• Journal of Internet Computing and Services
• /
• v.17 no.6
• /
• pp.93-101
• /
• 2016

As the Android smart phones become more popular, applications that handle users' personal data such as IDs or passwords and those that handle data directly related to companies' income such as in-game items are also increasing. Despite the need for such information to be protected, it can be modified by malicious users or leaked by attackers on the Android. The reason that this happens is because debugging functions of the Linux, base of the Android, are abused. If an application uses debugging functions, it can access the virtual memory of other applications. To prevent such abuse, access controls should be reinforced. However, these functions have been incorporated into Android O.S from its Linux base in unmodified form. In this paper, based on an analysis of both existing memory access functions and the Android environment, we proposes a function that verifies thread group ID and then protects against illegal use to reinforce access control. We conducted experiments to verify that the proposed method effectively reinforces access control. To do that, we made a simple application and modified data of the experimental application by using well-established memory editing applications. Under the existing Android environment, the memory editor applications could modify our application's data, but, after incorporating our changes on the same Android Operating System, it could not.

• International Journal of Computer Science & Network Security
• /
• v.22 no.12
• /
• pp.57-62
• /
• 2022

The Sambodana project is a mobile communication security system development project using Hardening Android. The initial idea for this project is that information leakage occurs outside of a communications application with end-to-end cryptographic security. Android hardening prevents unwanted applications and bloatware from being installed, such as unavailable Google Play Store or install restrictions.

• Journal of Korea Multimedia Society
• /
• v.20 no.5
• /
• pp.827-834
• /
• 2017

Android's inter-application access enriches its application ecosystem. However, it exposes security vulnerabilities where end-user data can be exploited by attackers. While existing techniques have focused on minimizing the risks of inter-application access, they either suffer from inaccurate risk detection or are primarily available to expert users. This paper introduces a novel technique that automatically analyzes potential risks between a set of applications, aids end-users to effectively assess the identified risks by crowdsourcing assessments, and generates an access control policy which prevents unsafe inter-application access at runtime. Our evaluation demonstrated that our technique identifies potential risks between real-world applications with perfect accuracy, supports a scalable analysis on a large number of applications, and successfully aids end-users' risk assessments.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.3
• /
• pp.1659-1673
• /
• 2019

Android platform provides In-app Billing service for purchasing valuable items inside mobile applications. However, it has become a major target for attackers to achieve valuable items without actual payment. Especially, application developers suffer from automated attacks targeting all the applications in the device, not a specific application. In this paper, we propose a novel scheme detecting automated attacks with probabilistic tests. The scheme tests the signature verification method in a non-deterministic way, and if the method was replaced by the automated attack, the scheme detects it with very high probability. Both the analysis and the experiment result show that the developers can prevent their applications from automated attacks securely and efficiently by using of the proposed scheme.

• KIPS Transactions on Software and Data Engineering
• /
• v.2 no.10
• /
• pp.679-690
• /
• 2013

Smartphones have features that users feel free to install/delete the program they want. Their emergence makes many developers rush into the Smartphone application development market. Thus, developing good applications quickly is becoming even more intense competition in the market. Because, however, the application development and deployment procedures are simple in the Android environments and anyone can participate in the development easily, applications not validated thoroughly are likely to be deployed. Therefore, a systematic approach that can verify Android-based applications with fewer burdens is required. In this paper, we propose a method that generates automatically GUI-based testing scenarios for the Android applications. The automated test scenario generation can reduce the time which the developer spends on testing, thus it can improve the productivity of the development in the testing phase.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.8
• /
• pp.33-41
• /
• 2013

Intelligent automobile technology and IT convergence, the development of new imaging technology media applications based on open source Android installed on tracked, wheeled smart phone application technology and the development of intelligent vehicles as a new paradigm a lot of research and development being made. Android-based intelligent automotive applications, technology, and evolved into the center of a set of various multimedia technologies move beyond the limits of the means of each of multimedia platforms, services and applications that have been developed in such a distributed environment, has been developed according to a variety of services through technology mobile terminal device technology is an absolute requirement. In this paper, SVC Codec, real-time video and graphics processing and SoC design intelligent vehicles middleware applications with monolithic system specification through Android-based design of intelligent vehicles dedicated middleware research experiments on open platforms, and provides various terminal services functions SoC based on a newly designed and standardized interface analysis techniques in this study were verified through experiments.

• Journal of Korean society of Dental Hygiene
• /
• v.19 no.4
• /
• pp.493-502
• /
• 2019

Objectives: This study aimed to investigate the current status of oral health applications developed for smartphones because they can be used as a new educational medium to manage and improve oral health. Methods: This study examined 60 basic oral health applications provided by Google Play Store and Apple App Store as of May 2019 and examined delivery contents, delivery methods, application types, and other information. Results: Apple included 65.4% of oral apps in the game category whereas Android included 64.3% in the education category (p>0.05). All Apple's apps and 71.4% of Android apps were developed overseas (p<0.01). The delivery contents were 61.5% for Brushing + tooth decay in Apple, and 78.6% for others (oral care products and gum diseases) in Android (p>0.05). For the delivery method, game + video was 65.4% in Apple, and game and other methods (text, image, augmented reality) was 42.9% in Android (p>0.05). In the case of application type, play type was the most common with 88.5% in Apple, and 46.4% play type and 39.3% other type (text, appreciation, problem-solving types) in Android (p<0.01). In addition, play type was high in both education (53.8%) and game (90.0%) categories (p>0.05). The average review score was 4.30 in the education category, 4.34 in the case of brushing and care (delivery contents), 4.37 in the case of using game + video (delivery methods), and 4.57 in the case of Play + other types (application type) (p>0.05). Conclusions: The use of healthcare apps is expected to increase owing to improved lifestyles, an increase in the elderly population, cost-effectiveness, and convenience that is not affected by time and place. Effective use of oral health apps will require the participation of dental professionals in the development process to identify the exact status, expand subjects, and provide appropriate information.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.7
• /
• pp.85-93
• /
• 2023

Software birthmark refers to a unique feature inherent in software that can be extracted from program binaries even in the absence of the original source code of the program. Like human genetic information, the similarity between programs can be calculated numerically, so it can be used to determine whether software is stolen or copied. In this paper, we propose a new birthmark technique for Android applications developed using Unity. The source codes of Unity-based Android applications use C# language, and since the core logic of the program is included in the DLL module, it must be approached in a different way from normal Android applications. In this paper, a Unity birthmark extraction and comparison system was implemented, and reliability and resilience were evaluated. The use of the Unity birthmark technique proposed in this paper is expected to be effective in preventing illegal copy or code theft of the Unity-based Android applications.

• KIPS Transactions on Software and Data Engineering
• /
• v.2 no.9
• /
• pp.621-628
• /
• 2013

This paper presents a framework for context-aware smart phone applications based on Android. The mobile context-aware system is composed of a low level context collection module, a high level context generation module and a service provision module. Existing android system cannot provide an appropriate application framework to integrate these independent modules. In this paper, we provide an application framework which make each module a component, and provide appropriate services to each component. This framework hides the Android platform, so that the complexity for organical combination can be minimized and the application developers can make the mobile context-aware applications easily.

• ETRI Journal
• /
• v.37 no.5
• /
• pp.1001-1011
• /
• 2015

Since just-in-time (JIT) has considerable overhead to detect hot spots and compile them at runtime, using sophisticated optimization techniques for embedded devices means that any resulting performance improvements will be limited. In this paper, we introduce a novel static Dalvik bytecode optimization framework, as a complementary compilation of the Dalvik virtual machine, to improve the performance of Android applications. Our system generates optimized Dalvik bytecodes by using Low Level Virtual Machine (LLVM). A major obstacle in using LLVM for optimizing Dalvik bytecodes is determining how to handle the high-level language features of the Dalvik bytecode in LLVM IR and how to optimize LLVM IR conforming to the language information of the Dalvik bytecode. To this end, we annotate the high-level language features of Dalvik bytecode to LLVM IR and successfully optimize Dalvik bytecodes through instruction selection processes. Our experimental results show that our system with JIT improves the performance of Android applications by up to 6.08 times, and surpasses JIT by up to 4.34 times.