Abstract
Android applications are developed on top of Android framework and therefore bear particular features compared to traditional desktop software. In the meantime, due to the unique design and implementation, Android apps are threatened by emerging cyber attacks that target at mobile operating systems. As a result, security researchers have made considerable efforts to discover, mitigate and defeat these threats.
Keywords
- Application Program Interface
- Android Application
- Privacy Leakage
- Java Source Code
- Information Flow Control
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aafer Y, Du W, Yin H (2013) DroidAPIMiner: mining API-level features for robust malware detection in android. In: Proceedings of the 9th international conference on security and privacy in communication networks (SecureComm)
Arp D, Spreitzenbarth M, Hübner M, Gascon H, Rieck K (2014) Drebin: efficient and explainable detection of android malware in your pocket. In: Proceedings of the 21th annual network and distributed system security symposium (NDSS)
Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Traon YL, Octeau D, McDaniel P (2014) FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of the 35th ACM SIGPLAN conference on programming language design and implementation (PLDI)
Buse RP, Weimer WR (2010) Automatically documenting program changes. In: Proceedings of the IEEE/ACM international conference on automated software engineering (ASE)
Chandra D, Franz M (2007) Fine-grained information flow analysis and enforcement in a java virtual machine. In: Proceedings of the 23rd annual computer security applications conference (ACSAC)
Chen KZ, Johnson N, D’Silva V, Dai S, MacNamara K, Magrino T, Wu EX, Rinard M, Song D (2013) Contextual policy enforcement in android applications with permission event graphs. In: Proceedings of the 20th annual network and distributed system security symposium (NDSS)
Cui W, Peinado M, Wang HJ (2007) Shieldgen: automatic data patch generation for unknown vulnerabilities with informed probing. In: Proceedings of 2007 IEEE symposium on security and privacy
Davi L, Dmitrienko A, Sadeghi AR, Winandy M (2011) Privilege escalation attacks on android. In: Proceedings of the 13th international conference on Information security. Berlin/Heidelberg
Davis B, Sanders B, Khodaverdian A, Chen H (2012) I-ARM-Droid: a rewriting framework for in-app reference monitors for android applications. In: Proceedings of the mobile security technologies workshop
Egele M, Kruegel C, Kirda E, Vigna G (2011) PiOS: detecting privacy leaks in iOS applications. In: Proceedings of NDSS
Enck W, Ongtang M, McDaniel P (2009) On lightweight mobile phone application certification. In: Proceedings of the 16th ACM conference on computer and communications security (CCS)
Enck W, Gilbert P, Chun BG, Cox LP, Jung J, McDaniel P, Sheth AN (2010) TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX symposium on operating systems design and implementation (OSDI)
Enck W, Octeau D, McDaniel P, Chaudhuri S (2011) A study of android application security. In: Proceedings of the 20th USENIX Security Symposium
Felt AP, Wang HJ, Moshchuk A, Hanna S, Chin E (2011) Permission re-delegation: attacks and defenses. In: Proceedings of the 20th USENIX security symposium
Gibler C, Crussell J, Erickson J, Chen H (2012) AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. In: Proceedings of the 5th international conference on trust and trustworthy computing
Grace M, Zhou Y, Wang Z, Jiang X (2012) Systematic detection of capability leaks in stock android smartphones. In: Proceedings of the 19th network and distributed system security symposium
Grace M, Zhou Y, Zhang Q, Zou S, Jiang X (2012) RiskRanker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th international conference on mobile systems, applications and services (MobiSys)
Hanna S, Huang L, Wu E, Li S, Chen C, Song D (2012) Juxtapp: a scalable system for detecting code reuse among android applications. In: Proceedings of the 9th international conference on detection of intrusions and malware, and vulnerability assessment (DIMVA)
Hornyack P, Han S, Jung J, Schechter S, Wetherall D (2011) These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications. In: Proceedings of CCS
HP Fortify Source Code Analyzer (2016) http://www8.hp.com/us/en/software-solutions/static-code-analysis-sast/
Jia L, Aljuraidan J, Fragkaki E, Bauer L, Stroucken M, Fukushima K, Kiyomoto S, Miyake Y (2013) Run-time enforcement of information-flow properties on android (extended abstract). In: Computer Security–ESORICS 2013: 18th European symposium on research in computer security
Kim J, Yoon Y, Yi K, Shin J (2012) Scandal: static analyzer for detecting privacy leaks in android applications. In: Mobile security technologies (MoST)
Lin Z, Jiang X, Xu D, Mao B, Xie L (2007) AutoPAG: towards automated software patch generation with source code root cause identification and repair. In: Proceedings of the 2nd ACM symposium on information, computer and communications security
Livshits B, Jung J (2013) Automatic mediation of privacy-sensitive resource access in smartphone applications. In: Proceedings of the 22th USENIX security symposium
Lu L, Li Z, Wu Z, Lee W, Jiang G (2012) CHEX: statically vetting android apps for component hijacking vulnerabilities. In: Proceedings of the 2012 ACM conference on computer and communications security (CCS)
Mann C, Starostin A (2012) A framework for static detection of privacy leaks in android applications. In: Proceedings of the 27th annual ACM symposium on applied computing
Martin M, Livshits B, Lam MS (2005) Finding application errors and security flaws using PQL: a program query language. In: Proceedings of the 20th annual ACM SIGPLAN conference on object-oriented programming, systems, languages, and applications
McAfee Labs Threats report Fourth Quarter (2013) http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2013.pdf
Moreno L, Aponte J, Sridhara G, Marcus A, Pollock L, Vijay-Shanker K (2013) Automatic generation of natural language summaries for java classes. In: Proceedings of the 2013 IEEE 21th international conference on program comprehension (ICPC)
Myers AC (1999) JFlow: practical mostly-static information flow control. In: Proceedings of the 26th ACM symposium on principles of programming languages (POPL)
Newsome J (2006) Vulnerability-specific execution filtering for exploit prevention on commodity software. In: Proceedings of the 13th symposium on network and distributed system security (NDSS)
Niu B, Tan G (2013) Efficient user-space information flow control. In: Proceedings of the 8th ACM symposium on information, computer and communications security
Pandita R, Xiao X, Yang W, Enck W, Xie T (2013) WHYPER: towards automating risk assessment of mobile applications. In: Proceedings of the 22nd USENIX conference on security
Peng H, Gates C, Sarma B, Li N, Qi Y, Potharaju R, Nita-Rotaru C, Molloy I (2012) Using probabilistic generative models for ranking risks of android apps. In: Proceedings of the 2012 ACM conference on computer and communications security (CCS)
Privacy Blocker (2016) http://privacytools.xeudoxus.com/
Qu Z, Rastogi V, Zhang X, Chen Y, Zhu T, Chen Z (2014) Autocog: measuring the description-to-permission fidelity in android applications. In: Proceedings of the 21st conference on computer and communications security (CCS)
Rastogi V, Chen Y, Jiang X (2013) DroidChameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM symposium on information, computer and communications security (ASIACCS)
Razmov V, Simon D (2001) Practical automated filter generation to explicitly enforce implicit input assumptions. In: Proceedings of the 17th annual computer security applications conference
Sidiroglou S and Keromytis AD (2005) Countering network worms through automatic patch generation. IEEE Secur Priv 3:41–49
Sridhara G, Hill E, Muppaneni D, Pollock L, Vijay-Shanker K (2010) Towards automatically generating summary comments for java methods. In: Proceedings of the IEEE/ACM international conference on automated software engineering (ASE)
Sridhara G, Pollock L, Vijay-Shanker K (2011) Generating parameter comments and integrating with method summaries. In: Proceedings of the 2011 IEEE 19th international conference on program comprehension (ICPC)
Sridhara G, Pollock L, Vijay-Shanker K (2011) Automatically detecting and describing high level actions within methods. In: Proceedings of the 33rd international conference on software engineering (ICSE)
T.J. Watson Libraries for Analysis (2015) http://wala.sourceforge.net/wiki/index.php/Main_Page
Wu C, Zhou Y, Patel K, Liang Z, Jiang X (2014) AirBag: boosting smartphone resistance to malware infection. In: Proceedings of the 21th annual network and distributed system security symposium (NDSS)
Xu W, Bhatkar S, Sekar R (2006) Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks. In: Proceedings of the 15th conference on USENIX security symposium
Xu R, Sadi H, Anderson R (2012) Aurasium: practical policy enforcement for android applications. In: Proceedings of the 21th USENIX security symposium
Yan LK, Yin H (2012) DroidScope: seamlessly reconstructing OS and Dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX security symposium
Yang Z, Yang M, Zhang Y, Gu G, Ning P, Wang XS (2013) AppIntent: analyzing sensitive data transmission in android for privacy leakage detection. In: Proceedings of the 20th ACM conference on computer and communications security (CCS)
Zeng B, Tan G, Erlingsson U (2013) Strato: a retargetable framework for low-level inlined-reference monitors. In: Proceedings of the 22th USENIX security symposium
Zhang C, Wang T, Wei T, Chen Y, Zou W (2010) IntPatch: automatically fix integer-overflow-to-buffer-overflow vulnerability at compile-time. In: Proceedings of the 15th European conference on research in computer security
Zhang Y, Yang M, Xu B, Yang Z, Gu G, Ning P, Wang XS, Zang B (2013) Vetting undesirable behaviors in android apps with permission use analysis. In: Proceedings of the 20th ACM conference on computer and communications security (CCS)
Zhou Y, Jiang X (2012) Dissecting android malware: characterization and evolution. In: Proceedings of the 33rd IEEE symposium on security and privacy. Oakland
Zhou Y, Jiang X (2013) Detecting passive content leaks and pollution in android applications. In: Proceedings of the 20th network and distributed system security symposium
Zhou Y, Wang Z, Zhou W, Jiang X (2012) Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: Proceedings of 19th annual network and distributed system security symposium (NDSS)
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2016 The Author(s)
About this chapter
Cite this chapter
Zhang, M., Yin, H. (2016). Background. In: Android Application Security. SpringerBriefs in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-319-47812-8_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-47812-8_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47811-1
Online ISBN: 978-3-319-47812-8
eBook Packages: Computer ScienceComputer Science (R0)