상태인지 아닌지를 판정하는 앱을 소개한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.04a
• /
• pp.7-9
• /
• 2012

본 논문에서는 안드로이드 폰을 이용하여 쿼드콥터의 모터 속도를 원격으로 제어하기 위한 사용자 인터페이스 기법을 제시한다. 제시한 기법은 내부적으로 JSON 프로토콜을 사용하여 메시지를 생성하고 UDP 소켓을 통하여 인터넷과 무선 통신한다. 제시한 기법의 타당성을 검토하기 위하여 Nexus S 안드로이드 폰에 앱 프로그램을 구현하고 Falinux(주)의 G100-S3C6410 보드를 이용하여 쿼드콥터 원격제어를 실험하였다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.429-432
• /
• 2012

Mobile devices diffusion begins by the iPhone and spreads by the Android. A widely used mobile devices is Smartphone(iPhone, Android, Bada, WindowPhone7, BlackBerry, etc) and Tablet(iPad, Android). In the past, we have developed a dedicated application for device. But, Now we must develop a application by considering the characteristics of the operating system. Accordingly, many problems occurred and other developmet methods have emerged. In this paper, we learn about MobileHybridApp development tool-oriented One Source Multi Use-and compare the differences, propose a method to develop context-sensitive.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.9-15
• /
• 2012

In recently years, repackaged malwares are becoming increased rapidly in Android smartphones. The repackaging is a technique to disassemble an app in a market, modify its source code, and then re-assemble the code, so that it is commonly used to make malwares by inserting malicious code in an app. However, it is impossible to collect all the apps in many android markets including too many apps. To solve the problem, we propose RePAD (RePackaged App Detector) scheme that is composed of a client and a remote server. In the smartphone-side, the client extracts the information of an app with low CPU overhead when a user installs the app. The remote server analyzes the information to decide whether the app is repackaged or not. Thus, the scheme reduces the time and cost to decide whether apps are repackaged. For the experiments, the client and server are implemented as an app on Galaxy TAB and PC respectively. We indicated that seven pairs of apps among ones collected in official and unofficial market are repackaged. Furthermore, RePAD only increases the average of CPU overhead of 1.9% and the maximum memory usage of 3.5 MB in Galaxy TAB.

• Journal of the Korea Convergence Society
• /
• v.8 no.3
• /
• pp.49-61
• /
• 2017

Recently, convenience and usability are increasing with the development and deployment of various mobile applications on the Android platform. However, important information stored in the smartphone is leaked to the outside without knowing the user since the malicious mobile application is continuously increasing. A variety of mobile vaccines have been developed for the Android platform to detect malicious apps. Recently discovered server-based polymorphic(SSP) malicious mobile apps include obfuscation techniques. Therefore, it is not easy to detect existing mobile vaccines because some other form of malicious app is newly created by using SSP mechanism. In this paper, we analyze the correlation between the similarity of the method in the DEX file constituting the core malicious code and the permission similarity measure through APK de-compiling process for the SSP malicious app. According to the analysis results of DEX method similarity and permission similarity, we could extract the characteristics of SSP malicious apps and found the difference that can be distinguished from the normal app.

• Journal of the Korea Convergence Society
• /
• v.8 no.4
• /
• pp.25-36
• /
• 2017

As smartphone users have increased in recent years, various applications have been developed and used especially for Android-based mobile devices. However, malicious applications developed by attackers for malicious purposes are also distributed through 3rd party open markets, and damage such as leakage of personal information or financial information of users in mobile terminals is continuously increasing. Therefore, to prevent this, a method is needed to distinguish malicious apps from normal apps for Android-based mobile terminal users. In this paper, we analyze the existing researches that detect malicious apps by extracting the system call events that occur when the app is executed. Based on this, we propose a technique to identify malicious apps by analyzing the sequence similarity of kernel layer events occurring in the process of running an app on commercial Android mobile devices.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.3
• /
• pp.399-410
• /
• 2018

In Android smartphones, many apps are developed as service apps to run in the background. If the memory is insufficient, Android forcibly terminates not only user apps that have not used the CPU for a long time, but also service apps. However, a service app is automatically re-launched after a short period of time, so that it continuously consumes memory space. This paper analyzes the number of running service apps and their memory usage in users' smartphones. The number of service apps accounts for up to 65% of the total number of running apps, and their memory usage accounts for up to 55% of the total memory. Moreover, we investigate the effect of the number of running service apps on the response time of smartphones and apps. As the number of service apps increases, the launching time of user apps increases to 22 times. The booting time and app installation time significantly increase with the number of service apps.

• Journal of Internet Computing and Services
• /
• v.20 no.2
• /
• pp.61-68
• /
• 2019

Although the number of smartphone users is continuously increasing due to the advantage of being able to easily use most of the Internet services, the number of counterfeit applications is rapidly increasing and personal information stored in the smartphone is leaked to the outside. Because Android app was developed with Java language, it is relatively easy to create counterfeit apps if attacker performs the de-compilation process to reverse app by abusing the repackaging vulnerability. Although an obfuscation technique can be applied to prevent this, but most mobile apps are not adopted. Therefore, it is fundamentally impossible to block repackaging attacks on Android mobile apps. In addition, personal information stored in the smartphone is leaked outside because it does not provide a forgery self-verification procedure on installing an app in smartphone. In order to solve this problem, blockchain is used to implement a process of certificated application registration and a fake app identification and detection mechanism is proposed on Hyperledger Fabric framework.

• Smart Media Journal
• /
• v.12 no.5
• /
• pp.58-64
• /
• 2023

In Logic Bomb, the conditions of branch statements that trigger malicious behavior cannot be detected in advance, making Android malicious app analysis difficult. Various studies have been conducted to detect potentially suspicious branch statements that can be logic bombs and triggers, but suspicious branch statements cannot be properly detected in apps that contain information determined at runtime, such as reflection. In this paper, we propose a tool that can detect suspicious branch statements even when reflection is used in Android apps. It works through recording app execution logs and analyzing the recorded log). The proposed tool can check the relationship between the called method and the branch statement by recording and analyzing the user-defined methods, Java APIs called and method information called through reflection, and branch information in the log while the Android app is running. Experimental results show that suspicious branch statements can be detected even in apps where reflection is used.