Skip to main content
SpringerLink
Log in

Static Detection of Dangerous Behaviors in Android Apps

  • Conference paper
Cyberspace Safety and Security (CSS 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8300))

Included in the following conference series:

Abstract

This paper presents a scheme to detect dangerous behaviors in Android apps. In order to identify different kinds of dangerous behaviors, we designed two analysis engines. On the one hand, taint analysis engine mainly detects privacy leak by tracking how user’s sensitive data is used by an app; On the other hand, constant analysis engine focuses on the constant information in an app to identify other dangerous behaviors such as SP services ordering, phone bill consuming, and so on. We have implemented these two engines in a system called ApkRiskAnalyzer which identifies the dangerous behaviors by simulating the running process of an Android app statically. Furthermore, we analyzed 1260 malicious apps and found out dangerous behaviors in 1246 (98.9%) apps. Then we downloaded 630 normal apps from Google Play and identified dangerous behaviors in 575(91.3%) apps. These results demonstrate the effectiveness of ApkRiskAnalyzer.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. NetQin, http://www.netqin.com

  2. Mobile malware cases nearly triple in first half of 2012, says NetQin, http://www.computerworld.com/s/article/9229802/Mobile_malware_cases_nearly_triple_in_first_half_of_2012_says_NetQin

  3. TrustGo, http://www.trustgo.com

  4. Google Play, https://play.google.com/store

  5. Android Authority: 23 of the top 500 Google Play Apps considered to be malware; malware up 580% this year (Infographic), http://www.trustgo.com/en/media-coverage

  6. Felt, A.P., Chin, E., et al.: Android Permissions Demystified. In: The 18th ACM Conference on Computer and Communications Security (CCS 2011), Chicago, USA (October 2011)

    Google Scholar 

  7. Zhou, Y., Wang, Z., et al.: Hey, You, Get off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In: Proceedings of the 19th Network and Distributed System Security Symposium (NDSS 2012), San Diego, CA ( February 2012)

    Google Scholar 

  8. Enck, W., Gilbert, P., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: The 9th USENIX Symposium on Operating System Design and Implementation (OSDI 2010), Vancouver, BC, Canada (October 2010)

    Google Scholar 

  9. Android Malware Genome Project, http://www.malgenomeproject.org/

  10. Dalvik bytecode, http://source.android.com/tech/dalvik/dalvik-bytecode.html

  11. IDA pro, http://www.hex-rays.com/products/ida

  12. IDAPython, http://code.google.com/p/idapython/

  13. Cheng, S., Yang, J., et al.: LoongChecker: Practical summary-based semi-simulation to detect vulnerability in binary code. In: The 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011), Changsha, China (November 2011)

    Google Scholar 

  14. Li, Z., Cheng, S., Wu, J.: Inter-procedural static analysis of Android apps, Technical report (December 2012)

    Google Scholar 

  15. FakeNetflix, http://www.pcmag.com/article2/0,2817,2394621,00.asp

  16. Gone60, http://contagiominidump.blogspot.com/2011/09/gone-in-60-seconds-android-spyware.html

  17. Fetion, http://www.fetion.com/

  18. Snda, http://www.snda.com/cn/fstpage.html

  19. Angrybirds, http://www.angrybirds.com/

  20. Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of Android app security. In: The 20th USENIX Security Symposium (2011)

    Google Scholar 

  21. Grace, M., Zhou, Y., Zhang, Q., et al.: RiskRanker: Scalable and Accurate Zero-day Android Malware Detection. In: Proceedings of the 10th International Conference on Mobile Systems, Apps and Services (MobiSys 2012), Lake District, UK (June 2012)

    Google Scholar 

  22. Portokalidis, G., Homburg, P., Anagnostakis, K., Bos, H.: Paranoid Android: Versatile protection for smartphones. In: The 26th Annual Computer Security Applications Conference (ACSAC 2010), Austin, Texas, USA (December 2010)

    Google Scholar 

  23. Gilbert, P., Chun, B.G., Cox, L.P., Jung, J.: Vision: Automated Security Validation of Mobile Apps at App Markets. In: Proceedings of the International Workshop on Mobile Cloud Computing and Services (MCS 2011), New York, USA (2011)

    Google Scholar 

  24. Nauman, M., Khan, S., Zhang, X.: Apex: Extending Android Permission Model and Enforcement with User-Defined Runtime Constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2010), Beijing, China (April 2010)

    Google Scholar 

  25. Beresford, A.R., Rice, A., et al.: MockDroid: Trading Privacy for Application Functionality on Smartphones. In: Proceedings of the 12th International Workshop on Mobile Computing System and Applications (HotMobile 2011), Phoenix, USA (March 2011)

    Google Scholar 

  26. Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming Information-Stealing Smartphone Applications (on Android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  27. Grace, M., Zhou, Y., Wang, Z., Jiang, X.: Systematic Detection of Capability Leaks in Stock Android Smartphones. In: Proceedings of the 19th Annual Symposium on Network and Distributed System Security (NDSS 2012), San Diego, USA (February 2012)

    Google Scholar 

  28. Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These Aren’t the Droids You’re Looking For: Retrofitting Android to Protect Data from Imperious Applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011), Chicago, USA (October 2011)

    Google Scholar 

  29. Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing Inter-Application Communication in Android. In: Proceedings of the 9th Annual Symposium on Network and Distributed System Security (MobiSys 2011), Washington, DC, USA (July 2011)

    Google Scholar 

  30. Barrera, D., Kayacik, H.G., Oorschot, P., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its app to Android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010), Chicago, USA (October 2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Technology Security Evaluation Center, University of Science and Technology of China, Hefei, 230027, P.R. China

    Shaoyin Cheng, Zifeng Li & Fan Jiang

  2. ZTE Corporation, Nanjing, 210012, P.R. China

    Shengmei Luo, Wei Wang & Yan Wu

  3. Department of Computer Science, Tsinghua University, Beijing, 100084, P.R. China

    Shengmei Luo

Authors
  1. Shaoyin Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shengmei Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zifeng Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yan Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Fan Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Science and Engineering, Central South University, 410083, Changsha, Hunan, P.R. China

    Guojun Wang

  2. Computer Science Department, Colorado State University, 1873 Campus Delivery, 80523-1873, Fort Collins, CO, USA

    Indrakshi Ray

  3. Chinese Academy of Sciences, Institute of Software, 100190, Beijing, P.R. China

    Dengguo Feng

  4. information Security Group, City University London, EC1V 0HB, London, UK

    Muttukrishnan Rajarajan

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer International Publishing Switzerland

About this paper

Cite this paper

Cheng, S., Luo, S., Li, Z., Wang, W., Wu, Y., Jiang, F. (2013). Static Detection of Dangerous Behaviors in Android Apps. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds) Cyberspace Safety and Security. CSS 2013. Lecture Notes in Computer Science, vol 8300. Springer, Cham. https://doi.org/10.1007/978-3-319-03584-0_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-03584-0_27

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-03583-3

  • Online ISBN: 978-3-319-03584-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation