SlideShare une entreprise Scribd logo

Detection of Android Third Party Libraries based attacks

A
Amina WADDIZ
1  sur  11
Télécharger pour lire hors ligne
Detection of Android Third Party Libraries (3PLs) based attacks Amina Waddiz awaddiz@enseirb-matmeca.fr Beumjin Cho beumjincho@postech.ac.kr Sangwoo Ji j1cron@postech.ac.kr Jong Kim* jkim@postech.ac.kr Francine Krief* krief@ipb.fr Abstract Smartphones are rising in popularity as well as becoming more sophisticated over recent years. This popularity coupled with the fact that smartphones contain a lot of private user data is causing a pro- portional rise in different malwares for the plat- form. In this paper we analyze and classify existing third party libraries (3PLs). The paper also reports a novel method for malware development and novel attack techniques using third party libraries. The possible countermeasures are also proposed. 1 INTRODUCTION Android is the world’s most popular mobile plat- form. Seventy percent of smartphones use An- droid as their operating system. Smartphones users download and install software from applica- tion markets, such as Google Play, Amazon App- Store or Samsung Galaxy Apps. . . . According to AppBrain in 2015, by July 2015, the official market for Android applications, Google Play, hosted over 1.6 million applications. Despite recent advances in mobile security, so many malware are not de- tectable by existing techniques and sensitive data constitute one of the most remarkable of their tar- gets. The leakage of these sensitive information is potentially caused by malicious or misuse of code, such as third party libraries, in android applica- tions. Third-party libraries, such as advertising net- works, gaming networks and user interface libraries (UI), are an integral part of modern mobile plat- forms. If Android developers want to integrate functionality provided by third party libraries, they must bundle opaque binary code into their applica- tions. Unfortunately, developers must in essence over privilege their Android applications by re- questing dangerous permissions, such as full In- ternet access, solely for the purpose of supporting third party libraries. Mixing third party libraries and dangerous permissions introduces vulnerabili- ties and risks to potential compromise of private user data. We present a new approach of tracking malware in real world android applications. It consists in third party libraries survey. For the reasons men- tioned before, the study aim to accurately and pre- cisely reveal security threats derived from third party libraries by providing examples and illustra- tions of most dangerous attacks that may affect the user privacy, android operating system and device utilities. Based on our dataset, new solutions could be implemented to mitigate to 3PLs-based attacks. The rest of this document is organized as fol- lowing: Section 2 presents review of related work followed by an overview of android system archi- tecture and security model in section 3. After that, section 4 describes precisely the motivation behind this work and mentions our main objectives. Later, Section 5 shows different third party libraries and their usage in android applications, whereas sec- tion 6 characterizes existing and possible android attacks originally from third party libraries. Sec- tion 7 discusses the possibilities of mitigating to previous threats. Finally, we summarize our work, in section 8.
2 RELATED WORK Previous works have approached the understand- ing of application behavior in different ways. One much-studied area is the permission system. It has significant limitations, and many papers have explored or attempted to address these limitations. Recent work by Bugiel and Davi, XManDroid [15] and System Centric Protection [17], detects mechanisms by which permissions granted to one application can be leaked to another, either inadvertently or deliberately through collusion. Enck and Gilbert [11] present an information-flow tracking system called TaintDroid that detects private data leaks. Kirin [16] detects potentially dangerous applications at install-time based on combinations of permissions and intent strings. However, any change to the permission system would require fundamental changes to Android, which may limit how likely these solutions are to be implemented. Other works seek to isolate advertising libraries from host applications. AdDroid [13] by Pearce and Felt, suggests a privilege separation manner to address the threats introduced by over-privileged applications, this approach rely on extending An- droid API to support advertising libraries as well as introducing new permissions to detect whether the application contain advertisements or not. Likewise, AdSplit [12] aims for this separation, yet this work examined the impact of malicious activities primarily focused on fraud that harmed the advertiser, similar to AdDroid, it deals with over-privileged applications especially those with advertising libraries by running them into two different processes. AdSplit also uses prior work QUIRE [14] to allow both applications to be displayed in a shared screen. Other researches, Zhang and Ahlwat, found out a different way to handle such a problem of the advertising libraries. AFrame [18] provides a general approach to isolate third-party libraries into a separate process. It targets libraries that need strong isolation and do not interact quite often with the main process. Effectively, similar work designed to separate ads and apps as an additional ad library protection technique [20]. Several other studies have developed com- plementary mechanisms to improve user and developer control of applications. A recent work [19] has implemented a new system PEDAL, which can detect Ad libraries even in the presence of obfuscated code. It performs instrumentation of bytecode to de-escalate the privileges of sensitive resources such as location, contacts, etc. However these work do not cover all third party libraries, neither capture incoming malicious attacks. Unlike Ad libraries, that have attracted many se- curity researchers to work on and mitigate to their threats, other third party libraries haven’t taken part of any prior work, after all they are a large exploited attack surface. As far as we know, there is no similar approach that can classify 3PLs at- tacks and reveal their based attacks. We open the door for a novel perspective of security vulnerabili- ties in android system by revealing the threats and the damage mostly used third-party libraries may invoke. 3 Android background Before elaborating on our survey, we briefly de- scribe android architecture and the security mech- anisms. 3.1 Android System architecture Android is an open source software platform for mobile devices. It includes a Linux kernel, mid- dleware framework, and core applications. The Linux kernel provides low-level services to the rest of the system, such as networking, storage, mem- ory, and processing. A middleware layer consists of native Android libraries (written in C/C++), an optimized version of a Java Virtual Machine called Dalvik Virtual Machine (DVM), and core libraries written in Java. The DVM executes binaries of applications residing in higher layers. Android ap- plications are written in Java and consist of sepa- rated modules, so-called components. Components can communicate to each other and to components of other applications through an inter component communication (ICC) mechanism provided by the Android middleware called Binder. As Android ap- plications are written in Java, they are basically
protected against standard buffer overflow attacks due to the implicit bound checking. However, Java- applications can also access C/C++ code libraries via the Java Native Interface (JNI). Developers may use JNI to incorporate own C/C++ libraries into the program code, e.g., due to performance reasons. Moreover, many C libraries are mapped by default to fixed memory addresses in the program memory space. Due to the inclusion of C/C++ libraries, the security guarantees provided by the Java programming language do not hold any longer. 3.2 Android Security model 3.2.1 Discretionary Access Control (DAC) The DAC mechanism is inherited from Linux, which controls access to files by process ownership. Each running process (i.e., subject) is assigned a UserID, while for each file (i.e., object) access rules are specified. Each file is assigned access rules for three sets of subjects: user, group and everyone. Each subject set may have permissions to read, write and execute a file. 3.2.2 Sandboxing Sandboxing isolates applications from each other and from system resources. System files are owned by either the “system” or “root” user, while other applications have own unique identifiers. In this way, an application can only access files owned by itself or files of other applications that are explicitly marked as readable/writable/executable for others. Figure 1: Sandboxing concept in android system 3.2.3 The permission mechanism It is provided by the middleware layer of An- droid. A reference monitor enforces mandatory ac- cess control (MAC) on ICC calls. Security sensi- tive interfaces are protected by standard Android permissions such as PHONE CALLS, INTERNET, SEND SMS meaning that applications have to pos- sess these permissions to be able to perform phone calls, to access the Internet or to send text mes- sages. Additionally, applications may declare cus- tom types of permission labels to restrict access to own interfaces. Required permissions are explic- itly specified in a Manifest file and are approved at installation time based on checks against the sig- natures of the applications declaring these permis- sions and on user confirmation illustrated on figure 2. Binder in Android is a reduced custom imple- mentation of OpenBinder. Privilege Escalation At- tacks on Android. At runtime, when an ICC call is requested by a component, the reference monitor checks whether the application of this component possesses appropriate permissions. Additionally, application developers may place reference moni- tor hooks directly into the code of components to verify permissions granted to the ICC call initiator. Figure 2: Request to accept an app permissions at install time 3.2.4 Component Encapsulation Application components can be specified as pub- lic or private. Private components are accessible only by components within the same application. When declared as public, components are reachable by other applications as well, however, full access can be limited by requiring calling applications to
have specified permissions. 3.2.5 Application Signing Android uses cryptographic signatures to verify the origin of applications and to establish trust rela- tionships among them. Therefore, developers have to sign the application code. This allows to enable signature-based permissions, or to allow applica- tions from the same origin (i.e., signed by the same developer) to share the same UserID. A certificate of the signing key can be self-signed and does not need to be issued by a certification authority. The certificate is enclosed into the application installa- tion package such that the signature made by the developer can be validated at installation time. 4 Motivation, Objectives and Contribution The motivation behind this work consists in pro- tecting the user sensitive data as well as defend- ing the system safety against 3PLs-based attacks. Since 3PLs are currently running within the same process as the host application. It allows them to have the same permissions. 3PLs can leak sensi- tive information, access to the process address and thereby go through the system whenever it is possi- ble. Hence this research aim to identify the current state of malware generated by 3PLs in Android ap- plications, classify existing 3PLs and their threats. This survey call for novel suggestions to tackle these possible malwares. The main contributions of this paper are twofold: (i) Survey and classification of existing 3PLs and (ii) dataset of 3PLs-based at- tacks. 5 Third party library survey In this section, we present a systematic classifica- tion of existing 3PLs, taking in consideration their license, their popularity in android applications and the field of usage. 5.1 Classification Table 1: An overview of existing 3PLs In table 1, we collected the most important and the very used libraries, classified them in order to provide a valuable dataset to rely on for later expla- nation in the upcoming paragraph. The pack listed above are libraries that are quite popular, widely applicable and should probably be setup within most Android applications. We have included a de- scription of each library that tells the functionality as well as the purpose of usage. 5.2 Characterization and Usage in android applications Applications developed for Android Smart- phones are compressed files consisting of com- piled source programs, resources, information files needed to run such programs in Android OS and developers’ code signing files. As in Figure 3, classes.dex is the compiled JAVA source program. Resources such as strings, images and UI screens
are kept in the res folder. Resources.arsc contains the resource-related information. The META-INF holds electronic signature files. The electronic sig- nature uses SHA1 as its hash function and RSA as the default signature algorithm. Once developers sign their programs with their own private keys, de- veloped programs can be installed on Smartphones. AndroidManifest.xml is a compiled binary file con- taining essential information that need be notified to Android system before an app is executed, e.g. the name of the app, activities that make up the app, service, information about ContentProvider, information about permissions to access protected Android API and the version of the Android API. Figure 3: Android app file structure There are many 3PLs for android apps, yet we only mentioned some of the extremely popular and the most used in almost all android applications. Each has different purposes and area of use, but all of them make life easier for developers. Hence, the use of 3PLs is getting spread over android applica- tions, what makes it more complicated for security researchers to grant the user privacy and the system safety. Especially that 3PLs share the same process as the host application, that is why it is needed to clarify the usage of them in apps. As shows the fig- ure 3, generally speaking android components that are involved in this study are: resources (i.e. activ- ity file..), java classes and Android manifest. An- other important element to mention in this section is build.gradle which is the typical file to compile the whole package of an android application into an apk file that will be the binary to execute once installed from one of android markets. These are all the components involved in setting up an ap- plication with 3PLs. However, the usage depends on the nature of third party library. For example Ad libraries are totally independent from host ap- plication, because they only provide a banner or interstitials to show the ads and allow clicks on them without any interaction with the host ap- plication. Whereas, User Interface libraries tend to interact very often with the application, as the graphic interface is an essential part of any applica- tion and widely spread through java classes. Other libraries, such as network or database libraries are likely interactive with their host application, never- theless they are mostly susceptible to be separated, as demonstrates figure 4.a using retrofit which is a networking library, most of the application compo- nents call the 3PL, yet only the service component does implement the interface, however it doesn’t have a regular implementation, instead the imple- mentation is generated by Retrofit as illustrated in figure 4.b. This analysis was based on our observa- tions on some simple applications including most of the libraries mentioned before. It turns out that the usage of 3PLs changes from one another. On one hand, it depends on the application design, the re- quirements as well as the developer preferences. On the other, the 3PL type implies its degree of inter- action with the host application, which determine whether the application and the 3PL can be sepa- rated or it is likely a challenging issue (See figure 4.c). The possibilities of separation are discussed in section 7. 6 Third party library based at- tacks After analysing 3PLs’ usage in android applica- tions, we could observe and figure out some attack surfaces in android system and the host application. 6.1 3PLs Threats In actual fact, for vast majority of cases, the 3PLs-based attack is performed using some android vulnerabilities or the host application security lack. Although sandboxing technique in android isolates each application into its own process and protects every single application from other third party ap- plications, it is still possible to perform attacks us- ing 3PLs embedded in the application since they both of them run within the same process. The 3PLs have total access to the same data as the
(a) Dependencies scheme between different android components in an android appli- cation that includes a networking library: “Retrofit” (b) Zoom in the service component and usage of the 3PL, Retrofit, in android application (c) Example of challenges present in isolating 3PL from the host application Figure 4: Illustration of android application using 3PLs host application (application resources, process ad- dress. . . .). This vulnerability provides a new blind spot for attackers who usually aim to make revenue by different ways: • Steal the user data: Intercept text, steal pass- words or access to location... • Turn the device into Bots: Perform malicious actions and gain root privileges • Direct Financial gain: Call or text premium numbers or steal Online banking credential In this section, we assume that android application developer is benign. However, he usually includes some 3PLs blindly without any security verifica- tion. Our demonstration scenarios are based on the threat model presented in figure 5. 3PLs are quite likely able to perform several attacks and leak users’ sensitive data or provoke some other damages to the device or any other digital properties. Figure 5: An overview of 3PLs-based attack 6.2 Attacks Classification 3PLs-based attacks are meant to bypass android security (Sandboxing, permission model . . . ). That makes attackers exploit physical hooks to performs their attacks in order to steal some private infor- mation or cause other damages. In this context, we distinguish between two different classifications as following: 6.2.1 Functional Classification In this part, we classify 3PLs based on their func- tion or their impact on the user, his financial re- sources or his device. Table 2. presents three fun-
damental categories of 3PLs-based attacks: • Privacy: The first priority of security re- searchers is privacy because user sensitive data is quite likely to be leaked to an external server and be exploited for some malicious reasons such as making revenue. Our scenario for this category is a permission based attack illustrated in figure 6. We assume an application that hosts a third-party advertising library. We allow the application to access INTERNET and LOCATION. The library can easily get the user’s location and send it to the advertising server that can use it for legitimate reasons as well as some malicious purposes. Neither the user nor the developer know the final destination of these data. Hence, this attack can be very dangerous although it’s simplicity, a secret conference for example could be revealed by spies, which can be an extreme risk. Historically, to mitigate to these threats, the previous works were mostly based on static analysis [11]. This solution is always valid to track sensitive that, yet it has several limitations which makes it unpractical. TaintDroid for example, is able to only know presence or not of a certain leakage, however since the 3PLs and the application are packaged in the same compiled file, static analysis tool cannot know whether the application leaked the information or 3PLs did so. • Financial damage: In this category, we present some 3PLs-based attacks that brings about financial loss. Attacks typically include Frauds, send premium SMS or calls. Accord- ing to ARXAN security report, adversaries have hacked 78% paid android apps. We believe this is also possible using 3PLs even with benign application. Financial attacks performed by 3PLs are more likely to bypass android security especially within a mild host application. In fact, 3PLs have total access to the application resources, thus they can for example listen to the communication between this application and financial applications. Effectively, cracked versions of most popular financial apps are 58% in android according to ARXAN. Vulnerabilities in host applications make it easy for 3PLs to play their attacks in wider surface. • Device usability: Mobile devices have al- ways been required to satisfy a minimum per- formance. Battery in smartphones is one of the most important device components that makes it valuable or not. Therefore, device utilities are worth to be protected. Some attacks targets battery, in order to drain for some illegal commercial benefits or mali- cious reasons. The screen as well has been a direct target for android malwares, various at- tacks have been proposed against device screen whether for damage such as lock the screen or retrieve some data for instance password from touch keyboard. These already existing attacks made my mali- cious applications are completely possible us- ing 3PLs within a benign application. The 3PLs can use the same techniques to get data from the device touch keyboard and cause any damage to the screen. Existing solutions are only applicable for third party application as it is identified by its own UID. Our current con- text is completely different because the 3PLs are hosted within the same process as the mild application. Hence, the already existing solu- tion are not adaptable for 3PLs-based attacks. Figure 6: Example of a advertising 3PL leaking loca- tion to an external server
Table 2: 3PLs-based attacks Functional Classification 6.2.2 Agent-based classification An attack needs sinks and vulnerabilities in order to be able to play malicous actions. Although the advanced security policies in android system, there are some blind spots that can be exploitable by 3PLs. Table 3. shows the most important vulner- able agents susceptible to be attacked by external parties via 3PLs. In our survey, we include three main categories: Table 3: Agent-based classification of 3PLs • Memory: In general, physical attack needs a rooted privilege. However some applications could perform Bus monitoring attack that con- sists in injecting a tool in the bus memory and wait for the CPU to request some sen- sitive data, then steal them. We also believe that 3PLs are absolutely able to perform such an attack, since 3PLs can easily access to the memory allocated to the application as well as any other system files that are accessible via the host application. Some Encryption- based extensions were suggested to mitigate to it [22] and [23]. These solutions are appro- priate for 3PLs-based bus monitoring attack because it enforces the basic principle of En- cryption which is general, since the 3PLs don’t have access to the Authentication keys. An- other example is direct memory attack, which tackles the directly the RAM. • Side Channel: Side-channel attacks aim to obtain sensitive information by exploiting physical properties of the cryptographic im- plementation, such as timing information or power consumption. For example, different keys could affect the amount of processing time or power required to do the encryption dif- ferently, revealing something about the keys’ structure. On of the solution for this attack suggest to observe memory access patterns. However, it doesn’t address completely the at- tack since most of the side channels are phys- ical externally measurable. Hence, Side chan- nel attack remains one of the most sophis- ticated attacks that 3PLs can easily use to download, install or run arbitrary code on an- droid devices. We developed a simple appli- cation that hosts a 3PL which can download an arbitrary code from an external server and run it, all in the background, thus the user won’t be alerted of any of these actions. With a malicious code, this attack can result seri- ous damages not only to the application itself but also to the device and to the system other components. • Network: Denial of service is from the most challenging attacks that has been discovered in android. In fact, In order for a mobile device to communicate through a mobile network, a certain procedure must first take place. This procedure, shown in figure 7, includes a client connection request followed by an authentica- tion procedure. If the client successfully com- pletes this procedure, he is authenticated to the network, a connection channel is given to the device, and the client may then send and receive data. In 2G, 3G and 4G networks, all data commu- nication performed after this initial authen- tication procedure is encrypted and digitally
signed when sent over the radio network. This prevents eavesdropping, modifying or replay- ing of the data by third parties. However, the data flow preceding the authentication proce- dure (i.e. all data sent and received in stages 1-4 in figure 7) contains no encryption or digi- tal signing, since the trust required for imple- menting these protections is gained only after the authentication procedure (stage 5) is com- plete. This behavior could be misused by 3PLs in order to create an attach flood. The attacker will send a high rate of fake attach messages to the network, causing high resource utiliza- tion on the backend signaling gateways (MME, HSS for 4G or MSC, BSC, VLR on 3G). This may cause anything from a local station outage to a local area network outage. Figure 7: LTE Mobile Device Attach Procedure (source: www.lteandbeyond.com) 7 DISCUSSION Developers regularly supplement their mobile ap- plications with functionality or advertising rev- enue offered by 3PLs. When developers overprivi- lege their applications to support 3PLs, they leave their users vulnerable to a range of risks, including the potential unauthorized disclosure of privacy- sensitive user data. We can apply the concepts we present in this pa- per to analyze over-privileging problems with ad- vertising networks, gaming networks, user inter- face or networking libraries. Smartphones have become general purpose computing devices where sensitive information is readily available: Contact lists, phone numbers, geolocation, financial and so- cial data. Android does not provide users with suf- ficient control over their data and privacy. Our goal is to offer users proper control over their data while minimizing the burden of change to applica- tion developers and consumers. This work presents a reliable dataset of 3PLs and their specifications as well as 3PLs-based attacks. It turns out that we need to develop a security extension that applies the principle of least privilege to mobile applica- tions and 3PLs. We found a solution that uses privilege separa- tion to isolate 3PLs functionality from host appli- cations. Our idea was to isolate, in another pro- cess, the 3PLs from their host application process. Many difficulties were faced in the implementation of this solution since we had to keep the applica- tion integrity which is one of the most important principles of security. Two prototype implementa- tions were suggested showing different possibilities to separate the two processes: The first one was to isolate 3PLs process before the application encapsulation, it means that we need to modify the compiler. The second was to intervene after the application installation by separating the permissions related to 3PLs from those used by the host application. Both solutions are challenging. The first keeps the application integrity, however it presents a licence problem since the compiler is an Oracle property. The second is not practical since separating per- missions is not sufficient while both 3PLs and the application run in the same process.
8 CONCLUSION In this paper, we have presented an analysis and classification for Android 3PLs and their threats. We have collected, studied and classified the most used 3PLs in android apps. This classification is provided in terms of their behaviour and usage. We have also identified and unveiled 3PLs-based threats attacking most android components. These results show the necessity of a novel approach to tackle 3PLs-based already existing malware and prevent from some of the possible attacks. We hope to build an efficient tool to separate 3PLs from the host application leveraging a novel solu- tion and countermeasure against threats discussed in this paper. 9 ACKNOWLEDGEMENT This work is part of Android Security project launched by High Performance Computing Lab. in Pohang University Of Science and Technology (POSTECH) in Pohang, South Korea in collabora- tion with ENSEIRB-MATMECA Graduate School of Engineering in Bordeaux, France. We would like to thank our shepherd in POSTECH, Pro- fessor Jong Kim and my adviser in ENSEIRB- MATMECA, Mme. Francine Krief for their sup- port and supervising. I would like to thank my mentor, Beumjin Cho, for his follow-up and thor- ough feedbacks on earlier drafts of this paper. References [1] Google, “Android Open Source Project.” [On- line]. Available: https://source.android.com/ [2] Advertising ID. [Online]. Available: https://developer.android.com/google/play- services/id.html,2014. [3] Android API Guides. [Online]. Available: https://developer.android.com/guide/ index.html,2014. [4] Android NDK. [Online]. Available: http://developer.android.com/tools/sdk/ndk/ index.html,2014. [5] AppBrain Statistics on Android Libraries: Third party libraries. [Online]. Available: http://www.appbrain.com/stats/libraries. [6] Google Play. [Online]. Available: https://play.google.com/store,2014. [7] AdMob: Mobile Advertising. [Online]. Avail- able: http://www.admob.com/. [8] Apache Coyote. 2011. Apache coyote – Open source Java platform. [Online]. Avail- able: http://tomcat.apache.org/tomcat-4.1- doc/config/coyote.html. [9] Joshua J. Drake, Zach Lanier, Collin Mulliner, Pau Oliva Fora, Stephen A. Ridley,Georg Wicherski. Android Hacker’s Handbook. Available in Amazon: http://www.amazon.fr/Android-Hackers- Handbook-Joshua-Drake/dp/111860864X [10] Nikolay Elenkov. Android Security Inter- nals: An In-Depth Guide to Android’s Security Architecture. Available in Ama- zon: http://www.amazon.fr/Android- Security-Internals-In-Depth- Architecture/dp/1593275811 [11] W. Enck, P. Gilbert, B. Chun, L. Cox, J. Jung, P. McDaniel, and A. Sheth. TaintDroid: An Information-flow Tracking System for Re- altime Privacy Monitoring on Smartphones. In Proc. OSDI, 2010. [12] S. Shekhar, M. Dietz, and D. Wallach. AdSplit: Separating Smartphone Advertising from Ap- plications. In Proc. USENIX Security, 2012. [13] P. Pearce, A. Felt, G. Nunez, and D. Wag- ner. AdDroid: Privilege Separation for Appli- cations and Advertisers in Android. In Proc. ACM ASIACCS, 2012. [14] Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., and Wallach, D. S. Quire: Lightweight Prove- nance for Smart Phone Operating Systems. In USENIX Security Symposium (SSYM) (2011). [15] S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A. Sadeghi. 2011. Xmandroid: A new an- droid evolution to mitigate privilege escalation
attacks. Tech. rep. TR-2011-04, Center for Ad- vanced Security Research Darmstadt, Technis- che Universitat Darmstadt, Darmstadt, Ger- many. [16] Enck, W., Ongtang, M., and McDaniel, P. On lightweight mobile phone application certification. In Proc. of the ACM conference on Computer and Communications Security (2009). [17] S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry, “Towards Tam- ing Privilege-Escalation Attacks on Android,” in Proceedings of the 19th Annual Symposium on Network and Distributed System Security, 2012. [18] Zhang, X., Ahlawat, A., and Du, W. AFrame: Isolating Advertisements from Mobile Appli- cations in Android. In Proceedings of the 29th Annual Computer Security Applications Con- ference (ACSAC) (New Orleans, Louisiana, USA, December 9-13 2013). [19] B. Liu , B. Liu† , H. Jin„ R. Govindan. Effi- cient Privilege De-Escalation for Ad Libraries in Mobile Apps. In Proceedings of the 13th International Conference on Mobile Systems, Applications and services [20] H. Kawabata, T. Isohara, K. Takemori, A. Kubota, J. Kani, H. Agematsu, and M. Nishi- gaki, “Sanadbox: Sandboxing third party ad- vertising libraries in a mobile application,” in Communications (ICC), 2013 IEEE In- ternational Conference on. IEEE, 2013, pp. 2150–2154. [21] S. Poeplau, Y. Fratantonio, A. Bianchi, C. Kruegel, and G. Vigna, “Execute This! An- alyzing Unsafe and Malicious Dynamic Code Loading in Android Applications,” in Proceed- ings of the 20th Annual Network Distributed System Security Symposium (NDSS), 2014. [22] P. Colp, J. Zhang, J. Gleeson, S. Suneja, E. de Lara, H. Raj, S. Saroiu, and A. Wolman, “Protecting data on smartphones and tablets from memory attacks,” in Proceedings of the Twentieth International Conference on Archi- tectural Support for Programming Languages and Operating Systems, ASPLOS ’15, (New York, NY, USA), pp. 177– 189, ACM, 2015. [23] X. Zhou, S. Demetriou, D. He, M. Naveed, X. Pan, X. Wang, C. A. Gunter, and K. Nahrst- edt. Identity, location, disease and more: In- ferring your secrets from android public re- sources. In Proceedings of the 2013 ACM Con- ference on Computer and Communications Se- curity, CCS ’13, pages 1017–1028, New York, NY, USA, 2013. ACM.

Recommandé

Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devicesIOSR Journals
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISijitcs
 
Mitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportMitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportVinoth Kanna
 
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...IJNSA Journal
 
Android security
Android securityAndroid security
Android securityDr Amira Bibo
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsIJTET Journal
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksIAEME Publication
 
Attribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android SmartphonesAttribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android SmartphonesIJCSIS Research Publications
 

Recommandé

Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devicesIOSR Journals
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISijitcs
 
Mitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportMitigating Privilege-Escalation Attacks on Android Report
Mitigating Privilege-Escalation Attacks on Android ReportVinoth Kanna
 
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...
SYSTEM CALL DEPENDENCE GRAPH BASED BEHAVIOR DECOMPOSITION OF ANDROID APPLICAT...IJNSA Journal
 
Android security
Android securityAndroid security
Android securityDr Amira Bibo
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsIJTET Journal
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksIAEME Publication
 
Attribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android SmartphonesAttribute-based Permission Model for Android Smartphones
Attribute-based Permission Model for Android SmartphonesIJCSIS Research Publications
 
I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperHarsimran Walia
 
IRJET - Web Vulnerability Scanner
IRJET - Web Vulnerability ScannerIRJET - Web Vulnerability Scanner
IRJET - Web Vulnerability ScannerIRJET Journal
 
A26001006
A26001006A26001006
A26001006IJERA Editor
 
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...IRJET Journal
 
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...csandit
 
Analysis of XSS attack Mitigation techniques based on Platforms and Browsers
Analysis of XSS attack Mitigation techniques based on Platforms and BrowsersAnalysis of XSS attack Mitigation techniques based on Platforms and Browsers
Analysis of XSS attack Mitigation techniques based on Platforms and Browserscscpconf
 
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection TechniquesEditor IJMTER
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniquesijdpsjournal
 
IJET-V3I1P9
IJET-V3I1P9IJET-V3I1P9
IJET-V3I1P9IJET - International Journal of Engineering and Techniques
 
Website vulnerability to session fixation attacks
Website vulnerability to session fixation attacksWebsite vulnerability to session fixation attacks
Website vulnerability to session fixation attacksAlexander Decker
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...IOSR Journals
 
1780 1783
1780 17831780 1783
1780 1783Editor IJARCET
 
Rapport X force 2014
Rapport X force 2014Rapport X force 2014
Rapport X force 2014Patrick Bouillaud
 
Cross Site Scripting Attacks and Preventive Measures
Cross Site Scripting Attacks and Preventive MeasuresCross Site Scripting Attacks and Preventive Measures
Cross Site Scripting Attacks and Preventive MeasuresIRJET Journal
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesIRJET Journal
 
Malware Detection in Android Applications
Malware Detection in Android ApplicationsMalware Detection in Android Applications
Malware Detection in Android Applicationsijtsrd
 
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Carlos Laorden
 
HinDroid
HinDroidHinDroid
HinDroidHinDroid
 
PROP - P ATRONAGE OF PHP W EB A PPLICATIONS
PROP - P ATRONAGE OF PHP W EB A PPLICATIONSPROP - P ATRONAGE OF PHP W EB A PPLICATIONS
PROP - P ATRONAGE OF PHP W EB A PPLICATIONSijcsit
 
Android security
Android securityAndroid security
Android securityDr Amira Bibo
 
OS-Project-Report-Team-8
OS-Project-Report-Team-8OS-Project-Report-Team-8
OS-Project-Report-Team-8shriram suryanarayanan
 
Android_Nougats_security_issues_and_solutions.pdf
Android_Nougats_security_issues_and_solutions.pdfAndroid_Nougats_security_issues_and_solutions.pdf
Android_Nougats_security_issues_and_solutions.pdfTalha Naqash
 

Contenu connexe

Tendances

I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperHarsimran Walia
 
IRJET - Web Vulnerability Scanner
IRJET - Web Vulnerability ScannerIRJET - Web Vulnerability Scanner
IRJET - Web Vulnerability ScannerIRJET Journal
 
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...IRJET Journal
 
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...csandit
 
Analysis of XSS attack Mitigation techniques based on Platforms and Browsers
Analysis of XSS attack Mitigation techniques based on Platforms and BrowsersAnalysis of XSS attack Mitigation techniques based on Platforms and Browsers
Analysis of XSS attack Mitigation techniques based on Platforms and Browserscscpconf
 
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection TechniquesEditor IJMTER
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniquesijdpsjournal
 
Website vulnerability to session fixation attacks
Website vulnerability to session fixation attacksWebsite vulnerability to session fixation attacks
Website vulnerability to session fixation attacksAlexander Decker
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...IOSR Journals
 
Cross Site Scripting Attacks and Preventive Measures
Cross Site Scripting Attacks and Preventive MeasuresCross Site Scripting Attacks and Preventive Measures
Cross Site Scripting Attacks and Preventive MeasuresIRJET Journal
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesIRJET Journal
 
Malware Detection in Android Applications
Malware Detection in Android ApplicationsMalware Detection in Android Applications
Malware Detection in Android Applicationsijtsrd
 
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Carlos Laorden
 
PROP - P ATRONAGE OF PHP W EB A PPLICATIONS
PROP - P ATRONAGE OF PHP W EB A PPLICATIONSPROP - P ATRONAGE OF PHP W EB A PPLICATIONS
PROP - P ATRONAGE OF PHP W EB A PPLICATIONSijcsit
 

Tendances (19)

I haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaperI haz you and pwn your maal whitepaper
I haz you and pwn your maal whitepaper
 
IRJET - Web Vulnerability Scanner
IRJET - Web Vulnerability ScannerIRJET - Web Vulnerability Scanner
IRJET - Web Vulnerability Scanner
 
A26001006
A26001006A26001006
A26001006
 
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
 
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
DROIDSWAN: Detecting Malicious Android Applications Based on Static Feature A...
 
Analysis of XSS attack Mitigation techniques based on Platforms and Browsers
Analysis of XSS attack Mitigation techniques based on Platforms and BrowsersAnalysis of XSS attack Mitigation techniques based on Platforms and Browsers
Analysis of XSS attack Mitigation techniques based on Platforms and Browsers
 
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection Techniques
 
Review on mobile threats and detection techniques
Review on mobile threats and detection techniquesReview on mobile threats and detection techniques
Review on mobile threats and detection techniques
 
IJET-V3I1P9
IJET-V3I1P9IJET-V3I1P9
IJET-V3I1P9
 
Website vulnerability to session fixation attacks
Website vulnerability to session fixation attacksWebsite vulnerability to session fixation attacks
Website vulnerability to session fixation attacks
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
 
1780 1783
1780 17831780 1783
1780 1783
 
Rapport X force 2014
Rapport X force 2014Rapport X force 2014
Rapport X force 2014
 
Cross Site Scripting Attacks and Preventive Measures
Cross Site Scripting Attacks and Preventive MeasuresCross Site Scripting Attacks and Preventive Measures
Cross Site Scripting Attacks and Preventive Measures
 
Android Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and DefensesAndroid Security: A Survey of Security Issues and Defenses
Android Security: A Survey of Security Issues and Defenses
 
Malware Detection in Android Applications
Malware Detection in Android ApplicationsMalware Detection in Android Applications
Malware Detection in Android Applications
 
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
Anomaly Detection using String Analysis for Android Malware Detection - CISIS...
 
HinDroid
HinDroidHinDroid
HinDroid
 
PROP - P ATRONAGE OF PHP W EB A PPLICATIONS
PROP - P ATRONAGE OF PHP W EB A PPLICATIONSPROP - P ATRONAGE OF PHP W EB A PPLICATIONS
PROP - P ATRONAGE OF PHP W EB A PPLICATIONS
 

Similaire à Detection of Android Third Party Libraries based attacks

Android_Nougats_security_issues_and_solutions.pdf
Android_Nougats_security_issues_and_solutions.pdfAndroid_Nougats_security_issues_and_solutions.pdf
Android_Nougats_security_issues_and_solutions.pdfTalha Naqash
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
Mediating Applications on the Android System
Mediating Applications on the Android SystemMediating Applications on the Android System
Mediating Applications on the Android SystemNizar Maan
 
Android malware detection_using_autoenco (1)
Android malware detection_using_autoenco (1)Android malware detection_using_autoenco (1)
Android malware detection_using_autoenco (1)Zahid Qaisar
 
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROID
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROIDA FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROID
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROIDIJNSA Journal
 
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDHONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDIJCNCJournal
 
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...IJCNCJournal
 
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...IJCNCJournal
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisIRJET Journal
 
Enter Sandbox: Android Sandbox Comparison
Enter Sandbox: Android Sandbox ComparisonEnter Sandbox: Android Sandbox Comparison
Enter Sandbox: Android Sandbox ComparisonJose Moruno Cadima
 
20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar20160831_app_storesecurity_Seminar
20160831_app_storesecurity_SeminarJisoo Park
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesIOSR Journals
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET Journal
 
A case study of malware detection and removal in android apps
A case study of malware detection and removal in android appsA case study of malware detection and removal in android apps
A case study of malware detection and removal in android appsijmnct
 
COVERT app
COVERT appCOVERT app
COVERT appitba9
 

Similaire à Detection of Android Third Party Libraries based attacks (20)

Android security
Android securityAndroid security
Android security
 
OS-Project-Report-Team-8
OS-Project-Report-Team-8OS-Project-Report-Team-8
OS-Project-Report-Team-8
 
Android_Nougats_security_issues_and_solutions.pdf
Android_Nougats_security_issues_and_solutions.pdfAndroid_Nougats_security_issues_and_solutions.pdf
Android_Nougats_security_issues_and_solutions.pdf
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphones
 
A017360104
A017360104A017360104
A017360104
 
Mediating Applications on the Android System
Mediating Applications on the Android SystemMediating Applications on the Android System
Mediating Applications on the Android System
 
Android security
Android security Android security
Android security
 
1780 1783
1780 17831780 1783
1780 1783
 
Android malware detection_using_autoenco (1)
Android malware detection_using_autoenco (1)Android malware detection_using_autoenco (1)
Android malware detection_using_autoenco (1)
 
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROID
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROIDA FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROID
A FRAMEWORK FOR THE DETECTION OF BANKING TROJANS IN ANDROID
 
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROIDHONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
HONEYPOTLABSAC: A VIRTUAL HONEYPOT FRAMEWORK FOR ANDROID
 
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
 
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
Unveiling Advanced Persistence Techniques Through Application Shimming and Co...
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault Analysis
 
Enter Sandbox: Android Sandbox Comparison
Enter Sandbox: Android Sandbox ComparisonEnter Sandbox: Android Sandbox Comparison
Enter Sandbox: Android Sandbox Comparison
 
20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android Smartphones
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection Methods
 
A case study of malware detection and removal in android apps
A case study of malware detection and removal in android appsA case study of malware detection and removal in android apps
A case study of malware detection and removal in android apps
 
COVERT app
COVERT appCOVERT app
COVERT app
 

Detection of Android Third Party Libraries based attacks

  • 1. Detection of Android Third Party Libraries (3PLs) based attacks Amina Waddiz awaddiz@enseirb-matmeca.fr Beumjin Cho beumjincho@postech.ac.kr Sangwoo Ji j1cron@postech.ac.kr Jong Kim* jkim@postech.ac.kr Francine Krief* krief@ipb.fr Abstract Smartphones are rising in popularity as well as becoming more sophisticated over recent years. This popularity coupled with the fact that smartphones contain a lot of private user data is causing a pro- portional rise in different malwares for the plat- form. In this paper we analyze and classify existing third party libraries (3PLs). The paper also reports a novel method for malware development and novel attack techniques using third party libraries. The possible countermeasures are also proposed. 1 INTRODUCTION Android is the world’s most popular mobile plat- form. Seventy percent of smartphones use An- droid as their operating system. Smartphones users download and install software from applica- tion markets, such as Google Play, Amazon App- Store or Samsung Galaxy Apps. . . . According to AppBrain in 2015, by July 2015, the official market for Android applications, Google Play, hosted over 1.6 million applications. Despite recent advances in mobile security, so many malware are not de- tectable by existing techniques and sensitive data constitute one of the most remarkable of their tar- gets. The leakage of these sensitive information is potentially caused by malicious or misuse of code, such as third party libraries, in android applica- tions. Third-party libraries, such as advertising net- works, gaming networks and user interface libraries (UI), are an integral part of modern mobile plat- forms. If Android developers want to integrate functionality provided by third party libraries, they must bundle opaque binary code into their applica- tions. Unfortunately, developers must in essence over privilege their Android applications by re- questing dangerous permissions, such as full In- ternet access, solely for the purpose of supporting third party libraries. Mixing third party libraries and dangerous permissions introduces vulnerabili- ties and risks to potential compromise of private user data. We present a new approach of tracking malware in real world android applications. It consists in third party libraries survey. For the reasons men- tioned before, the study aim to accurately and pre- cisely reveal security threats derived from third party libraries by providing examples and illustra- tions of most dangerous attacks that may affect the user privacy, android operating system and device utilities. Based on our dataset, new solutions could be implemented to mitigate to 3PLs-based attacks. The rest of this document is organized as fol- lowing: Section 2 presents review of related work followed by an overview of android system archi- tecture and security model in section 3. After that, section 4 describes precisely the motivation behind this work and mentions our main objectives. Later, Section 5 shows different third party libraries and their usage in android applications, whereas sec- tion 6 characterizes existing and possible android attacks originally from third party libraries. Sec- tion 7 discusses the possibilities of mitigating to previous threats. Finally, we summarize our work, in section 8.
  • 2. 2 RELATED WORK Previous works have approached the understand- ing of application behavior in different ways. One much-studied area is the permission system. It has significant limitations, and many papers have explored or attempted to address these limitations. Recent work by Bugiel and Davi, XManDroid [15] and System Centric Protection [17], detects mechanisms by which permissions granted to one application can be leaked to another, either inadvertently or deliberately through collusion. Enck and Gilbert [11] present an information-flow tracking system called TaintDroid that detects private data leaks. Kirin [16] detects potentially dangerous applications at install-time based on combinations of permissions and intent strings. However, any change to the permission system would require fundamental changes to Android, which may limit how likely these solutions are to be implemented. Other works seek to isolate advertising libraries from host applications. AdDroid [13] by Pearce and Felt, suggests a privilege separation manner to address the threats introduced by over-privileged applications, this approach rely on extending An- droid API to support advertising libraries as well as introducing new permissions to detect whether the application contain advertisements or not. Likewise, AdSplit [12] aims for this separation, yet this work examined the impact of malicious activities primarily focused on fraud that harmed the advertiser, similar to AdDroid, it deals with over-privileged applications especially those with advertising libraries by running them into two different processes. AdSplit also uses prior work QUIRE [14] to allow both applications to be displayed in a shared screen. Other researches, Zhang and Ahlwat, found out a different way to handle such a problem of the advertising libraries. AFrame [18] provides a general approach to isolate third-party libraries into a separate process. It targets libraries that need strong isolation and do not interact quite often with the main process. Effectively, similar work designed to separate ads and apps as an additional ad library protection technique [20]. Several other studies have developed com- plementary mechanisms to improve user and developer control of applications. A recent work [19] has implemented a new system PEDAL, which can detect Ad libraries even in the presence of obfuscated code. It performs instrumentation of bytecode to de-escalate the privileges of sensitive resources such as location, contacts, etc. However these work do not cover all third party libraries, neither capture incoming malicious attacks. Unlike Ad libraries, that have attracted many se- curity researchers to work on and mitigate to their threats, other third party libraries haven’t taken part of any prior work, after all they are a large exploited attack surface. As far as we know, there is no similar approach that can classify 3PLs at- tacks and reveal their based attacks. We open the door for a novel perspective of security vulnerabili- ties in android system by revealing the threats and the damage mostly used third-party libraries may invoke. 3 Android background Before elaborating on our survey, we briefly de- scribe android architecture and the security mech- anisms. 3.1 Android System architecture Android is an open source software platform for mobile devices. It includes a Linux kernel, mid- dleware framework, and core applications. The Linux kernel provides low-level services to the rest of the system, such as networking, storage, mem- ory, and processing. A middleware layer consists of native Android libraries (written in C/C++), an optimized version of a Java Virtual Machine called Dalvik Virtual Machine (DVM), and core libraries written in Java. The DVM executes binaries of applications residing in higher layers. Android ap- plications are written in Java and consist of sepa- rated modules, so-called components. Components can communicate to each other and to components of other applications through an inter component communication (ICC) mechanism provided by the Android middleware called Binder. As Android ap- plications are written in Java, they are basically
  • 3. protected against standard buffer overflow attacks due to the implicit bound checking. However, Java- applications can also access C/C++ code libraries via the Java Native Interface (JNI). Developers may use JNI to incorporate own C/C++ libraries into the program code, e.g., due to performance reasons. Moreover, many C libraries are mapped by default to fixed memory addresses in the program memory space. Due to the inclusion of C/C++ libraries, the security guarantees provided by the Java programming language do not hold any longer. 3.2 Android Security model 3.2.1 Discretionary Access Control (DAC) The DAC mechanism is inherited from Linux, which controls access to files by process ownership. Each running process (i.e., subject) is assigned a UserID, while for each file (i.e., object) access rules are specified. Each file is assigned access rules for three sets of subjects: user, group and everyone. Each subject set may have permissions to read, write and execute a file. 3.2.2 Sandboxing Sandboxing isolates applications from each other and from system resources. System files are owned by either the “system” or “root” user, while other applications have own unique identifiers. In this way, an application can only access files owned by itself or files of other applications that are explicitly marked as readable/writable/executable for others. Figure 1: Sandboxing concept in android system 3.2.3 The permission mechanism It is provided by the middleware layer of An- droid. A reference monitor enforces mandatory ac- cess control (MAC) on ICC calls. Security sensi- tive interfaces are protected by standard Android permissions such as PHONE CALLS, INTERNET, SEND SMS meaning that applications have to pos- sess these permissions to be able to perform phone calls, to access the Internet or to send text mes- sages. Additionally, applications may declare cus- tom types of permission labels to restrict access to own interfaces. Required permissions are explic- itly specified in a Manifest file and are approved at installation time based on checks against the sig- natures of the applications declaring these permis- sions and on user confirmation illustrated on figure 2. Binder in Android is a reduced custom imple- mentation of OpenBinder. Privilege Escalation At- tacks on Android. At runtime, when an ICC call is requested by a component, the reference monitor checks whether the application of this component possesses appropriate permissions. Additionally, application developers may place reference moni- tor hooks directly into the code of components to verify permissions granted to the ICC call initiator. Figure 2: Request to accept an app permissions at install time 3.2.4 Component Encapsulation Application components can be specified as pub- lic or private. Private components are accessible only by components within the same application. When declared as public, components are reachable by other applications as well, however, full access can be limited by requiring calling applications to
  • 4. have specified permissions. 3.2.5 Application Signing Android uses cryptographic signatures to verify the origin of applications and to establish trust rela- tionships among them. Therefore, developers have to sign the application code. This allows to enable signature-based permissions, or to allow applica- tions from the same origin (i.e., signed by the same developer) to share the same UserID. A certificate of the signing key can be self-signed and does not need to be issued by a certification authority. The certificate is enclosed into the application installa- tion package such that the signature made by the developer can be validated at installation time. 4 Motivation, Objectives and Contribution The motivation behind this work consists in pro- tecting the user sensitive data as well as defend- ing the system safety against 3PLs-based attacks. Since 3PLs are currently running within the same process as the host application. It allows them to have the same permissions. 3PLs can leak sensi- tive information, access to the process address and thereby go through the system whenever it is possi- ble. Hence this research aim to identify the current state of malware generated by 3PLs in Android ap- plications, classify existing 3PLs and their threats. This survey call for novel suggestions to tackle these possible malwares. The main contributions of this paper are twofold: (i) Survey and classification of existing 3PLs and (ii) dataset of 3PLs-based at- tacks. 5 Third party library survey In this section, we present a systematic classifica- tion of existing 3PLs, taking in consideration their license, their popularity in android applications and the field of usage. 5.1 Classification Table 1: An overview of existing 3PLs In table 1, we collected the most important and the very used libraries, classified them in order to provide a valuable dataset to rely on for later expla- nation in the upcoming paragraph. The pack listed above are libraries that are quite popular, widely applicable and should probably be setup within most Android applications. We have included a de- scription of each library that tells the functionality as well as the purpose of usage. 5.2 Characterization and Usage in android applications Applications developed for Android Smart- phones are compressed files consisting of com- piled source programs, resources, information files needed to run such programs in Android OS and developers’ code signing files. As in Figure 3, classes.dex is the compiled JAVA source program. Resources such as strings, images and UI screens
  • 5. are kept in the res folder. Resources.arsc contains the resource-related information. The META-INF holds electronic signature files. The electronic sig- nature uses SHA1 as its hash function and RSA as the default signature algorithm. Once developers sign their programs with their own private keys, de- veloped programs can be installed on Smartphones. AndroidManifest.xml is a compiled binary file con- taining essential information that need be notified to Android system before an app is executed, e.g. the name of the app, activities that make up the app, service, information about ContentProvider, information about permissions to access protected Android API and the version of the Android API. Figure 3: Android app file structure There are many 3PLs for android apps, yet we only mentioned some of the extremely popular and the most used in almost all android applications. Each has different purposes and area of use, but all of them make life easier for developers. Hence, the use of 3PLs is getting spread over android applica- tions, what makes it more complicated for security researchers to grant the user privacy and the system safety. Especially that 3PLs share the same process as the host application, that is why it is needed to clarify the usage of them in apps. As shows the fig- ure 3, generally speaking android components that are involved in this study are: resources (i.e. activ- ity file..), java classes and Android manifest. An- other important element to mention in this section is build.gradle which is the typical file to compile the whole package of an android application into an apk file that will be the binary to execute once installed from one of android markets. These are all the components involved in setting up an ap- plication with 3PLs. However, the usage depends on the nature of third party library. For example Ad libraries are totally independent from host ap- plication, because they only provide a banner or interstitials to show the ads and allow clicks on them without any interaction with the host ap- plication. Whereas, User Interface libraries tend to interact very often with the application, as the graphic interface is an essential part of any applica- tion and widely spread through java classes. Other libraries, such as network or database libraries are likely interactive with their host application, never- theless they are mostly susceptible to be separated, as demonstrates figure 4.a using retrofit which is a networking library, most of the application compo- nents call the 3PL, yet only the service component does implement the interface, however it doesn’t have a regular implementation, instead the imple- mentation is generated by Retrofit as illustrated in figure 4.b. This analysis was based on our observa- tions on some simple applications including most of the libraries mentioned before. It turns out that the usage of 3PLs changes from one another. On one hand, it depends on the application design, the re- quirements as well as the developer preferences. On the other, the 3PL type implies its degree of inter- action with the host application, which determine whether the application and the 3PL can be sepa- rated or it is likely a challenging issue (See figure 4.c). The possibilities of separation are discussed in section 7. 6 Third party library based at- tacks After analysing 3PLs’ usage in android applica- tions, we could observe and figure out some attack surfaces in android system and the host application. 6.1 3PLs Threats In actual fact, for vast majority of cases, the 3PLs-based attack is performed using some android vulnerabilities or the host application security lack. Although sandboxing technique in android isolates each application into its own process and protects every single application from other third party ap- plications, it is still possible to perform attacks us- ing 3PLs embedded in the application since they both of them run within the same process. The 3PLs have total access to the same data as the
  • 6. (a) Dependencies scheme between different android components in an android appli- cation that includes a networking library: “Retrofit” (b) Zoom in the service component and usage of the 3PL, Retrofit, in android application (c) Example of challenges present in isolating 3PL from the host application Figure 4: Illustration of android application using 3PLs host application (application resources, process ad- dress. . . .). This vulnerability provides a new blind spot for attackers who usually aim to make revenue by different ways: • Steal the user data: Intercept text, steal pass- words or access to location... • Turn the device into Bots: Perform malicious actions and gain root privileges • Direct Financial gain: Call or text premium numbers or steal Online banking credential In this section, we assume that android application developer is benign. However, he usually includes some 3PLs blindly without any security verifica- tion. Our demonstration scenarios are based on the threat model presented in figure 5. 3PLs are quite likely able to perform several attacks and leak users’ sensitive data or provoke some other damages to the device or any other digital properties. Figure 5: An overview of 3PLs-based attack 6.2 Attacks Classification 3PLs-based attacks are meant to bypass android security (Sandboxing, permission model . . . ). That makes attackers exploit physical hooks to performs their attacks in order to steal some private infor- mation or cause other damages. In this context, we distinguish between two different classifications as following: 6.2.1 Functional Classification In this part, we classify 3PLs based on their func- tion or their impact on the user, his financial re- sources or his device. Table 2. presents three fun-
  • 7. damental categories of 3PLs-based attacks: • Privacy: The first priority of security re- searchers is privacy because user sensitive data is quite likely to be leaked to an external server and be exploited for some malicious reasons such as making revenue. Our scenario for this category is a permission based attack illustrated in figure 6. We assume an application that hosts a third-party advertising library. We allow the application to access INTERNET and LOCATION. The library can easily get the user’s location and send it to the advertising server that can use it for legitimate reasons as well as some malicious purposes. Neither the user nor the developer know the final destination of these data. Hence, this attack can be very dangerous although it’s simplicity, a secret conference for example could be revealed by spies, which can be an extreme risk. Historically, to mitigate to these threats, the previous works were mostly based on static analysis [11]. This solution is always valid to track sensitive that, yet it has several limitations which makes it unpractical. TaintDroid for example, is able to only know presence or not of a certain leakage, however since the 3PLs and the application are packaged in the same compiled file, static analysis tool cannot know whether the application leaked the information or 3PLs did so. • Financial damage: In this category, we present some 3PLs-based attacks that brings about financial loss. Attacks typically include Frauds, send premium SMS or calls. Accord- ing to ARXAN security report, adversaries have hacked 78% paid android apps. We believe this is also possible using 3PLs even with benign application. Financial attacks performed by 3PLs are more likely to bypass android security especially within a mild host application. In fact, 3PLs have total access to the application resources, thus they can for example listen to the communication between this application and financial applications. Effectively, cracked versions of most popular financial apps are 58% in android according to ARXAN. Vulnerabilities in host applications make it easy for 3PLs to play their attacks in wider surface. • Device usability: Mobile devices have al- ways been required to satisfy a minimum per- formance. Battery in smartphones is one of the most important device components that makes it valuable or not. Therefore, device utilities are worth to be protected. Some attacks targets battery, in order to drain for some illegal commercial benefits or mali- cious reasons. The screen as well has been a direct target for android malwares, various at- tacks have been proposed against device screen whether for damage such as lock the screen or retrieve some data for instance password from touch keyboard. These already existing attacks made my mali- cious applications are completely possible us- ing 3PLs within a benign application. The 3PLs can use the same techniques to get data from the device touch keyboard and cause any damage to the screen. Existing solutions are only applicable for third party application as it is identified by its own UID. Our current con- text is completely different because the 3PLs are hosted within the same process as the mild application. Hence, the already existing solu- tion are not adaptable for 3PLs-based attacks. Figure 6: Example of a advertising 3PL leaking loca- tion to an external server
  • 8. Table 2: 3PLs-based attacks Functional Classification 6.2.2 Agent-based classification An attack needs sinks and vulnerabilities in order to be able to play malicous actions. Although the advanced security policies in android system, there are some blind spots that can be exploitable by 3PLs. Table 3. shows the most important vulner- able agents susceptible to be attacked by external parties via 3PLs. In our survey, we include three main categories: Table 3: Agent-based classification of 3PLs • Memory: In general, physical attack needs a rooted privilege. However some applications could perform Bus monitoring attack that con- sists in injecting a tool in the bus memory and wait for the CPU to request some sen- sitive data, then steal them. We also believe that 3PLs are absolutely able to perform such an attack, since 3PLs can easily access to the memory allocated to the application as well as any other system files that are accessible via the host application. Some Encryption- based extensions were suggested to mitigate to it [22] and [23]. These solutions are appro- priate for 3PLs-based bus monitoring attack because it enforces the basic principle of En- cryption which is general, since the 3PLs don’t have access to the Authentication keys. An- other example is direct memory attack, which tackles the directly the RAM. • Side Channel: Side-channel attacks aim to obtain sensitive information by exploiting physical properties of the cryptographic im- plementation, such as timing information or power consumption. For example, different keys could affect the amount of processing time or power required to do the encryption dif- ferently, revealing something about the keys’ structure. On of the solution for this attack suggest to observe memory access patterns. However, it doesn’t address completely the at- tack since most of the side channels are phys- ical externally measurable. Hence, Side chan- nel attack remains one of the most sophis- ticated attacks that 3PLs can easily use to download, install or run arbitrary code on an- droid devices. We developed a simple appli- cation that hosts a 3PL which can download an arbitrary code from an external server and run it, all in the background, thus the user won’t be alerted of any of these actions. With a malicious code, this attack can result seri- ous damages not only to the application itself but also to the device and to the system other components. • Network: Denial of service is from the most challenging attacks that has been discovered in android. In fact, In order for a mobile device to communicate through a mobile network, a certain procedure must first take place. This procedure, shown in figure 7, includes a client connection request followed by an authentica- tion procedure. If the client successfully com- pletes this procedure, he is authenticated to the network, a connection channel is given to the device, and the client may then send and receive data. In 2G, 3G and 4G networks, all data commu- nication performed after this initial authen- tication procedure is encrypted and digitally
  • 9. signed when sent over the radio network. This prevents eavesdropping, modifying or replay- ing of the data by third parties. However, the data flow preceding the authentication proce- dure (i.e. all data sent and received in stages 1-4 in figure 7) contains no encryption or digi- tal signing, since the trust required for imple- menting these protections is gained only after the authentication procedure (stage 5) is com- plete. This behavior could be misused by 3PLs in order to create an attach flood. The attacker will send a high rate of fake attach messages to the network, causing high resource utiliza- tion on the backend signaling gateways (MME, HSS for 4G or MSC, BSC, VLR on 3G). This may cause anything from a local station outage to a local area network outage. Figure 7: LTE Mobile Device Attach Procedure (source: www.lteandbeyond.com) 7 DISCUSSION Developers regularly supplement their mobile ap- plications with functionality or advertising rev- enue offered by 3PLs. When developers overprivi- lege their applications to support 3PLs, they leave their users vulnerable to a range of risks, including the potential unauthorized disclosure of privacy- sensitive user data. We can apply the concepts we present in this pa- per to analyze over-privileging problems with ad- vertising networks, gaming networks, user inter- face or networking libraries. Smartphones have become general purpose computing devices where sensitive information is readily available: Contact lists, phone numbers, geolocation, financial and so- cial data. Android does not provide users with suf- ficient control over their data and privacy. Our goal is to offer users proper control over their data while minimizing the burden of change to applica- tion developers and consumers. This work presents a reliable dataset of 3PLs and their specifications as well as 3PLs-based attacks. It turns out that we need to develop a security extension that applies the principle of least privilege to mobile applica- tions and 3PLs. We found a solution that uses privilege separa- tion to isolate 3PLs functionality from host appli- cations. Our idea was to isolate, in another pro- cess, the 3PLs from their host application process. Many difficulties were faced in the implementation of this solution since we had to keep the applica- tion integrity which is one of the most important principles of security. Two prototype implementa- tions were suggested showing different possibilities to separate the two processes: The first one was to isolate 3PLs process before the application encapsulation, it means that we need to modify the compiler. The second was to intervene after the application installation by separating the permissions related to 3PLs from those used by the host application. Both solutions are challenging. The first keeps the application integrity, however it presents a licence problem since the compiler is an Oracle property. The second is not practical since separating per- missions is not sufficient while both 3PLs and the application run in the same process.
  • 10. 8 CONCLUSION In this paper, we have presented an analysis and classification for Android 3PLs and their threats. We have collected, studied and classified the most used 3PLs in android apps. This classification is provided in terms of their behaviour and usage. We have also identified and unveiled 3PLs-based threats attacking most android components. These results show the necessity of a novel approach to tackle 3PLs-based already existing malware and prevent from some of the possible attacks. We hope to build an efficient tool to separate 3PLs from the host application leveraging a novel solu- tion and countermeasure against threats discussed in this paper. 9 ACKNOWLEDGEMENT This work is part of Android Security project launched by High Performance Computing Lab. in Pohang University Of Science and Technology (POSTECH) in Pohang, South Korea in collabora- tion with ENSEIRB-MATMECA Graduate School of Engineering in Bordeaux, France. We would like to thank our shepherd in POSTECH, Pro- fessor Jong Kim and my adviser in ENSEIRB- MATMECA, Mme. Francine Krief for their sup- port and supervising. I would like to thank my mentor, Beumjin Cho, for his follow-up and thor- ough feedbacks on earlier drafts of this paper. References [1] Google, “Android Open Source Project.” [On- line]. Available: https://source.android.com/ [2] Advertising ID. [Online]. Available: https://developer.android.com/google/play- services/id.html,2014. [3] Android API Guides. [Online]. Available: https://developer.android.com/guide/ index.html,2014. [4] Android NDK. [Online]. Available: http://developer.android.com/tools/sdk/ndk/ index.html,2014. [5] AppBrain Statistics on Android Libraries: Third party libraries. [Online]. Available: http://www.appbrain.com/stats/libraries. [6] Google Play. [Online]. Available: https://play.google.com/store,2014. [7] AdMob: Mobile Advertising. [Online]. Avail- able: http://www.admob.com/. [8] Apache Coyote. 2011. Apache coyote – Open source Java platform. [Online]. Avail- able: http://tomcat.apache.org/tomcat-4.1- doc/config/coyote.html. [9] Joshua J. Drake, Zach Lanier, Collin Mulliner, Pau Oliva Fora, Stephen A. Ridley,Georg Wicherski. Android Hacker’s Handbook. Available in Amazon: http://www.amazon.fr/Android-Hackers- Handbook-Joshua-Drake/dp/111860864X [10] Nikolay Elenkov. Android Security Inter- nals: An In-Depth Guide to Android’s Security Architecture. Available in Ama- zon: http://www.amazon.fr/Android- Security-Internals-In-Depth- Architecture/dp/1593275811 [11] W. Enck, P. Gilbert, B. Chun, L. Cox, J. Jung, P. McDaniel, and A. Sheth. TaintDroid: An Information-flow Tracking System for Re- altime Privacy Monitoring on Smartphones. In Proc. OSDI, 2010. [12] S. Shekhar, M. Dietz, and D. Wallach. AdSplit: Separating Smartphone Advertising from Ap- plications. In Proc. USENIX Security, 2012. [13] P. Pearce, A. Felt, G. Nunez, and D. Wag- ner. AdDroid: Privilege Separation for Appli- cations and Advertisers in Android. In Proc. ACM ASIACCS, 2012. [14] Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., and Wallach, D. S. Quire: Lightweight Prove- nance for Smart Phone Operating Systems. In USENIX Security Symposium (SSYM) (2011). [15] S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A. Sadeghi. 2011. Xmandroid: A new an- droid evolution to mitigate privilege escalation
  • 11. attacks. Tech. rep. TR-2011-04, Center for Ad- vanced Security Research Darmstadt, Technis- che Universitat Darmstadt, Darmstadt, Ger- many. [16] Enck, W., Ongtang, M., and McDaniel, P. On lightweight mobile phone application certification. In Proc. of the ACM conference on Computer and Communications Security (2009). [17] S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry, “Towards Tam- ing Privilege-Escalation Attacks on Android,” in Proceedings of the 19th Annual Symposium on Network and Distributed System Security, 2012. [18] Zhang, X., Ahlawat, A., and Du, W. AFrame: Isolating Advertisements from Mobile Appli- cations in Android. In Proceedings of the 29th Annual Computer Security Applications Con- ference (ACSAC) (New Orleans, Louisiana, USA, December 9-13 2013). [19] B. Liu , B. Liu† , H. Jin„ R. Govindan. Effi- cient Privilege De-Escalation for Ad Libraries in Mobile Apps. In Proceedings of the 13th International Conference on Mobile Systems, Applications and services [20] H. Kawabata, T. Isohara, K. Takemori, A. Kubota, J. Kani, H. Agematsu, and M. Nishi- gaki, “Sanadbox: Sandboxing third party ad- vertising libraries in a mobile application,” in Communications (ICC), 2013 IEEE In- ternational Conference on. IEEE, 2013, pp. 2150–2154. [21] S. Poeplau, Y. Fratantonio, A. Bianchi, C. Kruegel, and G. Vigna, “Execute This! An- alyzing Unsafe and Malicious Dynamic Code Loading in Android Applications,” in Proceed- ings of the 20th Annual Network Distributed System Security Symposium (NDSS), 2014. [22] P. Colp, J. Zhang, J. Gleeson, S. Suneja, E. de Lara, H. Raj, S. Saroiu, and A. Wolman, “Protecting data on smartphones and tablets from memory attacks,” in Proceedings of the Twentieth International Conference on Archi- tectural Support for Programming Languages and Operating Systems, ASPLOS ’15, (New York, NY, USA), pp. 177– 189, ACM, 2015. [23] X. Zhou, S. Demetriou, D. He, M. Naveed, X. Pan, X. Wang, C. A. Gunter, and K. Nahrst- edt. Identity, location, disease and more: In- ferring your secrets from android public re- sources. In Proceedings of the 2013 ACM Con- ference on Computer and Communications Se- curity, CCS ’13, pages 1017–1028, New York, NY, USA, 2013. ACM.