JOURNAL BROWSE
Search
Advanced SearchSearch Tips
DroidSecure: A Technique to Mitigate Privilege Escalation in Android Application
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
DroidSecure: A Technique to Mitigate Privilege Escalation in Android Application
Nguyen-Vu, Long; Jung, Souhwan;
  PDF(new window)
 Abstract
Android platform is designed to be user-friendly, yet sometimes its convenience introduces vulnerabilities that normal users cannot justify. In this paper, after making an overview of popular open source analysis tools for android applications, we point out the dangerous use of Permission Group in current Google Policy, and suggest a technique to mitigate the risks of privilege escalation that attackers are taking advantage of. By conducting the investigation of 21,064 malware samples, we conclude that the proposed technique is considered effective in detecting insecure application update, as well as giving users the heads-up in security awareness.
 Keywords
Android Security;Privilege Escalation;Mobile Malware;
 Language
English
 Cited by
 References
1.
Smartphone OS Market Share, Q1 2015,http://www.idc.com/prodserv/smartpho ne-os-market-share.jsp

2.
2014 Mobile Threat Report, https://www.lookout.com/resources/reports/mobile-threat-report

3.
Android Group Permissions, https://support.google.com/googleplay/answer/6014972?p=app_permissions

4.
Yajin Zhou, Zhi Wang, Wu Zhou and Xuxian Jiang, "Hey, You, Get off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets," Proceedings of the 19th Network and Distributed System Security Symposium, Feb. 2012.

5.
Borja Sanz et al., "PUMA: Permission Usage to Detect Malware in Android," International Joint Conference CISIS'12-ICEUTE'12-SOCO'12, pp. 289-298, 2013

6.
Android Permission Group, https://web.archive.org/web/20150319134451/http s://developer.android.com/reference/an droid/Manifest.permission_group.html.

7.
Android Permission Group Update, https://developer.android.com/reference/android/Manifest.permission_group.html

8.
Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M.S., Conti, M., and Rajarajan, M. "Android Security: A Survey of Issues, Malware Penetration and Defenses," Communications Surveys & Tutorials, vol.17, no.2, pp. 998-1022, 2015. crossref(new window)

9.
Play Store App: PPS (for Mobile), https://play.google.com/store/apps/details?id=tv.pps.mobile

10.
Malware Android/System Monitor, https://www.virustotal.com/en/file/c98465 d75f31591b53345974eaa638faf0807f94ef 5f694c633fe4f6d5f547a3/analysis/1440845487/

11.
Play Store App: Face Changer, https://play.google.com/store/apps/details?id=com.scoompa.facechanger

12.
Malware Android/AdDisplay, https://www.virustotal.com/en/file/d26327e28c624bfbd99c45035344ccdbc125e8f30b9aace 842dc40f029825a0b/analysis/1440848439/

13.
Play Store App: Talking Stanta, https://play.google.com/store/apps/details?id=com.outfit7.talkingsantafree

14.
Malware SMSKey1, https://www.virust otal.com/en/file/788b5b0b06cdfcd4f3d1 62b1090d722a7aae37c114d518eceae1730ceec6b070/analysis/1440853733/

15.
Malware SMSKey2, https://www.virust otal.com/en/file/ca04bc361f83d028138c 65cc88110ce1ab27e14423715e8070c2486e200e2205/analysis/1440853768/

16.
Androguard, https://github.com/androguard/androguard

17.
Androwarn, https://github.com/maaaaz/androwarn

18.
APKinspector, https://github.com/honeynet/apkinspector

19.
DidFail, https://www.cs.cmu.edu/-wklieber/didfail

20.
Amandroid, https://github.com/sireum/amandroid

21.
CFGScanDroid, https://github.com/douggard/CFGScanDroid

22.
Maldrolyzer, https://github.com/maldroid/maldrolyzer

23.
Ella, https://github.com/saswatanand/ella

24.
Droidbox, https://code.google.com/p/droidbox

25.
TaintDroid, https://github.com/TaintDroid

26.
AndroidHooker, https://github.com/AndroidHooker/hooker

27.
Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., and Vigna, G, "Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications," Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS) Feb. 2014

28.
Android M Permissions: https://www.androidpit.com/android-m-permissions-explained