Skip to main content
SpringerLink
Log in
Book cover

International Conference on Mobile, Secure, and Programmable Networking

MSPN 2016: Mobile, Secure, and Programmable Networking pp 183–196Cite as

AndroPatchApp: Taming Rogue Ads in Android

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 10026))

Abstract

Mobile applications have drastically changed the way that we use our mobile devices. The different sensors that are embedded allow novel user interaction and make them context-aware. However, the operating system of most mobile devices allows limited user configuration; the user does not have full access, in order to make them more secure. Despite this measure, the overall security and privacy of users cannot be considered adequate. While there are many tools for “rooted” devices, the choices for “out of the stock” devices are not that many, and more importantly, they are not that effective.

To address these shortcomings, AndroPatchApp takes a different approach. Instead of installing monitoring and detection apps in the operating system, AndroPatchApp embeds some security and privacy controls before installation, by generating a “sanitized” version of the app.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Hoffman-Andrews, J.: Verizon injecting perma-cookies to track mobile customers, bypassing privacy controls (2014). https://www.eff.org/deeplinks/2014/11/verizon-x-uidh

  2. Mills, E.: Malware delivered by yahoo, fox, google ads (2010). http://www.cnet.com/news/malware-delivered-by-yahoo-fox-google-ads/

  3. Thomas, K., Bursztein, E., Grier, C., Ho, G., Jagpal, N., Kapravelos, A., McCoy, D., Nappa, A., Paxson, V., Pearce, P., et al.: Ad injection at scale: assessing deceptive advertisement modifications. In: IEEE Symposium on Security and Privacy (SP), pp. 151–167. IEEE (2015)

    Google Scholar 

  4. Graham, R.: Extracting the superfish certificate (2015). http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html

  5. Inc. 5000 2015: The full list (2016). http://www.inc.com/inc5000/list/2014/

  6. Vigneri, L., Chandrashekar, J., Pefkianakis, I., Heen, O.: Taming the android appstore: lightweight characterization of android applications, CoRR abs/1504.06093

    Google Scholar 

  7. Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX Conference on Security, p. 21. USENIX Association (2011)

    Google Scholar 

  8. Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 346–360. Springer, Heidelberg (2011). doi:10.1007/978-3-642-18178-8_30

    Chapter  Google Scholar 

  9. Orthacker, C., Teufl, P., Kraxberger, S., Lackner, G., Gissing, M., Marsalek, A., Leibetseder, J., Prevenhueber, O.: Android security permissions–can we trust them? In: Prasad, R., Farkas, K., Schmidt, A.U., Lioy, A., Russello, G., Luccio, F.L. (eds.) MobiSec 2011. LNICSSITE, vol. 94, pp. 40–51. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30244-2_4

    Chapter  Google Scholar 

  10. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, p. 3. ACM (2012)

    Google Scholar 

  11. Enck, W., Ongtang, M., McDaniel, P.: Understanding android security. IEEE Secur. Priv. 7(1), 50–57 (2009)

    Article  Google Scholar 

  12. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)

    Google Scholar 

  13. Grace, M.C., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock android smartphones. In: NDSS (2012)

    Google Scholar 

  14. Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., Vigna, G.: Execute this! analyzing unsafe, malicious dynamic code loading in android applications. In: 21st Annual Network and Distributed System Security Symposium, NDSS, San Diego, California, USA, 23–26 February. The Internet Society (2014)

    Google Scholar 

  15. Zhauniarovich, Y.: Android security (and not) internals

    Google Scholar 

  16. Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an android smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34638-5_6

    Chapter  Google Scholar 

  17. Balebako, R., Jung, J., Lu, W., Cranor, L.F., Nguyen, C.: Little brothers watching you: raising awareness of data leaks on smartphones. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, p. 12. ACM (2013)

    Google Scholar 

  18. Stevens, R., Gibler, C., Crussell, J., Erickson, J., Chen, H.: Investigating user privacy in android ad libraries. In: Proceedings of the Workshop on Mobile Security Technologies (MoST) (2012)

    Google Scholar 

  19. Grace, M.C., Zhou, W., Jiang, X., Sadeghi, A.-R.: Unsafe exposure analysis of mobile in-app. advertisements. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2012, pp. 101–112. ACM (2012)

    Google Scholar 

  20. Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., Smith, M.: Why Eve and Mallory love android: an analysis of android SSL (in) security. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 50–61. ACM (2012)

    Google Scholar 

  21. Conti, M., Dragoni, N., Gottardo, S.: MITHYS: mind the hand you shake-protecting mobile devices from SSL usage vulnerabilities. In: Accorsi, R., Ranise, S. (eds.) STM 2013. LNCS, vol. 8203, pp. 65–81. Springer, Heidelberg (2013). doi:10.1007/978-3-642-41098-7_5

    Chapter  Google Scholar 

  22. Hubbard, J., Weimer, K., Chen, Y.: A study of SSL proxy attacks on android, iOS mobile applications. In: IEEE 11th Consumer Communications and Networking Conference (CCNC), pp. 86–91. IEEE (2014)

    Google Scholar 

  23. Book, T., Wallach, D.S.: A case of collusion: a study of the interface between ad libraries and their apps. In: Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 79–86. ACM (2013)

    Google Scholar 

  24. Book, T., Pridgen, A., Wallach, D.S.: Longitudinal analysis of android ad library permissions, arXiv preprint arXiv:1303.0857

  25. Goodin, D.: Beware of ads that use inaudible sound to link your phone, tv, tablet, and pc (2015). http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/

  26. Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 291–307. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30921-2_17

    Chapter  Google Scholar 

  27. Pearce, P., Felt, A.P., Nunez, G., Wagner, D.: AdDroid: privilege separation for applications and advertisers in android. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, pp. 71–72. ACM (2012)

    Google Scholar 

  28. Xposed module repository (2015). http://repo.xposed.info/module/biz.bokhorst.xprivacy

  29. Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)

    Article  Google Scholar 

  30. Shekhar, S., Dietz, M., Wallach, D.S.: AdSplit: Separating smartphone advertising from applications. In: Presented as Part of the 21st USENIX Security Symposium (USENIX Security 12), pp. 553–567 (2012)

    Google Scholar 

  31. Winsniewski, R.: Android-apktool: a tool for reverse engineering android apk files (2012). http://ibotpeaches.github.io/Apktool/

  32. Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., Wallach, D.S.: Quire: lightweight provenance for smart phone operating systems. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, p. 23. USENIX Association, Berkeley (2011)

    Google Scholar 

Download references

Acknowledgments

This work was supported by the European Commission under the Horizon 2020 Programme (H2020), as part of the OPERANDO project (Grant Agreement no. 653704).

Author information

Authors and Affiliations

  1. Department of Informatics, University of Piraeus, Piraeus, Greece

    Vasilis Tsiakos & Constantinos Patsakis

Authors
  1. Vasilis Tsiakos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Constantinos Patsakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Constantinos Patsakis .

Editor information

Editors and Affiliations

  1. CNAM/CEDRIC, Paris, France

    Selma Boumerdassi

  2. Institut Mines-Télécom – Télécom SudParis, Évry, France

    Éric Renault

  3. CNAM/CEDRIC , Paris, France

    Samia Bouzefrane

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Tsiakos, V., Patsakis, C. (2016). AndroPatchApp: Taming Rogue Ads in Android. In: Boumerdassi, S., Renault, É., Bouzefrane, S. (eds) Mobile, Secure, and Programmable Networking. MSPN 2016. Lecture Notes in Computer Science(), vol 10026. Springer, Cham. https://doi.org/10.1007/978-3-319-50463-6_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-50463-6_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-50462-9

  • Online ISBN: 978-3-319-50463-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation