• Journal of KIISE
• /
• v.41 no.9
• /
• pp.707-714
• /
• 2014

In general, the benign apps transmit privacy information to the external to provide service to users as the malicious app does. In other words, the behavior of benign apps is similar to the one of malicious apps. Thus, the benign app can be easily manipulated for malicious purposes. Therefore, the malicious apps as well as the benign apps should notify the users of the possibility of privacy information leakage before installation to prevent the potential malicious behavior. In this paper, We propose the method to detect leakage of privacy information on the android app by analyzing API inter-dependency and shortest distance. Also, we present LeakDroid which detects leakage of privacy information on Android with the above method. Unlike dynamic approaches, LeakDroid analyzes Android apps on market site. To verify the privacy information leakage detection of LeakDroid, we experimented the well-known 250 malicious apps and the 1700 benign apps collected from Android Third party market. Our evaluation result shows that LeakDroid reached detection rate of 96.4% in the malicious apps and detected 68 true privacy information leakages inside the 1700 benign apps.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1499-1506
• /
• 2017

The use of smartphones and the launch of various apps have increased exponentially, and malicious apps have also increased. Existing app recommendation systems have been limited to operate based on static information analysis such as ratings, comments, and popularity categories of other users who are online. In this paper, we first propose a robust app recommendation system that realistically uses dynamic information of apps actually used in smartphone and considers static information and dynamic information at the same time. In other words, this paper proposes a robust Android app recommendation system by partially reflecting the time of the app, the frequency of use of the app, the interaction between the app and the app, and the number of contact with the Android kernel. As a result of the performance evaluation, the proposed method proved to be a robust and efficient app recommendation system.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.10
• /
• pp.445-460
• /
• 2013

Mobile applications today are being offered as various services depending on the mobile device and mobile environment of users. This increase in mobile applications has shifted the spotlight to their vulnerability. As an effective method of security verification, this paper proposes "phase-wise security verification for the implementation of mobile applications". This method allows additional security verification by covering specific items across a wider range compared to existing methods. Based on the identified weaknesses, it detects the cause of vulnerability and monitors the related settings.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.17-30
• /
• 2015

Unlike existing widely used bytecode-centric Android application code obfuscation methodology, our scheme in this paper makes encrypted file i.e. DEX file self-extracted arbitrary Android application. And then suggests a method regarding making the loader app to execute encrypted file's code after saving the file in arbitrary folder. Encrypted DEX file in the loader app includes original code and some of Manifest information to conceal event treatment information. Loader app's Manifest has original app's Manifest information except included information at encrypted DEX. Using our scheme, an attacker can make malicious code including obfuscated code to avoid anti-virus software at first. Secondly, Software developer can make an application with hidden main algorithm to protect copyright using suggestion technology. We implement prototype in Android 4.4.2(Kitkat) and check obfuscation capacity of malicious code at VirusTotal to show effectiveness.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.3
• /
• pp.1659-1673
• /
• 2019

Android platform provides In-app Billing service for purchasing valuable items inside mobile applications. However, it has become a major target for attackers to achieve valuable items without actual payment. Especially, application developers suffer from automated attacks targeting all the applications in the device, not a specific application. In this paper, we propose a novel scheme detecting automated attacks with probabilistic tests. The scheme tests the signature verification method in a non-deterministic way, and if the method was replaced by the automated attack, the scheme detects it with very high probability. Both the analysis and the experiment result show that the developers can prevent their applications from automated attacks securely and efficiently by using of the proposed scheme.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.61-71
• /
• 2014

In recent years, malwares in Android smartphones are becoming increased explosively. Since a great deal of appsare deployed day after day, detecting the malwares requires commercial anti-virus companies to spend much time and resources. Such a situation causes malwares to be detected after they have become already spread. We propose a scheme called TAU that dynamically tracks application behaviors to specify apps with potential security risks. TAU keeps track of how a user's interactions to smartphones incurs the app installation, the route of app spread, and the behavior of app execution. This tracking specifies apps that have the possibility of attacking the smartphones using the drive-by download and update attack schemes. Moreover, the tracked behaviors are used to decide whether apps are repackaged or not. Therefore, TAU allows anti-virus companies to detect malwares efficiently and rapidly by guiding to preferentially analyze apps with potential security risks.

• Convergence Security Journal
• /
• v.15 no.7
• /
• pp.21-29
• /
• 2015

As the number of malicious Android applications increases rapidly, many automatic analysis systems are proposed. Hoping to trigger as many malicious behaviors as possible, the automatic analysis systems are adopting random touch generation modules. In this paper, we propose how to differentiate real human touches and randomly generated touches. Through experiments, we figured out that the distance between two consecutive human touches is shorter than that of random generation module. Also we found that the touch speed of human is also limited. In addition, humans rarely touch the outer area of smartphone screen. By using statistics of human smartphone touch, we developed an algorithm to differentiate between human touches and randomly generated touches. We hope this research will help enhance automatic Android app analysis systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.479-491
• /
• 2024

Android manufacturers collect diagnostic data to improve the quality of service to users around the world. The content and frequency of diagnostic data collected by these Android manufacturers is unknown. We analyze the diagnostic data collection behavior of Samsung smartphones, which has the largest share of the Android market among smartphone manufacturers, to explain which diagnostic data is communicated to the server via network packets, how the system app that collects the diagnostic data works, and whether the diagnostic data violates user privacy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1457-1465
• /
• 2017

With the growing of smart devices market, malicious behavior has gradually expanded its scope. Accordingly, many studies have been conducted to analyze malicious apps and automated analysis tools have been released. However these tools cause the side effects that the application protection tools such as ProGuard, DexGuard become vulnerable to analyzers or attackers. This paper suggests the protection mechanism to apply to the Android apps using security token, rather than general-purpose protection solutions that can be applied in malicious apps. The main features of this technique are that Android app is not properly loaded in the memory when the security token is abnormal or is not inserted and protected parts using the technique are not exposed.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.374-376
• /
• 2022

The Malware App Analysis Tool is a system that analyzes Android-based apps by the AI-based algorithm defined in the tool and detects whether malware code is included. Currently, as the spred of smartphones is activated, crimes using malware apps have increased, and accordingly, security for malware apps is required. Android operating systems used in smartphones have a share of more than 70% and are open-source-based, so not only will there be many vulnerabilities and malware, but also more damage to malware apps, increasing demand for tools to detect and analyze malware apps. However, this paper is proposed because there are many difficulties in designing and developing a malware app analysis tool because the security functional requirements for the malware app analysis tool are not clearly specified. Through the developed protection profile, technology can be improved based on the design and development of malware app analysis tools, safety can be secured by minimizing damage to malware apps, and furthermore, trust in malware app analysis tools can be guaranted through common criteria.