SlideShare une entreprise Scribd logo

A case study of malware detection and removal in android apps

ijmnct
ijmnct

With the proliferation of smart phone users, android malware variants is increasing in terms of numbers and amount of new victim android apps. The traditional malware detection focuses on repackage, obfuscate and/or other transformable executable code from malicious apps. This paper presented a case study on existing android malware detection through a sequence of steps and well developed encoding SMS message. Our result has demonstrated a solid testify of our approach in the effectiveness of malware detection and removal.

Technologie
1  sur  6
Télécharger pour lire hors ligne
International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.2, April 2014 DOI : 10.5121/ijmnct.2014.4205 45 A CASE STUDY OF MALWARE DETECTION AND REMOVAL IN ANDROID APPS Wichien Choosilp and Yujian Fu Department of Electrical Engineering & Computer Science, Alabama A&M University, Normal AL, USA ABSTRACT With the proliferation of smart phone users, android malware variants is increasing in terms of numbers and amount of new victim android apps. The traditional malware detection focuses on repackage, obfuscate and/or other transformable executable code from malicious apps. This paper presented a case study on existing android malware detection through a sequence of steps and well developed encoding SMS message. Our result has demonstrated a solid testify of our approach in the effectiveness of malware detection and removal. KEYWORDS Malware detection, Wireless Network, Mobile Network, Virus, Worms & Trojan horse 1. INTRODUCTION Few people would disagree that the cell phone device has become an important part of everybody’s life today. Statistics data from LAObserver[1] shows that 91% of U.S. adults own cell phones and 56% own smart phones. Android OS is one of the most popular mobile platforms. In October 2012, there were approximately 1,000,000 apps available for Android, and the estimated number of applications downloaded from Google Play, Android's primary app store, was 50 billion as of September 2013. With the explosive growth of smart mobile devices market and usage, there are an increasing number of malicious mobile applications that are developed to target these devices and platforms. These malicious applications are called mobile malware. Nowadays, mobile malware have reached a new level of maturity. Threats targeting smart phones and tablets are beginning to pose meaningful challenges to users, enterprises, and service providers alike. The number of instances of just one family of malware can be in the thousands. The largest proportion of malware is targeting on the Android mainly due to the dominant market share of the Android platform and its open market policy. However, many of the smart phone and tablet users have, for the most part, not been aware of the risks of mobile malware, of which there are many. This module aims at introducing the working mechanisms of mobile malware and some defense methods that may be employed. To protect mobile users from the severe threats of Android malware, many different solutions have been proposed.
International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.2, April 2014 46 2. BACKGROUND Created by Google, Android is a most popular cell phone operating system for mobile devices including smartphones and tablets. It is available to all kinds of developers with various expertise levels, ranging from rookie to professional. Based on the Linux kernel Android can provide a middleware implementing subsystems such as telephony, window management, management of communication with and between applications, managing application lifecycle, and so on. On top of the kernel, Android provides all types of apps for users. Android applications are programmed primarily in Java though the programmers. Native programming are allowed via Java native interface. Different from Java compilation process[2] , instead of Java bytecode, Android outputs and runs Dalvik bytecode. In comparison to Java, all the compiled classes are generated and packed together into a single .dex file in Dalvik. An Android application is composed of four types of components, namely activities, services, broadcast receivers, and content providers. All these four components are defined as classes in the library. They are further declared in the AndroidManifest (a .xml file used for the web browser). The Android end user apps will directly or indirectly use these components and interact with the kernel through them. AndroidManifest is a manifest file defined as binary XML file, which declares the application package name. A package id is defined as a string and needs to be unique to an application. It also declares other things (such as application permissions) which are not so relevant to the present work. Android SDK (Software Development Kit)[3] includes a virtual mobile device emulator that allows android apps to run on the computer. The Android emulator mimics all of the hardware and software features except it cannot place actual phone calls. The most recent version of Android is known as “Jelly Bean”, which was released on July 2012. The new features of android is provided using Xamarin.Android. 3. SYSTEM ARCHITECTURE AND DESIGN We expect the proposed system consisting of following features: • An Android mobile device can subscript to any service provider and the provider will send a list of nearby registered devices. The mobile device is responsible of maintaining the list and decides how to communicate or interact with nearby devices. • An Android mobile device checks its environment such as operating system version, network type and IP address periodically and reports back to service provider. The service provider will perform necessary analysis on the data and accordingly make recommendations to the mobile device. • An Android mobile device updates its current location and sends information to service provider with user’s permission. The service provider keeps location history of each device for analysis purpose. • A rooted android device should be able to take more proactive actions than nonrooted devices. Some possible actions include but not limited to: snapshot network states; capture network packets; intrusion detection; malware removal; etc.
International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.2, April 2014 47 Out project aims at to implement a system that carries the above features. Our design model will include three classes – WC_SMS_Activity, WC_SMS_Display_Activity, and WC_SMS_BroadCast_Receiver. The first two classes are inherited from Activity class. Each class is defined in Figure 1. The system architecture developed in UML class diagram is shown in Figure 2. WC_SMS_BroadCast_Receiver +onReceive(context.Context, intent.Intent) : void Figure 1. Class definition in UML model. 4. SYSTEM IMPLEMENTATION To implement android system, either emulator on the computer or android device can be used as platform. The system environment is set up by several kits including JDK, Eclipse, SDK, and ADT bundle. They are simply explained in the following. • JDK - Java Development Kit[4] is a program development environment for writing Java applets and applications. It consists of a runtime environment that "sits on top" of the operating system layer as well as the tools and programming that developers need to compile, debug, and run applets and applications written in the Java language. • Eclipse SDK[5] - In computer programming, Eclipse is multi-language Integrated development environment (IDE) comprising a base workspace and an extensible plug-in system for customizing the environment. It is written mostly in Java. It can be used to WC_SMS_Activity ~recNum : EditText ~secretKey : EditText ~msgContent : EditText ~send : Button ~cancel : Button +onCreate(savedInstanceState : Bundle) : void +sendMessage(recNumString : String, encryptedMsg : String) : void + convertByeToHex(b : byte []) : String +encryptMessage(secretKeyString : String, msgContentString : String) : byte [] +generateSecretKey(secretKeyString : String) : Key WC_SMS_Display_Activity ~secretKey : EditText ~encryptedMsg : TextView ~decryptedMsg : TextView ~submit : Button ~cancel : Button ~originNum : String = "" ~msgContent : String = "" +onCreate(savedInstanceState : Bundle) : void +convertHexToByte(b : byte []) : byte [] +decryptMessage(secretKeyString : String, encryptedMsg : byte []) : byte [] +generateSecretkey(secretkeyString : String) : Key Activity WC_SMS_Activity WC_SMS_Display_Activity WC_SMS_BroadCast_Receiver Figure 2. System architecture denoted in class diagram.
International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.2, April 2014 48 develop applications in Java and, by means of various plug-in, other programming languages including Ada, C, C++, COBOL, Fortran, Haskell, JavaScript, Lasso, Perl, PHP, Python, R, Ruby (including Ruby on Rails framework), Scala, Clojure, Groovy, Schema, and Erlang. It can also be used to develop packages for the software Mathematica. Development environments include the Eclipse Java development tool (JDT) for Java and Scala, Eclipse CDT for C/C++ and Eclipse PDT for PHP, among others. • Android SDK - A software development kit[3] that enables developers to create applications for the Android Platform. The Android SDK includes sample projects with source code, development tools, and emulator, and required libraries to build Android applications. Applications are written using the Java programming language and run on Dalvik, a customized virtual machine designed for embedded use which runs on top of a Linux kernel. • Android Development Tools (ADT) - A plug-in for the Eclipse IDE that is designed to give a powerful, integrated environment in which to build Android applications. ADT extends the capabilities of Eclipse to allow for quick set up of new Android projects, to create an application UI, to add packages based on the Android Framework API, to debug your applications using the Android SDK tools, and even to export signed (or unsigned) .apk files in order to distribute your application. Unlike other programming paradigms in which apps are launched with a main() method, the Android system initiates code in an Activity instance by invoking specific callback methods that correspond to specific stages of its lifecycle. There is a sequence of callback methods that start up an activity and a sequence of callback methods that tear down an activity. WC_SMS_Display_Activity.java file contains four important methods: • onCreate(Bundle savedInstanceState) - to set up the UI variables. • convertByteToHex(byte[] b) - get the length of characters and convert to the string. • decryptMessage(String secretKeyString, byte[] encryptedMsg) - to decrypt the text message from the user input. • generateSecretKey(String secretKeyString) - to generate the 16-Character Secret Key. WC_SMS_Activity.java file contains four important methods: • onCreate(Bundle savedInstanceState) - to set up an UI variables. • sendMessage(String recNumString, String encryptedMsg) - to send the text message. • convertByteToHex(byte[] b) – to get the length of characters and convert to the string. • encryptMessage(String secretKeyString, String msgContentString) - to encrypt the text message. • generateSecretKey(String secretKeyString) - to generate the 16-Character Secret Key. One of the most powerful spying tools is Intercepter-NG[6] . It is a free application with unrestricted functionality and is virtually universal: works on Windows, Linux, Mac OSX, iPhone and Android. It is a multifunctional network toolkit for various types of IT specialists[7] :. It has
International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.2, April 2014 49 functionality of several famous separate tools and more over offers a good unique alternative of ireshark for Android. The main features are: • Sniffing passwordshashes of the types: ICQIRCAIMFTPIMAPPOP3SMTPLDAPBNCSOCKSHTTPWWWNNTPCVS TELNETMRADC++VNCMYSQLORACLENTLMKRB5RADIUS • Sniffing chat messages of: ICQAIMJABBERYAHOOMSNIRCMRA • Reconstructing files from: HTTPFTPIMAPPOP3SMTPSMB • Promiscuous-modeARPDHCPGatewayPortSmart Scanning • Capturing packets and post-capture (offline) analyzingRAW Mode After connected to the AAMU WiFi using Intercepter-NG, we can run the scan command to see all the devices with IP addresses that are connecting to AAMU WIFI. Result is shown in Figure 3, where a list of AAMU WiFi address was recognized and displayed to the screen. Figure 3. List of IP address found on AAMU WiFi. After that, the application is starting to collecting packets that is sending and receiving through this WIFI. In most case, this application can collect the information like user name and password. 5. CONCLUSIONS AND FUTURE WORKS This case study aims at implementing the android malware detection and removal in Android apps. This is the first time android security application at Alabama A&M University. It is successfully implemented for all of the preliminary steps to this project and the project came together in phases. First, we demonstrated the detecting and removing of malware using Advanced Mobile Care Application. In addition, the process of sending and receiving text messages between two devices with encryption and decryption was completed. Finally, we successfully connected to AAMU Wi-Fi and collected information from the devices that connect to that network, through using the Wi-Fi packet snooping application Intercepter-NG. The future work will be the successful implementation of all the various components of the project and the observation of their operation.
International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.2, April 2014 50 ACKNOWLEDGEMENTS We would like to thank for Lockheed Martin and the Dean’s office for the support of this project. This project is also partially supported by NSF subaward DUE-1202690 and NSF grant DUE- 1225654. We would like to thanks for all valuable reviews. REFERENCES [1] Lacter, M. (June 2013). Stunning stat: 91% of U.S. adults own cell phones. LA Observed. Available from: http://www.laobserved.com/biz/2013/06/stunning_stat_91_of.php. [2] Shama, R. Developing for Android – Introduction. Available from: http://www.cprogramming.com/android/android_getting_started.html. CPprogramming. [3] Android SDK Developer. Available from: https://developer.android.com/sdk/index.html. [4] Java SE downloads. Oracle. Available from: http://www.oracle.com/technetwork/java/javase/downloads/index.html [5] Eclipse project. Available from: http://www.eclipse.org/downloads/ [6] Intercepter-NG. Available from: http://intercepter.nerf.ru/ [7] XDA Developes Forum. Available from: http://forum.xda- developers.com/showthread.php?p=35159281 [8] InfoSec Institute. Available from: http://resources.infosecinstitute.com/backtrack-5-part-1/ [9] Broida, R. (2013) How to easily root an Android device. Mobile World Congress. C.Net. Available from: http://howto.cnet.com/8301-11310_39-57608195-285/how-to-easily-root-an-android-device/ Authors Short Biography Wichien Choosilp is a graduate student at the department of Computer Science at Alabama A&M University. His research focuses on the Android malware detection, analysis and removal. Yujian Fu is an associate professor at the department of Computer Science at Alabama A&M University. Her research focuses on the embedded and real time system design, cyber physical system, programming language, formal methods.

Recommandé

Version based software watermark
Version based software watermarkVersion based software watermark
Version based software watermarkeSAT Publishing House
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksIAEME Publication
 
Srand011 personal addressbook
Srand011 personal addressbookSrand011 personal addressbook
Srand011 personal addressbookAndroidproject
 
Tech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidTech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidFraunhofer AISEC
 
Evolution of Android Operating System and it’s Versions
Evolution of Android Operating System and it’s VersionsEvolution of Android Operating System and it’s Versions
Evolution of Android Operating System and it’s Versionsijtsrd
 
Android Introduction by Kajal
Android Introduction by KajalAndroid Introduction by Kajal
Android Introduction by KajalKajal Kucheriya Jain
 
Android os
Android osAndroid os
Android osUma Shanker Gupta
 
Consumer Electronics
Consumer ElectronicsConsumer Electronics
Consumer ElectronicsGirishBasole
 

Recommandé

Version based software watermark
Version based software watermarkVersion based software watermark
Version based software watermarkeSAT Publishing House
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksIAEME Publication
 
Srand011 personal addressbook
Srand011 personal addressbookSrand011 personal addressbook
Srand011 personal addressbookAndroidproject
 
Tech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidTech Report: On the Effectiveness of Malware Protection on Android
Tech Report: On the Effectiveness of Malware Protection on AndroidFraunhofer AISEC
 
Evolution of Android Operating System and it’s Versions
Evolution of Android Operating System and it’s VersionsEvolution of Android Operating System and it’s Versions
Evolution of Android Operating System and it’s Versionsijtsrd
 
Android Introduction by Kajal
Android Introduction by KajalAndroid Introduction by Kajal
Android Introduction by KajalKajal Kucheriya Jain
 
Android os
Android osAndroid os
Android osUma Shanker Gupta
 
Consumer Electronics
Consumer ElectronicsConsumer Electronics
Consumer ElectronicsGirishBasole
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions www.ijeijournal.com
 
Android summer training report
Android summer training reportAndroid summer training report
Android summer training reportShashendra Singh
 
All about android
All about androidAll about android
All about androidInimitable Harish
 
Android
AndroidAndroid
AndroidDr. Ramkumar Lakshminarayanan
 
A Review Paper on Cross Platform Mobile Application Development IDE
A Review Paper on Cross Platform Mobile Application Development IDEA Review Paper on Cross Platform Mobile Application Development IDE
A Review Paper on Cross Platform Mobile Application Development IDEIOSR Journals
 
Dr.mobi. “a medical suggestor in your hand”
Dr.mobi. “a medical suggestor in your hand”Dr.mobi. “a medical suggestor in your hand”
Dr.mobi. “a medical suggestor in your hand”eSAT Publishing House
 
Android development tutorial
Android development tutorialAndroid development tutorial
Android development tutorialVibrant Technologies & Computers
 
Android Report
Android ReportAndroid Report
Android ReportGanesh Waghmare
 
Garbage Management using Android Smartphone
Garbage Management using Android SmartphoneGarbage Management using Android Smartphone
Garbage Management using Android Smartphoneijsrd.com
 
12
1212
12Narender Singh
 
IRJET - Android based Mobile Forensic and Comparison using Various Tools
IRJET - Android based Mobile Forensic and Comparison using Various ToolsIRJET - Android based Mobile Forensic and Comparison using Various Tools
IRJET - Android based Mobile Forensic and Comparison using Various ToolsIRJET Journal
 
Android Synopsis
Android SynopsisAndroid Synopsis
Android SynopsisNiraj Rahi
 
COVERT app
COVERT appCOVERT app
COVERT appitba9
 
Mobile Android and Network
Mobile Android and NetworkMobile Android and Network
Mobile Android and NetworkPadma Sankar
 
Android application development
Android application developmentAndroid application development
Android application developmentSteve Smith
 
Android report
Android reportAndroid report
Android reportblogger at indiandswad
 
An brief introduction to android operating system
An brief introduction to android operating systemAn brief introduction to android operating system
An brief introduction to android operating systemAlexander Decker
 
Android : Revolutionizing Mobile Devices
Android : Revolutionizing Mobile DevicesAndroid : Revolutionizing Mobile Devices
Android : Revolutionizing Mobile DevicesRitesh Puthran
 
Android Application Development
Android Application DevelopmentAndroid Application Development
Android Application DevelopmentGokhan Arik
 
Mobile security mobile malware countermeasure academic csirt
Mobile security mobile malware countermeasure academic csirtMobile security mobile malware countermeasure academic csirt
Mobile security mobile malware countermeasure academic csirtIGN MANTRA
 
Smartphones
SmartphonesSmartphones
SmartphonesEnigma
 
Introduction to Android
Introduction to Android Introduction to Android
Introduction to Android Suraj Ligade
 

Contenu connexe

Tendances

Android summer training report
Android summer training reportAndroid summer training report
Android summer training reportShashendra Singh
 
A Review Paper on Cross Platform Mobile Application Development IDE
A Review Paper on Cross Platform Mobile Application Development IDEA Review Paper on Cross Platform Mobile Application Development IDE
A Review Paper on Cross Platform Mobile Application Development IDEIOSR Journals
 
Dr.mobi. “a medical suggestor in your hand”
Dr.mobi. “a medical suggestor in your hand”Dr.mobi. “a medical suggestor in your hand”
Dr.mobi. “a medical suggestor in your hand”eSAT Publishing House
 
Garbage Management using Android Smartphone
Garbage Management using Android SmartphoneGarbage Management using Android Smartphone
Garbage Management using Android Smartphoneijsrd.com
 
IRJET - Android based Mobile Forensic and Comparison using Various Tools
IRJET - Android based Mobile Forensic and Comparison using Various ToolsIRJET - Android based Mobile Forensic and Comparison using Various Tools
IRJET - Android based Mobile Forensic and Comparison using Various ToolsIRJET Journal
 
Android Synopsis
Android SynopsisAndroid Synopsis
Android SynopsisNiraj Rahi
 
COVERT app
COVERT appCOVERT app
COVERT appitba9
 
Mobile Android and Network
Mobile Android and NetworkMobile Android and Network
Mobile Android and NetworkPadma Sankar
 
Android application development
Android application developmentAndroid application development
Android application developmentSteve Smith
 
An brief introduction to android operating system
An brief introduction to android operating systemAn brief introduction to android operating system
An brief introduction to android operating systemAlexander Decker
 
Android : Revolutionizing Mobile Devices
Android : Revolutionizing Mobile DevicesAndroid : Revolutionizing Mobile Devices
Android : Revolutionizing Mobile DevicesRitesh Puthran
 
Android Application Development
Android Application DevelopmentAndroid Application Development
Android Application DevelopmentGokhan Arik
 

Tendances (19)

International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
Android summer training report
Android summer training reportAndroid summer training report
Android summer training report
 
All about android
All about androidAll about android
All about android
 
Android
AndroidAndroid
Android
 
A Review Paper on Cross Platform Mobile Application Development IDE
A Review Paper on Cross Platform Mobile Application Development IDEA Review Paper on Cross Platform Mobile Application Development IDE
A Review Paper on Cross Platform Mobile Application Development IDE
 
Dr.mobi. “a medical suggestor in your hand”
Dr.mobi. “a medical suggestor in your hand”Dr.mobi. “a medical suggestor in your hand”
Dr.mobi. “a medical suggestor in your hand”
 
Android development tutorial
Android development tutorialAndroid development tutorial
Android development tutorial
 
Android Report
Android ReportAndroid Report
Android Report
 
Garbage Management using Android Smartphone
Garbage Management using Android SmartphoneGarbage Management using Android Smartphone
Garbage Management using Android Smartphone
 
12
1212
12
 
IRJET - Android based Mobile Forensic and Comparison using Various Tools
IRJET - Android based Mobile Forensic and Comparison using Various ToolsIRJET - Android based Mobile Forensic and Comparison using Various Tools
IRJET - Android based Mobile Forensic and Comparison using Various Tools
 
Android Synopsis
Android SynopsisAndroid Synopsis
Android Synopsis
 
COVERT app
COVERT appCOVERT app
COVERT app
 
Mobile Android and Network
Mobile Android and NetworkMobile Android and Network
Mobile Android and Network
 
Android application development
Android application developmentAndroid application development
Android application development
 
Android report
Android reportAndroid report
Android report
 
An brief introduction to android operating system
An brief introduction to android operating systemAn brief introduction to android operating system
An brief introduction to android operating system
 
Android : Revolutionizing Mobile Devices
Android : Revolutionizing Mobile DevicesAndroid : Revolutionizing Mobile Devices
Android : Revolutionizing Mobile Devices
 
Android Application Development
Android Application DevelopmentAndroid Application Development
Android Application Development
 

En vedette

Mobile security mobile malware countermeasure academic csirt
Mobile security mobile malware countermeasure academic csirtMobile security mobile malware countermeasure academic csirt
Mobile security mobile malware countermeasure academic csirtIGN MANTRA
 
Smartphones
SmartphonesSmartphones
SmartphonesEnigma
 
Introduction to Android
Introduction to Android Introduction to Android
Introduction to Android Suraj Ligade
 
A MACHINE LEARNING APPROACH TO ANOMALY-BASED DETECTION ON ANDROID PLATFORMS
A MACHINE LEARNING APPROACH TO ANOMALY-BASED DETECTION ON ANDROID PLATFORMSA MACHINE LEARNING APPROACH TO ANOMALY-BASED DETECTION ON ANDROID PLATFORMS
A MACHINE LEARNING APPROACH TO ANOMALY-BASED DETECTION ON ANDROID PLATFORMSIJNSA Journal
 
Smartphone security
Smartphone securitySmartphone security
Smartphone securityMuthu Kumar
 
Webinar acciones bankia rankia 14 de enero 2014
Webinar acciones bankia rankia 14 de enero 2014Webinar acciones bankia rankia 14 de enero 2014
Webinar acciones bankia rankia 14 de enero 2014Burguera Abogados
 
Gestión de Auditorías de Seguridad
Gestión de Auditorías de SeguridadGestión de Auditorías de Seguridad
Gestión de Auditorías de SeguridadConferencias FIST
 
Android Malware Analysis
Android Malware AnalysisAndroid Malware Analysis
Android Malware AnalysisJongWon Kim
 
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and ArtifactsTrends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and ArtifactsCellebrite
 
Semana del 18 al 22 de abril
Semana del 18 al 22 de abrilSemana del 18 al 22 de abril
Semana del 18 al 22 de abrilyureny1995
 
La crisis de bankia exposicion
La crisis de bankia exposicionLa crisis de bankia exposicion
La crisis de bankia exposicionsergioarlandis
 
Mobile malware analysis with the a.r.e. vm
Mobile malware analysis with the a.r.e. vmMobile malware analysis with the a.r.e. vm
Mobile malware analysis with the a.r.e. vmJimmy Shah
 
AIOP AllinOneProfits Italia
AIOP AllinOneProfits Italia AIOP AllinOneProfits Italia
AIOP AllinOneProfits Italia Mauro Lorini
 
Suplantación de identidad
Suplantación de identidadSuplantación de identidad
Suplantación de identidadSusana Vega
 
Gestión de la reputación online de la banca a través de las redes sociales du...
Gestión de la reputación online de la banca a través de las redes sociales du...Gestión de la reputación online de la banca a través de las redes sociales du...
Gestión de la reputación online de la banca a través de las redes sociales du...Laura Pascual Cantabrana
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeMário Almeida
 
Guía de-privacidad-de-facebook
Guía de-privacidad-de-facebookGuía de-privacidad-de-facebook
Guía de-privacidad-de-facebookarleto
 
De Los Delitos Contra la Privacidad de las Personas y de las Comunicaciones
De Los Delitos Contra la Privacidad de las Personas y de las ComunicacionesDe Los Delitos Contra la Privacidad de las Personas y de las Comunicaciones
De Los Delitos Contra la Privacidad de las Personas y de las ComunicacionesEspacio Público
 

En vedette (20)

Mobile security mobile malware countermeasure academic csirt
Mobile security mobile malware countermeasure academic csirtMobile security mobile malware countermeasure academic csirt
Mobile security mobile malware countermeasure academic csirt
 
Smartphones
SmartphonesSmartphones
Smartphones
 
Introduction to Android
Introduction to Android Introduction to Android
Introduction to Android
 
A MACHINE LEARNING APPROACH TO ANOMALY-BASED DETECTION ON ANDROID PLATFORMS
A MACHINE LEARNING APPROACH TO ANOMALY-BASED DETECTION ON ANDROID PLATFORMSA MACHINE LEARNING APPROACH TO ANOMALY-BASED DETECTION ON ANDROID PLATFORMS
A MACHINE LEARNING APPROACH TO ANOMALY-BASED DETECTION ON ANDROID PLATFORMS
 
Smartphone security
Smartphone securitySmartphone security
Smartphone security
 
Webinar acciones bankia rankia 14 de enero 2014
Webinar acciones bankia rankia 14 de enero 2014Webinar acciones bankia rankia 14 de enero 2014
Webinar acciones bankia rankia 14 de enero 2014
 
Gestión de Auditorías de Seguridad
Gestión de Auditorías de SeguridadGestión de Auditorías de Seguridad
Gestión de Auditorías de Seguridad
 
Android Malware Analysis
Android Malware AnalysisAndroid Malware Analysis
Android Malware Analysis
 
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and ArtifactsTrends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
 
Semana del 18 al 22 de abril
Semana del 18 al 22 de abrilSemana del 18 al 22 de abril
Semana del 18 al 22 de abril
 
La crisis de bankia exposicion
La crisis de bankia exposicionLa crisis de bankia exposicion
La crisis de bankia exposicion
 
Mobile malware analysis with the a.r.e. vm
Mobile malware analysis with the a.r.e. vmMobile malware analysis with the a.r.e. vm
Mobile malware analysis with the a.r.e. vm
 
Test de intrusion
Test de intrusionTest de intrusion
Test de intrusion
 
AIOP AllinOneProfits Italia
AIOP AllinOneProfits Italia AIOP AllinOneProfits Italia
AIOP AllinOneProfits Italia
 
Tipos de virus
Tipos de virusTipos de virus
Tipos de virus
 
Suplantación de identidad
Suplantación de identidadSuplantación de identidad
Suplantación de identidad
 
Gestión de la reputación online de la banca a través de las redes sociales du...
Gestión de la reputación online de la banca a través de las redes sociales du...Gestión de la reputación online de la banca a través de las redes sociales du...
Gestión de la reputación online de la banca a través de las redes sociales du...
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skype
 
Guía de-privacidad-de-facebook
Guía de-privacidad-de-facebookGuía de-privacidad-de-facebook
Guía de-privacidad-de-facebook
 
De Los Delitos Contra la Privacidad de las Personas y de las Comunicaciones
De Los Delitos Contra la Privacidad de las Personas y de las ComunicacionesDe Los Delitos Contra la Privacidad de las Personas y de las Comunicaciones
De Los Delitos Contra la Privacidad de las Personas y de las Comunicaciones
 

Similaire à A case study of malware detection and removal in android apps

Mobile Application Development-Lecture 03 & 04.pdf
Mobile Application Development-Lecture 03 & 04.pdfMobile Application Development-Lecture 03 & 04.pdf
Mobile Application Development-Lecture 03 & 04.pdfAbdullahMunir32
 
Android technology
Android technologyAndroid technology
Android technologyDhruv Modh
 
Google android white paper
Google android white paperGoogle android white paper
Google android white paperSravan Reddy
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesIOSR Journals
 
Unit 1-android-and-its-tools-ass
Unit 1-android-and-its-tools-assUnit 1-android-and-its-tools-ass
Unit 1-android-and-its-tools-assARVIND SARDAR
 
Android interview questions and answers
Android interview questions and answersAndroid interview questions and answers
Android interview questions and answerskavinilavuG
 
Phonebook Directory or Address Book In Android
Phonebook Directory or Address Book In AndroidPhonebook Directory or Address Book In Android
Phonebook Directory or Address Book In AndroidABHISHEK DINKAR
 
Outstanding Improvement Award Outstanding Improvement Award
Outstanding Improvement Award Outstanding Improvement AwardOutstanding Improvement Award Outstanding Improvement Award
Outstanding Improvement Award Outstanding Improvement Awardpravinmali2191
 
Mobile application security
Mobile application securityMobile application security
Mobile application securityShubhneet Goel
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityIshan Girdhar
 
Android 1-intro n architecture
Android 1-intro n architectureAndroid 1-intro n architecture
Android 1-intro n architectureDilip Singh
 
B041130610
B041130610B041130610
B041130610IOSR-JEN
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
Accident detection
Accident detection Accident detection
Accident detection Samana Rao
 

Similaire à A case study of malware detection and removal in android apps (20)

Mobile Application Development-Lecture 03 & 04.pdf
Mobile Application Development-Lecture 03 & 04.pdfMobile Application Development-Lecture 03 & 04.pdf
Mobile Application Development-Lecture 03 & 04.pdf
 
Android technology
Android technologyAndroid technology
Android technology
 
Google android white paper
Google android white paperGoogle android white paper
Google android white paper
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android Smartphones
 
Unit 1-android-and-its-tools-ass
Unit 1-android-and-its-tools-assUnit 1-android-and-its-tools-ass
Unit 1-android-and-its-tools-ass
 
Android
AndroidAndroid
Android
 
Android security
Android securityAndroid security
Android security
 
Android security
Android securityAndroid security
Android security
 
Android interview questions and answers
Android interview questions and answersAndroid interview questions and answers
Android interview questions and answers
 
Phonebook Directory or Address Book In Android
Phonebook Directory or Address Book In AndroidPhonebook Directory or Address Book In Android
Phonebook Directory or Address Book In Android
 
Outstanding Improvement Award Outstanding Improvement Award
Outstanding Improvement Award Outstanding Improvement AwardOutstanding Improvement Award Outstanding Improvement Award
Outstanding Improvement Award Outstanding Improvement Award
 
Android Operating system
Android Operating systemAndroid Operating system
Android Operating system
 
Mobile application security
Mobile application securityMobile application security
Mobile application security
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
Android 1-intro n architecture
Android 1-intro n architectureAndroid 1-intro n architecture
Android 1-intro n architecture
 
Cc4201519521
Cc4201519521Cc4201519521
Cc4201519521
 
B041130610
B041130610B041130610
B041130610
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
 
PPT Companion to Android
PPT Companion to AndroidPPT Companion to Android
PPT Companion to Android
 
Accident detection
Accident detection Accident detection
Accident detection
 

Dernier

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Dernier (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

A case study of malware detection and removal in android apps

  • 1. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.2, April 2014 DOI : 10.5121/ijmnct.2014.4205 45 A CASE STUDY OF MALWARE DETECTION AND REMOVAL IN ANDROID APPS Wichien Choosilp and Yujian Fu Department of Electrical Engineering & Computer Science, Alabama A&M University, Normal AL, USA ABSTRACT With the proliferation of smart phone users, android malware variants is increasing in terms of numbers and amount of new victim android apps. The traditional malware detection focuses on repackage, obfuscate and/or other transformable executable code from malicious apps. This paper presented a case study on existing android malware detection through a sequence of steps and well developed encoding SMS message. Our result has demonstrated a solid testify of our approach in the effectiveness of malware detection and removal. KEYWORDS Malware detection, Wireless Network, Mobile Network, Virus, Worms & Trojan horse 1. INTRODUCTION Few people would disagree that the cell phone device has become an important part of everybody’s life today. Statistics data from LAObserver[1] shows that 91% of U.S. adults own cell phones and 56% own smart phones. Android OS is one of the most popular mobile platforms. In October 2012, there were approximately 1,000,000 apps available for Android, and the estimated number of applications downloaded from Google Play, Android's primary app store, was 50 billion as of September 2013. With the explosive growth of smart mobile devices market and usage, there are an increasing number of malicious mobile applications that are developed to target these devices and platforms. These malicious applications are called mobile malware. Nowadays, mobile malware have reached a new level of maturity. Threats targeting smart phones and tablets are beginning to pose meaningful challenges to users, enterprises, and service providers alike. The number of instances of just one family of malware can be in the thousands. The largest proportion of malware is targeting on the Android mainly due to the dominant market share of the Android platform and its open market policy. However, many of the smart phone and tablet users have, for the most part, not been aware of the risks of mobile malware, of which there are many. This module aims at introducing the working mechanisms of mobile malware and some defense methods that may be employed. To protect mobile users from the severe threats of Android malware, many different solutions have been proposed.
  • 2. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.2, April 2014 46 2. BACKGROUND Created by Google, Android is a most popular cell phone operating system for mobile devices including smartphones and tablets. It is available to all kinds of developers with various expertise levels, ranging from rookie to professional. Based on the Linux kernel Android can provide a middleware implementing subsystems such as telephony, window management, management of communication with and between applications, managing application lifecycle, and so on. On top of the kernel, Android provides all types of apps for users. Android applications are programmed primarily in Java though the programmers. Native programming are allowed via Java native interface. Different from Java compilation process[2] , instead of Java bytecode, Android outputs and runs Dalvik bytecode. In comparison to Java, all the compiled classes are generated and packed together into a single .dex file in Dalvik. An Android application is composed of four types of components, namely activities, services, broadcast receivers, and content providers. All these four components are defined as classes in the library. They are further declared in the AndroidManifest (a .xml file used for the web browser). The Android end user apps will directly or indirectly use these components and interact with the kernel through them. AndroidManifest is a manifest file defined as binary XML file, which declares the application package name. A package id is defined as a string and needs to be unique to an application. It also declares other things (such as application permissions) which are not so relevant to the present work. Android SDK (Software Development Kit)[3] includes a virtual mobile device emulator that allows android apps to run on the computer. The Android emulator mimics all of the hardware and software features except it cannot place actual phone calls. The most recent version of Android is known as “Jelly Bean”, which was released on July 2012. The new features of android is provided using Xamarin.Android. 3. SYSTEM ARCHITECTURE AND DESIGN We expect the proposed system consisting of following features: • An Android mobile device can subscript to any service provider and the provider will send a list of nearby registered devices. The mobile device is responsible of maintaining the list and decides how to communicate or interact with nearby devices. • An Android mobile device checks its environment such as operating system version, network type and IP address periodically and reports back to service provider. The service provider will perform necessary analysis on the data and accordingly make recommendations to the mobile device. • An Android mobile device updates its current location and sends information to service provider with user’s permission. The service provider keeps location history of each device for analysis purpose. • A rooted android device should be able to take more proactive actions than nonrooted devices. Some possible actions include but not limited to: snapshot network states; capture network packets; intrusion detection; malware removal; etc.
  • 3. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.2, April 2014 47 Out project aims at to implement a system that carries the above features. Our design model will include three classes – WC_SMS_Activity, WC_SMS_Display_Activity, and WC_SMS_BroadCast_Receiver. The first two classes are inherited from Activity class. Each class is defined in Figure 1. The system architecture developed in UML class diagram is shown in Figure 2. WC_SMS_BroadCast_Receiver +onReceive(context.Context, intent.Intent) : void Figure 1. Class definition in UML model. 4. SYSTEM IMPLEMENTATION To implement android system, either emulator on the computer or android device can be used as platform. The system environment is set up by several kits including JDK, Eclipse, SDK, and ADT bundle. They are simply explained in the following. • JDK - Java Development Kit[4] is a program development environment for writing Java applets and applications. It consists of a runtime environment that "sits on top" of the operating system layer as well as the tools and programming that developers need to compile, debug, and run applets and applications written in the Java language. • Eclipse SDK[5] - In computer programming, Eclipse is multi-language Integrated development environment (IDE) comprising a base workspace and an extensible plug-in system for customizing the environment. It is written mostly in Java. It can be used to WC_SMS_Activity ~recNum : EditText ~secretKey : EditText ~msgContent : EditText ~send : Button ~cancel : Button +onCreate(savedInstanceState : Bundle) : void +sendMessage(recNumString : String, encryptedMsg : String) : void + convertByeToHex(b : byte []) : String +encryptMessage(secretKeyString : String, msgContentString : String) : byte [] +generateSecretKey(secretKeyString : String) : Key WC_SMS_Display_Activity ~secretKey : EditText ~encryptedMsg : TextView ~decryptedMsg : TextView ~submit : Button ~cancel : Button ~originNum : String = "" ~msgContent : String = "" +onCreate(savedInstanceState : Bundle) : void +convertHexToByte(b : byte []) : byte [] +decryptMessage(secretKeyString : String, encryptedMsg : byte []) : byte [] +generateSecretkey(secretkeyString : String) : Key Activity WC_SMS_Activity WC_SMS_Display_Activity WC_SMS_BroadCast_Receiver Figure 2. System architecture denoted in class diagram.
  • 4. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.2, April 2014 48 develop applications in Java and, by means of various plug-in, other programming languages including Ada, C, C++, COBOL, Fortran, Haskell, JavaScript, Lasso, Perl, PHP, Python, R, Ruby (including Ruby on Rails framework), Scala, Clojure, Groovy, Schema, and Erlang. It can also be used to develop packages for the software Mathematica. Development environments include the Eclipse Java development tool (JDT) for Java and Scala, Eclipse CDT for C/C++ and Eclipse PDT for PHP, among others. • Android SDK - A software development kit[3] that enables developers to create applications for the Android Platform. The Android SDK includes sample projects with source code, development tools, and emulator, and required libraries to build Android applications. Applications are written using the Java programming language and run on Dalvik, a customized virtual machine designed for embedded use which runs on top of a Linux kernel. • Android Development Tools (ADT) - A plug-in for the Eclipse IDE that is designed to give a powerful, integrated environment in which to build Android applications. ADT extends the capabilities of Eclipse to allow for quick set up of new Android projects, to create an application UI, to add packages based on the Android Framework API, to debug your applications using the Android SDK tools, and even to export signed (or unsigned) .apk files in order to distribute your application. Unlike other programming paradigms in which apps are launched with a main() method, the Android system initiates code in an Activity instance by invoking specific callback methods that correspond to specific stages of its lifecycle. There is a sequence of callback methods that start up an activity and a sequence of callback methods that tear down an activity. WC_SMS_Display_Activity.java file contains four important methods: • onCreate(Bundle savedInstanceState) - to set up the UI variables. • convertByteToHex(byte[] b) - get the length of characters and convert to the string. • decryptMessage(String secretKeyString, byte[] encryptedMsg) - to decrypt the text message from the user input. • generateSecretKey(String secretKeyString) - to generate the 16-Character Secret Key. WC_SMS_Activity.java file contains four important methods: • onCreate(Bundle savedInstanceState) - to set up an UI variables. • sendMessage(String recNumString, String encryptedMsg) - to send the text message. • convertByteToHex(byte[] b) – to get the length of characters and convert to the string. • encryptMessage(String secretKeyString, String msgContentString) - to encrypt the text message. • generateSecretKey(String secretKeyString) - to generate the 16-Character Secret Key. One of the most powerful spying tools is Intercepter-NG[6] . It is a free application with unrestricted functionality and is virtually universal: works on Windows, Linux, Mac OSX, iPhone and Android. It is a multifunctional network toolkit for various types of IT specialists[7] :. It has
  • 5. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.2, April 2014 49 functionality of several famous separate tools and more over offers a good unique alternative of ireshark for Android. The main features are: • Sniffing passwordshashes of the types: ICQIRCAIMFTPIMAPPOP3SMTPLDAPBNCSOCKSHTTPWWWNNTPCVS TELNETMRADC++VNCMYSQLORACLENTLMKRB5RADIUS • Sniffing chat messages of: ICQAIMJABBERYAHOOMSNIRCMRA • Reconstructing files from: HTTPFTPIMAPPOP3SMTPSMB • Promiscuous-modeARPDHCPGatewayPortSmart Scanning • Capturing packets and post-capture (offline) analyzingRAW Mode After connected to the AAMU WiFi using Intercepter-NG, we can run the scan command to see all the devices with IP addresses that are connecting to AAMU WIFI. Result is shown in Figure 3, where a list of AAMU WiFi address was recognized and displayed to the screen. Figure 3. List of IP address found on AAMU WiFi. After that, the application is starting to collecting packets that is sending and receiving through this WIFI. In most case, this application can collect the information like user name and password. 5. CONCLUSIONS AND FUTURE WORKS This case study aims at implementing the android malware detection and removal in Android apps. This is the first time android security application at Alabama A&M University. It is successfully implemented for all of the preliminary steps to this project and the project came together in phases. First, we demonstrated the detecting and removing of malware using Advanced Mobile Care Application. In addition, the process of sending and receiving text messages between two devices with encryption and decryption was completed. Finally, we successfully connected to AAMU Wi-Fi and collected information from the devices that connect to that network, through using the Wi-Fi packet snooping application Intercepter-NG. The future work will be the successful implementation of all the various components of the project and the observation of their operation.
  • 6. International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.2, April 2014 50 ACKNOWLEDGEMENTS We would like to thank for Lockheed Martin and the Dean’s office for the support of this project. This project is also partially supported by NSF subaward DUE-1202690 and NSF grant DUE- 1225654. We would like to thanks for all valuable reviews. REFERENCES [1] Lacter, M. (June 2013). Stunning stat: 91% of U.S. adults own cell phones. LA Observed. Available from: http://www.laobserved.com/biz/2013/06/stunning_stat_91_of.php. [2] Shama, R. Developing for Android – Introduction. Available from: http://www.cprogramming.com/android/android_getting_started.html. CPprogramming. [3] Android SDK Developer. Available from: https://developer.android.com/sdk/index.html. [4] Java SE downloads. Oracle. Available from: http://www.oracle.com/technetwork/java/javase/downloads/index.html [5] Eclipse project. Available from: http://www.eclipse.org/downloads/ [6] Intercepter-NG. Available from: http://intercepter.nerf.ru/ [7] XDA Developes Forum. Available from: http://forum.xda- developers.com/showthread.php?p=35159281 [8] InfoSec Institute. Available from: http://resources.infosecinstitute.com/backtrack-5-part-1/ [9] Broida, R. (2013) How to easily root an Android device. Mobile World Congress. C.Net. Available from: http://howto.cnet.com/8301-11310_39-57608195-285/how-to-easily-root-an-android-device/ Authors Short Biography Wichien Choosilp is a graduate student at the department of Computer Science at Alabama A&M University. His research focuses on the Android malware detection, analysis and removal. Yujian Fu is an associate professor at the department of Computer Science at Alabama A&M University. Her research focuses on the embedded and real time system design, cyber physical system, programming language, formal methods.