• International journal of advanced smart convergence
• /
• v.8 no.4
• /
• pp.188-193
• /
• 2019

This paper is about environment-based low-code and no-code execution platform and execution method that combines hybrid and native apps. In detail, this paper describes the Low-Code/No-Code execution structure that combines the advantages of hybrid and native apps. It supports the iPhone and Android phones simultaneously, supports various templates, and avoids developer-oriented development methods based on the production process of coding-free apps and the produced apps play the role of Java virtual machine (VM). The Low-Code /No-Code (LCNC) development platform is a visual integrated development environment that allows non-technical developers to drag and drop application components to develop mobile or web applications. It provides the functions to manage dependencies that are packaged into small modules such as widgets and dynamically loads when needed, to apply model-view-controller (MVC) pattern, and to handle document object model (DOM). In the Low-Code/No-Code system, the widget calls the AppOS API provided by the UCMS platform to deliver the necessary requests to AppOS. The AppOS API provides authentication/authorization, online to offline (O2O), commerce, messaging, social publishing, and vision. It includes providing the functionality of vision.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.1
• /
• pp.9-16
• /
• 2019

Smartphones are becoming a portable computer. As a result, even the most sensitive financial application services are now available anywhere on the smartphone. Compared to general PCs, smartphones communicate with external devices through various channels such as wireless internet, mobile communication network, Bluetooth, and NFC, and a wide variety of applications are provided. Therefore, if vulnerabilities exist, the possibility of attack damage increases. In this paper, we analyze the vulnerabilities of dynamic virtual keyboards used in login of banking apps of smartphones with various physical constraints and propose countermeasures.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.27-35
• /
• 2018

The certificate is electronic information issued by an accredited certification body to certify an individual or to prevent forgery and alteration between communications. Certified certificates are stored in PCs and smart phones in the form of encrypted files and are used to prove individuals when using Internet banking and smart banking services. Among the rapidly growing Android-based malicious applications are malicious apps that leak personal information, especially certificates that exist in the form of files. This paper proposes a method for judging whether malicious codes leak certificates by using DroidBox, an Android-based dynamic analysis tool.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2019.05a
• /
• pp.190-192
• /
• 2019

Not only learners majoring in computer science, but also non-engineered learners want to implement their ideas as apps through real-life problems. In response, first-year university students with little experience in creating apps studied how to develop mobile platform apps to improve computing thinking skills. We applied the teaching and learning procedures of the Discovery-Design-Development among the software teaching and learning models, and used Android Studio Unified Development Environment (IDE) as a development tool to design mobile platform app development projects and assess whether they helped improve computing thinking skills. The application of the designed teaching and learning method found that the project output was implemented as an app through emulator, which gave students high interest in class and satisfaction, and was effective in improving their computing thinking ability.

• Journal of the Ergonomics Society of Korea
• /
• v.36 no.5
• /
• pp.437-446
• /
• 2017

Objective: This study aims to draw an efficient UI design by comparing the usability of App drawer and single-layered home screens, which are smartphone home screens. Background: Because smartphone home screen is frequently used including the installation, deletion, and editing of APPs, it should be designed with easily controllable information structure. There is a need to seek a user-friendly UI by comparing the usability of App drawer and single-layered home screens, of which methods to search Apps are different. There is also a need to examine an efficient UI and the factors to improve from the user perspective. Method: This study targeted 30 Android OS and iOS users to evaluate the App drawer and single-layered home screens, of which UI structures are different. Each participant was instructed to carry out an App searching task and App deleting task, and the execution time and the number of errors were measured. After the tasks were completed, they evaluated satisfaction through a questionnaire survey. Results: In the App searching task with low task level, there was no difference in execution level between the App drawer and single-layered home screens. However, the single-layered home screen showed higher efficiency and accuracy in the App deleting task with high task level. As for the group difference according to use experience, there was no difference in satisfaction among Android OS users, but iOS user satisfaction with single-layered home screen with which they were familiar was higher. Conclusion: As for home screen usability, the single-layered home screen UI structure can be advantageous, as task level is higher. Repulsion was higher, when users, who had used easier UI, used complex UI in comparison with user satisfaction, when users familiar with complex UI used easier UI. A UI indicating the current status with clear label marking through a task flow chart-based analysis, and a UI in which a user can immediately recognize by exposing hidden functions to the first depth were revealed as things to improve. Application: The results of this study are expected to be used as reference data in designing smartphone home screens. Especially, when iOS users use Android OS, the results are presumed to contribute to the reduction of predicted barriers.

• Journal of Internet Computing and Services
• /
• v.21 no.6
• /
• pp.13-21
• /
• 2020

The Android author identification study can be interpreted as a method for revealing the source in a narrow range, but if viewed in a wide range, it can be interpreted as a study to gain insight to identify similar works through known works. The problem found in the Android author identification study is that it is an important code on the Android system, but it is difficult to find the important feature of the author due to the meaningless codes. Due to this, legitimate codes or behaviors were also incorrectly defined as malicious codes. To solve this, we introduced the concept of survival network to solve the problem by removing the features found in various Android apps and surviving unique features defined by authors. We conducted an experiment comparing the proposed framework with a previous study. From the results of experiments on 440 authors' identified apps, we obtained a classification accuracy of up to 92.10%, and showed a difference of up to 3.47% from the previous study. It used a small amount of learning data, but because it used unique features without duplicate features for each author, it was considered that there was a difference from previous studies. In addition, even in comparative experiments with previous studies according to the feature definition method, the same accuracy can be shown with a small number of features, and this can be seen that continuously overlapping meaningless features can be managed through the concept of a survival network.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.3
• /
• pp.159-168
• /
• 2017

Smartphone malware has increased because Smartphone users has increased and smartphones are widely used in everyday life. Since 2012, Android has been the most mobile operating system. Owing to the open nature of Android, countless malware are in Android markets that seriously threaten Android security. Most of Android malware detection program does not detect malware to which bypass techniques apply and also does not detect unknown malware. In this paper, we propose lightweight method for detection of Android malware using static analysis and deep learning techniques. For experiments we crawl 7,000 apps from the Google Play Store and collect 6,120 malwares. The result show that proposed method can achieve 98.05% detection accuracy. Also, proposed method can detect about unknown malware families with good performance. On smartphones, the method requires 10 seconds for an analysis on average.

• Journal of Internet Computing and Services
• /
• v.20 no.5
• /
• pp.9-18
• /
• 2019

Android Application Package (APK) is vulnerable to repackaging attacks. Therefore, obfuscation technology was applied inside the Android APK file to cope with repackaging attack. However, as more advanced reverse engineering techniques continue to be developed, fake Android APK files to be released. A new approach is needed to solve this problem. A blockchain is a continuously growing list of records, called blocks, which are linked and secured using cryptography. Each block typically contains a cryptographic hash of theprevious block, a timestamp and transaction data. Once recorded, the data inany given block cannot be altered retroactively without the alteration of all subsequent blocks. Therefore, it is possible to check whether or not theAndroid Mobile APK is forged by applying the blockchain technology. In this paper, we construct a discrimination DApp (Decentralized Application) against forgery Android Mobile APK by recording and maintaining the legitimate APK in the consortium blockchain framework like Hyperledger Fabric by Composer. With proposed DApp, we can prevent the forgery and modification of the appfrom being installed on the user's Smartphone, and normal and legitimate apps will be widely used.

• Journal of Internet Computing and Services
• /
• v.17 no.1
• /
• pp.91-99
• /
• 2016

A security system in Android OS adopts sandbox and an permission model. In particular, the permission model operates the confirmation of installation time and all-or-nothing policy. Accordingly, the Android OS requires a user agreement for permission when installing an application, however there is very low level of user awareness for the permission. In this paper, the current status of permission requirement within mobile apps will be discovered, and the key inspection list with an appropriate method, when a mobile service provider autonomously inspects the violation of least privilege around financial companies, and its usefulness will be explored.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1209-1223
• /
• 2018

Android apps are made up of bytecode, so they are vulnerable to reverse engineering, and protection services are emerging that robustly repackage the app to compensate. Unlike cryptographic algorithms, the robustness of these protection services depends heavily on hiding the protection scheme. Therefore, there are few systematic discussions about the protection method even if destruction techniques of the protection service are various. And it is implemented according to the intuition of the developer. There is a need to discuss systematic protection schemes for robust security chains, rather than simple deployment of techniques disrupting static or dynamic analysis. In this paper, we analyze bangcle, a typical commercial Android app protection service, to examine the protection structure and vulnerable elements. We propose the requirements for robust structure and principles of protection structure.