SafeCandy: System for security, analysis and validation in Android
DOI:
https://doi.org/10.18046/syt.v13i35.2154Keywords:
Mobile security, Android security, ASEF, anti-malware.Abstract
Android is an operating system which currently has over one billion active users for all their mobile devices, a market impact that is influencing an increase in the amount of information that can be obtained from different users, facts that have motivated the development of malicious software by cybercriminals. To solve the problems caused by malware, Android implements a different architecture and security controls, such as a unique user ID (UID) for each application, while an API permits its distribution platform, Google Play applications. It has been shown that there are ways to violate that protection, so the developer community has been developing alternatives aimed at improving the level of safety. This paper presents: the latest information on the various trends and security solutions for Android, and SafeCandy, an app proposed as a new system for analysis, validation and configuration of Android applications that implements static and dynamic analysis with improved ASEF. Finally, a study is included to evaluate the effectiveness in threat detection of different malware antivirus software for Android.
References
Android Open Source Project (n.d). Security. Retrieved from: https://source.android.com/devices/tech/security/
Au, K. W. Y., Zhou, Y. F., Huang, Z., & Lie, D. (2012). Pscout. Analyzing the android permission specification. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, (pp. 217-228). New York, NY: ACM.
Batyuk, L., Herpich, M., Camtepe, S. A., Raddatz, K., Schmidt, A., & Albayrak, S. (2011). Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications. In 2011 6th International Conference on Malicious and Unwanted Software (MALWARE), (pp. 66-72). Piscataway, NJ: IEEE.
Bishop, M.A. (2002). The art and science of computer security, Boston, MA: Addison-Wesley Longman.
Burguera, I., Zurutuza, U., & Nadjm-Tehrani, S. (2011). Crowdroid: behavior-based malware detection system for android. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, (pp. 15-26). New York, NY: ACM.
Dharmdasani H., & Pidathala V. (2014, march 31). Android.MisoSMS : Its Back! Now With XTEA. Retrieved from: https://www.fireeye.com/blog/threat-research/2014/03/android-misosms-its-back-now-with-xtea.html
Drake, J. J., Lanier, Z., Mulliner, C., Fora, P. O., Ridley, S. A., & Wicherski, G. (2014). Android hacker's handbook. Indianapolis, IN: John Wiley & Sons.
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B. G., Cox, L. P., ... & Sheth, A.N. (2014). TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), 32(2), 5.
Enck, W., Octeau, D., McDaniel, P., & Chaudhuri, S. (2011). A study of Android application security. In USENIX security symposium (Vol. 2, p. 2). Berkeley, CA: Usenix.
Forristal, J. (2014). Android fake ID vulnerability. In Black Hat USA, 2014. Black Hat Materials, Retrieved from: https://www.blackhat.com/docs/us-14/materials/us-14-Forristal-Android-FakeID-Vulnerability-Walkthrough.pdf
Fuentes, M. & Gómez, J. (2014). Valoración de la plataforma ASEF como base para detección de malware en aplicaciones Android. Ingenium, 8(21), 11-23.
Ghorbanzadeh, M., Chen, Y., Ma, Z., Clancy, T. C., & McGwier, R. (2013), A neural network approach to category validation of android applications. In 2013 International Conference on Computing, Networking and Communications (ICNC), (pp. 740-744), Piscataway, NJ: IEEE.
Gopan, D., & Reps, T. (2007). Low-level library analysis and summarization. In Computer aided verification (pp. 68-81).Berlin-Heidelberg, Germany: Springer.
Grace, M., Zhou, Y., Zhang, Q., Zou, S., & Jiang, X. (2012). Riskranker: scalable and accurate zero-day android malware detection. In Proceedings of the 10th international conference on Mobile systems, applications, and services, (pp. 281-294). New York, NY: ACM.
Khandelwal, S. (2014a, March 26). Android malware 'dendroid' targeting Indian users [blog The Hacker News]. Retrieved from: http://thehackernews.com/2014/03/android-malware-dendroid-targeting_26.html
Khandelwal, S. (2014b, May 6). Police ransomware malware targeting Android smartphones [blog The Hacker News]. Retrieved fromhttp://thehackernews.com/2014/05/police-ransomware-malware-targeting.html
Mutz, D., Robertson, W., Vigna, G., & Kemmerer, R. (2007). Exploiting execution context for the detection of anomalous system calls. In Recent advances in intrusion detection, (pp. 1-20. .Berlin-Heidelberg, Germany: Springer.
Nadji, Y., Giffin, J., & Traynor, P. (2011). Automated remote repair for mobile malware. In Proceedings of the 27th Annual Computer Security Applications Conference, (pp. 413-422). New York, NY: ACM.
Navarro, A., Sebastián, L., Urcuqui, C., Fuentes, M., & Gomez, J. (2014). Análisis y caracterización de frameworks para detección de aplicaciones maliciosas en Android. In XIV Jornada Internacional de Seguridad Informática ACIS 2014, (Art.1) [CD]. Available at http://52.0.140.184/typo43/index.php?id=2114
Oja, M., Kaski, S., & Kohonen, T. (2003). Bibliography of self-organizing map (SOM) papers: 1998-2001 addendum. Neural Computing Surveys, 3. Retrieved from http://www.cis.hut.fi/research/refs/NCS_vol3_1.pdf
Petsas, T., Voyatzis, G., Athanasopoulos, E., Polychronakis, M., & Ioannidis, S. (2014). Rage against the virtual machine: hindering dynamic analysis of android malware. In Proceedings of the Seventh European Workshop on System Security, (p. 5). New York, NY: ACM.
Pichai, S. (2014). Google I/O 2014 - Keynote [video. 6:43m]. Retrieved from: https://www.google.com/events/io
Portokalidis, G., Homburg, P., Anagnostakis, K., & Bos, H. (2010). Paranoid Android: versatile protection for smartphones. In Proceedings of the 26th Annual Computer Security Applications Conference, (pp. 347-356). New York, NY: ACM.
Smalley, S., & Craig, R. (2013). Security enhanced (SE) Android: Bringing flexible Mac to Android. In 20th Annual Network and Distributed System Security Symposium (NDSS'13), (pp. 20-38). Reston, VA: The Internet Society.
Tor Project (s.f). Anonymity online. Retrieved from: http://www.torproject.org/
Wei, T., Zhang, Y., Xue, H., Zheng, M., Ren, C., & Song, D. (2014). Sidewinder: Targeted attack against Android in the golden age of ad libraries. In Black Hat 2014, Black Hat Materials. Retrieved from: https://www.blackhat.com/docs/us-14/materials/us-14-Wei-Sidewinder-Targeted-Attack-Against-Android-In-The-Golden-Age-Of-Ad-Libs.pdf
Yadav, N. P. & Shivamurthy, R. C. (2013). Faamac: Forensic Analysis of Android Mobile Applications using Cloud Computing. International Journal on Recent and Innovation Trends in Computing and Communication, 2(5), 1069-1073.
Yan, L. K., & Yin, H. (2014). DroidScope: Seamlessly reconstructing the OS and dalvik semantic views for dynamic android malware analysis. In USENIX security symposium, (pp. 569--584).
Yerima, S. Y., Sezer, S., & Muttik, I. (2014). Android malware detection using parallel machine learning classifiers. In 2014 Eighth International Conference on Next Generation Mobile Apps, Services and Technologies (NGMAST), (pp. 37-42). Piscataway, NJ: IEEE.
Zhou, W., Zhou, Y., Jiang, X., & Ning, P. (2012). Detecting repackaged smartphone applications in third-party android marketplaces. In Proceedings of the second ACM conference on Data and Application Security and Privacy, (pp. 317-326). New York, NY: ACM.
Zhou, Y., & Jiang, X. (2012). Dissecting android malware: Characterization and evolution. In 2012 IEEE Symposium on Security and Privacy (SP), (pp. 95-109). Piscataway, NJ: IEEE.
Au, K. W. Y., Zhou, Y. F., Huang, Z., & Lie, D. (2012). Pscout. Analyzing the android permission specification. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, (pp. 217-228). New York, NY: ACM.
Batyuk, L., Herpich, M., Camtepe, S. A., Raddatz, K., Schmidt, A., & Albayrak, S. (2011). Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications. In 2011 6th International Conference on Malicious and Unwanted Software (MALWARE), (pp. 66-72). Piscataway, NJ: IEEE.
Bishop, M.A. (2002). The art and science of computer security, Boston, MA: Addison-Wesley Longman.
Burguera, I., Zurutuza, U., & Nadjm-Tehrani, S. (2011). Crowdroid: behavior-based malware detection system for android. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, (pp. 15-26). New York, NY: ACM.
Dharmdasani H., & Pidathala V. (2014, march 31). Android.MisoSMS : Its Back! Now With XTEA. Retrieved from: https://www.fireeye.com/blog/threat-research/2014/03/android-misosms-its-back-now-with-xtea.html
Drake, J. J., Lanier, Z., Mulliner, C., Fora, P. O., Ridley, S. A., & Wicherski, G. (2014). Android hacker's handbook. Indianapolis, IN: John Wiley & Sons.
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B. G., Cox, L. P., ... & Sheth, A.N. (2014). TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), 32(2), 5.
Enck, W., Octeau, D., McDaniel, P., & Chaudhuri, S. (2011). A study of Android application security. In USENIX security symposium (Vol. 2, p. 2). Berkeley, CA: Usenix.
Forristal, J. (2014). Android fake ID vulnerability. In Black Hat USA, 2014. Black Hat Materials, Retrieved from: https://www.blackhat.com/docs/us-14/materials/us-14-Forristal-Android-FakeID-Vulnerability-Walkthrough.pdf
Fuentes, M. & Gómez, J. (2014). Valoración de la plataforma ASEF como base para detección de malware en aplicaciones Android. Ingenium, 8(21), 11-23.
Ghorbanzadeh, M., Chen, Y., Ma, Z., Clancy, T. C., & McGwier, R. (2013), A neural network approach to category validation of android applications. In 2013 International Conference on Computing, Networking and Communications (ICNC), (pp. 740-744), Piscataway, NJ: IEEE.
Gopan, D., & Reps, T. (2007). Low-level library analysis and summarization. In Computer aided verification (pp. 68-81).Berlin-Heidelberg, Germany: Springer.
Grace, M., Zhou, Y., Zhang, Q., Zou, S., & Jiang, X. (2012). Riskranker: scalable and accurate zero-day android malware detection. In Proceedings of the 10th international conference on Mobile systems, applications, and services, (pp. 281-294). New York, NY: ACM.
Khandelwal, S. (2014a, March 26). Android malware 'dendroid' targeting Indian users [blog The Hacker News]. Retrieved from: http://thehackernews.com/2014/03/android-malware-dendroid-targeting_26.html
Khandelwal, S. (2014b, May 6). Police ransomware malware targeting Android smartphones [blog The Hacker News]. Retrieved fromhttp://thehackernews.com/2014/05/police-ransomware-malware-targeting.html
Mutz, D., Robertson, W., Vigna, G., & Kemmerer, R. (2007). Exploiting execution context for the detection of anomalous system calls. In Recent advances in intrusion detection, (pp. 1-20. .Berlin-Heidelberg, Germany: Springer.
Nadji, Y., Giffin, J., & Traynor, P. (2011). Automated remote repair for mobile malware. In Proceedings of the 27th Annual Computer Security Applications Conference, (pp. 413-422). New York, NY: ACM.
Navarro, A., Sebastián, L., Urcuqui, C., Fuentes, M., & Gomez, J. (2014). Análisis y caracterización de frameworks para detección de aplicaciones maliciosas en Android. In XIV Jornada Internacional de Seguridad Informática ACIS 2014, (Art.1) [CD]. Available at http://52.0.140.184/typo43/index.php?id=2114
Oja, M., Kaski, S., & Kohonen, T. (2003). Bibliography of self-organizing map (SOM) papers: 1998-2001 addendum. Neural Computing Surveys, 3. Retrieved from http://www.cis.hut.fi/research/refs/NCS_vol3_1.pdf
Petsas, T., Voyatzis, G., Athanasopoulos, E., Polychronakis, M., & Ioannidis, S. (2014). Rage against the virtual machine: hindering dynamic analysis of android malware. In Proceedings of the Seventh European Workshop on System Security, (p. 5). New York, NY: ACM.
Pichai, S. (2014). Google I/O 2014 - Keynote [video. 6:43m]. Retrieved from: https://www.google.com/events/io
Portokalidis, G., Homburg, P., Anagnostakis, K., & Bos, H. (2010). Paranoid Android: versatile protection for smartphones. In Proceedings of the 26th Annual Computer Security Applications Conference, (pp. 347-356). New York, NY: ACM.
Smalley, S., & Craig, R. (2013). Security enhanced (SE) Android: Bringing flexible Mac to Android. In 20th Annual Network and Distributed System Security Symposium (NDSS'13), (pp. 20-38). Reston, VA: The Internet Society.
Tor Project (s.f). Anonymity online. Retrieved from: http://www.torproject.org/
Wei, T., Zhang, Y., Xue, H., Zheng, M., Ren, C., & Song, D. (2014). Sidewinder: Targeted attack against Android in the golden age of ad libraries. In Black Hat 2014, Black Hat Materials. Retrieved from: https://www.blackhat.com/docs/us-14/materials/us-14-Wei-Sidewinder-Targeted-Attack-Against-Android-In-The-Golden-Age-Of-Ad-Libs.pdf
Yadav, N. P. & Shivamurthy, R. C. (2013). Faamac: Forensic Analysis of Android Mobile Applications using Cloud Computing. International Journal on Recent and Innovation Trends in Computing and Communication, 2(5), 1069-1073.
Yan, L. K., & Yin, H. (2014). DroidScope: Seamlessly reconstructing the OS and dalvik semantic views for dynamic android malware analysis. In USENIX security symposium, (pp. 569--584).
Yerima, S. Y., Sezer, S., & Muttik, I. (2014). Android malware detection using parallel machine learning classifiers. In 2014 Eighth International Conference on Next Generation Mobile Apps, Services and Technologies (NGMAST), (pp. 37-42). Piscataway, NJ: IEEE.
Zhou, W., Zhou, Y., Jiang, X., & Ning, P. (2012). Detecting repackaged smartphone applications in third-party android marketplaces. In Proceedings of the second ACM conference on Data and Application Security and Privacy, (pp. 317-326). New York, NY: ACM.
Zhou, Y., & Jiang, X. (2012). Dissecting android malware: Characterization and evolution. In 2012 IEEE Symposium on Security and Privacy (SP), (pp. 95-109). Piscataway, NJ: IEEE.
Downloads
Published
2015-12-03
Issue
Section
Original Research
License
This journal is licensed under the terms of the CC BY 4.0 licence (https://creativecommons.org/licenses/by/4.0/legalcode).
