Abstract
Mobile applications have drastically changed the way that we use our mobile devices. The different sensors that are embedded allow novel user interaction and make them context-aware. However, the operating system of most mobile devices allows limited user configuration; the user does not have full access, in order to make them more secure. Despite this measure, the overall security and privacy of users cannot be considered adequate. While there are many tools for “rooted” devices, the choices for “out of the stock” devices are not that many, and more importantly, they are not that effective.
To address these shortcomings, AndroPatchApp takes a different approach. Instead of installing monitoring and detection apps in the operating system, AndroPatchApp embeds some security and privacy controls before installation, by generating a “sanitized” version of the app.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Hoffman-Andrews, J.: Verizon injecting perma-cookies to track mobile customers, bypassing privacy controls (2014). https://www.eff.org/deeplinks/2014/11/verizon-x-uidh
Mills, E.: Malware delivered by yahoo, fox, google ads (2010). http://www.cnet.com/news/malware-delivered-by-yahoo-fox-google-ads/
Thomas, K., Bursztein, E., Grier, C., Ho, G., Jagpal, N., Kapravelos, A., McCoy, D., Nappa, A., Paxson, V., Pearce, P., et al.: Ad injection at scale: assessing deceptive advertisement modifications. In: IEEE Symposium on Security and Privacy (SP), pp. 151–167. IEEE (2015)
Graham, R.: Extracting the superfish certificate (2015). http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html
Inc. 5000 2015: The full list (2016). http://www.inc.com/inc5000/list/2014/
Vigneri, L., Chandrashekar, J., Pefkianakis, I., Heen, O.: Taming the android appstore: lightweight characterization of android applications, CoRR abs/1504.06093
Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX Conference on Security, p. 21. USENIX Association (2011)
Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 346–360. Springer, Heidelberg (2011). doi:10.1007/978-3-642-18178-8_30
Orthacker, C., Teufl, P., Kraxberger, S., Lackner, G., Gissing, M., Marsalek, A., Leibetseder, J., Prevenhueber, O.: Android security permissions–can we trust them? In: Prasad, R., Farkas, K., Schmidt, A.U., Lioy, A., Russello, G., Luccio, F.L. (eds.) MobiSec 2011. LNICSSITE, vol. 94, pp. 40–51. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30244-2_4
Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, p. 3. ACM (2012)
Enck, W., Ongtang, M., McDaniel, P.: Understanding android security. IEEE Secur. Priv. 7(1), 50–57 (2009)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)
Grace, M.C., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock android smartphones. In: NDSS (2012)
Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., Vigna, G.: Execute this! analyzing unsafe, malicious dynamic code loading in android applications. In: 21st Annual Network and Distributed System Security Symposium, NDSS, San Diego, California, USA, 23–26 February. The Internet Society (2014)
Zhauniarovich, Y.: Android security (and not) internals
Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an android smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34638-5_6
Balebako, R., Jung, J., Lu, W., Cranor, L.F., Nguyen, C.: Little brothers watching you: raising awareness of data leaks on smartphones. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, p. 12. ACM (2013)
Stevens, R., Gibler, C., Crussell, J., Erickson, J., Chen, H.: Investigating user privacy in android ad libraries. In: Proceedings of the Workshop on Mobile Security Technologies (MoST) (2012)
Grace, M.C., Zhou, W., Jiang, X., Sadeghi, A.-R.: Unsafe exposure analysis of mobile in-app. advertisements. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2012, pp. 101–112. ACM (2012)
Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., Smith, M.: Why Eve and Mallory love android: an analysis of android SSL (in) security. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 50–61. ACM (2012)
Conti, M., Dragoni, N., Gottardo, S.: MITHYS: mind the hand you shake-protecting mobile devices from SSL usage vulnerabilities. In: Accorsi, R., Ranise, S. (eds.) STM 2013. LNCS, vol. 8203, pp. 65–81. Springer, Heidelberg (2013). doi:10.1007/978-3-642-41098-7_5
Hubbard, J., Weimer, K., Chen, Y.: A study of SSL proxy attacks on android, iOS mobile applications. In: IEEE 11th Consumer Communications and Networking Conference (CCNC), pp. 86–91. IEEE (2014)
Book, T., Wallach, D.S.: A case of collusion: a study of the interface between ad libraries and their apps. In: Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 79–86. ACM (2013)
Book, T., Pridgen, A., Wallach, D.S.: Longitudinal analysis of android ad library permissions, arXiv preprint arXiv:1303.0857
Goodin, D.: Beware of ads that use inaudible sound to link your phone, tv, tablet, and pc (2015). http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/
Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 291–307. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30921-2_17
Pearce, P., Felt, A.P., Nunez, G., Wagner, D.: AdDroid: privilege separation for applications and advertisers in android. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, pp. 71–72. ACM (2012)
Xposed module repository (2015). http://repo.xposed.info/module/biz.bokhorst.xprivacy
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)
Shekhar, S., Dietz, M., Wallach, D.S.: AdSplit: Separating smartphone advertising from applications. In: Presented as Part of the 21st USENIX Security Symposium (USENIX Security 12), pp. 553–567 (2012)
Winsniewski, R.: Android-apktool: a tool for reverse engineering android apk files (2012). http://ibotpeaches.github.io/Apktool/
Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., Wallach, D.S.: Quire: lightweight provenance for smart phone operating systems. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, p. 23. USENIX Association, Berkeley (2011)
Acknowledgments
This work was supported by the European Commission under the Horizon 2020 Programme (H2020), as part of the OPERANDO project (Grant Agreement no. 653704).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Tsiakos, V., Patsakis, C. (2016). AndroPatchApp: Taming Rogue Ads in Android. In: Boumerdassi, S., Renault, É., Bouzefrane, S. (eds) Mobile, Secure, and Programmable Networking. MSPN 2016. Lecture Notes in Computer Science(), vol 10026. Springer, Cham. https://doi.org/10.1007/978-3-319-50463-6_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-50463-6_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-50462-9
Online ISBN: 978-3-319-50463-6
eBook Packages: Computer ScienceComputer Science (R0)