• Journal of KIISE
• /
• v.42 no.11
• /
• pp.1386-1396
• /
• 2015

Graphical user interface testing (GUI testing) techniques have been widely used to test the functionality of Android applications (apps) and to detect faults for verification of the reliability and usability of apps. To adequately test the behaviors of apps, a number of studies on model-based GUI testing techniques have been performed on Android apps. However, the effectiveness of model-based techniques greatly depends on the quality of the GUI model, because model-based GUI testing techniques generate test inputs based on this model. Therefore, in order to improve testing effectiveness in model-based techniques, accurate and efficient GUI model generation has to be achieved using an improved model generation technique with concrete definition of GUI states. For accurate and efficient generation of a GUI model and test inputs, this study suggests a hierarchical GUI state comparison technique and evaluates this technique through comparison with the existing model-based techniques, considering activities as GUI states. Our results show that the proposed technique outperforms existing approaches and has the potential to improve the performance of model-based GUI testing techniques for Android apps.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.9
• /
• pp.4248-4270
• /
• 2018

This research aims at a new practical Intent fuzzing tool for detecting Intent vulnerabilities of Android apps causing the robustness problem. We proposed two new ideas. First, we designed an Intent specification language to describe the structure of Intent, which makes our Intent fuzz testing tool flexible. Second, we proposed an automatic tally method classifying unique failures. With the two ideas, we implemented an Intent fuzz testing tool called Hwacha, and evaluated it with 50 commercial Android apps. Our tool offers an arbitrary combination of automatic and manual Intent generators with executors such as ADB and JUnit due to the use of the Intent specification language. The automatic tally method excluded almost 80% of duplicate failures in our experiment, reducing efforts of testers very much in review of failures. The tool uncovered more than 400 unique failures including what is unknown so far. We also measured execution time for Intent fuzz testing, which has been rarely reported before. Our tool is practical because the whole procedure of fuzz testing is fully automatic and the tool is applicable to the large number of Android apps with no human intervention.

• Journal of Internet of Things and Convergence
• /
• v.6 no.2
• /
• pp.1-10
• /
• 2020

The mobile application based on the Android platform is simple to decompile, making it possible to create malicious applications similar to normal ones, and can easily distribute the created malicious apps through the Android third party app store. In this case, the Android malicious application in the smartphone causes several problems such as leakage of personal information in the device, transmission of premium SMS, and leakage of location information and call records. Therefore, it is necessary to select a optimal model that provides the best performance among the machine learning techniques that have published recently, and provide a technique to automatically identify malicious Android apps. Therefore, in this paper, after adopting the feature engineering to Android apps on official test set, a total of four performance evaluation experiments were conducted to select the machine learning model that provides the optimal performance for Android malicious app detection.

• International journal of advanced smart convergence
• /
• v.11 no.3
• /
• pp.23-27
• /
• 2022

In this paper, we explore a new type of Android evasive malware based on the Sequential Probability Ratio Test (SPRT) that does not perform malicious task when it discerns that dynamic analyzer is input generator. More specifically, a new type of Android evasive malware leverages the intuition that dynamic analyzer provides as many inputs within a certain amount of time as possible to Android apps to be tested, while human users generally provide necessary inputs to Android apps to be used. Under this intuition, it harnesses the SPRT to discern whether dynamic analyzer runs in Android system or not in such a way that the number of inputs per time slot exceeding a preset threshold is regarded as evidence that inputs are provided by dynamic analyzer, expediting the SPRT to decide that dynamic analyzer operates in Android system and evasive malware does not carry out malicious task.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1049-1055
• /
• 2013

Smartphones are rapidly growing because of easy installation of the apps (application software) that users actually want. There are increasingly many apps that require cryptographic suites to be installed, for instance, for protecting account and financial data. Android platform provides protection mechanisms for memory and storage based on Linux kernel, but they are vulnerable to rooting attacks. In this paper, we analyze security mechanisms of Android platform and point out security problems. We show the security vulnerabilities of several commercial apps and suggest appropriate countermeasures.

• Journal of Korean society of Dental Hygiene
• /
• v.19 no.4
• /
• pp.493-502
• /
• 2019

Objectives: This study aimed to investigate the current status of oral health applications developed for smartphones because they can be used as a new educational medium to manage and improve oral health. Methods: This study examined 60 basic oral health applications provided by Google Play Store and Apple App Store as of May 2019 and examined delivery contents, delivery methods, application types, and other information. Results: Apple included 65.4% of oral apps in the game category whereas Android included 64.3% in the education category (p>0.05). All Apple's apps and 71.4% of Android apps were developed overseas (p<0.01). The delivery contents were 61.5% for Brushing + tooth decay in Apple, and 78.6% for others (oral care products and gum diseases) in Android (p>0.05). For the delivery method, game + video was 65.4% in Apple, and game and other methods (text, image, augmented reality) was 42.9% in Android (p>0.05). In the case of application type, play type was the most common with 88.5% in Apple, and 46.4% play type and 39.3% other type (text, appreciation, problem-solving types) in Android (p<0.01). In addition, play type was high in both education (53.8%) and game (90.0%) categories (p>0.05). The average review score was 4.30 in the education category, 4.34 in the case of brushing and care (delivery contents), 4.37 in the case of using game + video (delivery methods), and 4.57 in the case of Play + other types (application type) (p>0.05). Conclusions: The use of healthcare apps is expected to increase owing to improved lifestyles, an increase in the elderly population, cost-effectiveness, and convenience that is not affected by time and place. Effective use of oral health apps will require the participation of dental professionals in the development process to identify the exact status, expand subjects, and provide appropriate information.

• Journal of Information Technology Services
• /
• v.12 no.4
• /
• pp.449-459
• /
• 2013

The software which is used for electronic bulletin boards have shortcomings that the addition of new function and new information's type to the order point software is very difficult, and the aggressive adaption of newly introduced type of media is impossible because the software is developed by custom solution. Eventually new cost and time are required to enhance functionality or performance to software of DID(Digital Information Display). In this paper, we proposed the scheme to package DID's contents and to customize it using plug-in method. We conducted a case study of this scheme. The platform which can install Apps to DID as one of content was designed. Apps can be inserted by plug-in type on DID platform and run separately with DID framework. As a result, We got advantage that various contents, functions and Apps which are drived on Android can be displayed without any restriction and dependency because Apps itself is one of dynamic notice object. This solution increase reusability of Apps or contents, and can be used easily in various places such as airports, stations, terminals, and front desk by customizing.

• Journal of Internet Computing and Services
• /
• v.19 no.3
• /
• pp.1-6
• /
• 2018

Widely used around the world, smartphones contain many features and can store content such as contacts, photos, and videos. Information that can be leaked in proportion to the information that the smartphone can store has also been increased. In recent years, accidents such as personal information leakage have occurred frequently. Personal information leakage is happening in the Android environment, which accounts for more than half of the smartphone operating system market share. Analyzing malicious apps that leak information can tell you how to prevent information leakage. Malicious apps that leak information will send importantinformation to the hacker's (C & C) server, which will use network communication. Malicious apps that are emerging nowadays encrypt and transmit important information through SSL communication. In this case, it is difficult to knowwhat kind of information is exposed to network. Therefore, we suggest a method to analyze malicious apps when leak important information through SSL communication. In this paper, we identify the way malicious apps leak information. And we propose a method for analyzing information leaked by SSL communication. Data before encryption was confirmed in the device through SSL hooking and SSL Strip method.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.11
• /
• pp.3723-3737
• /
• 2022

Google Play is one of the largest Android phone app markets and it contains both free and paid apps. It provides a variety of categories for every target user who has different needs and purposes. The customer's rate every product based on their experience of apps and based on the average rating the position of an app in these arch varies. Fraudulent behaviors emerge in those apps which incorporate search rank maltreatment and malware proliferation. To distinguish the fraudulent behavior, a novel framework is structured that finds and uses follows left behind by fraudsters, to identify both malware and applications exposed to the search rank fraud method. This strategy correlates survey exercises and remarkably joins identified review relations with semantic and behavioral signals produced from Google Play application information, to distinguish dubious applications. The proposed model accomplishes 90% precision in grouping gathered informational indexes of malware, fakes, and authentic apps. It finds many fraudulent applications that right now avoid Google Bouncers recognition technology. It also helped the discovery of fake reviews using the reviewer relationship amount of reviews which are forced as positive reviews for each reviewed Google play the android app.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.6
• /
• pp.89-96
• /
• 2021

In this paper, we proposed a sniffer to detect permission smells from developer and third-party libraries' code. Moreover, we conducted an empirical study to investigate unnecessary permissions on large real-world Android apps. Our analysis indicates that permission smell extensively exists in Android apps. According to the results, permission smells exist in most Android apps. In particular, third-party libraries request permission for functionalities that are not used by developers, which cause more smells. Moreover, most developers do not properly disable unnecessary permissions that are declared for third-party libraries. We discussed the impacts of permission smells on user experiences. As a result, the existence of permission smell does not impact the number of downloads. However, apps that have more unnecessary permissions have received lower ratings from users.