Results 1 - 10
of
15
Privacy as Part of the App Decision-Making Process
"... Smartphones have unprecedented access to sensitive personal information. While users report having privacy concerns, they may not actively consider privacy while downloading apps from smartphone application marketplaces. Currently, Android users have only the Android permissions display, which appea ..."
Abstract
-
Cited by 24 (10 self)
- Add to MetaCart
(Show Context)
Smartphones have unprecedented access to sensitive personal information. While users report having privacy concerns, they may not actively consider privacy while downloading apps from smartphone application marketplaces. Currently, Android users have only the Android permissions display, which appears after they have selected an app to download, to help them understand how applications access their information. We investigate how permissions and privacy could play a more active role in app-selection decisions. We designed a short “Privacy Facts ” display, which we tested in a 20-participant lab study and a 366-participant online experiment. We found that by bringing privacy information to the user when they were making the decision and by presenting it in a clearer fashion, we could assist users in choosing applications that request fewer permissions.
ANDRUBIS- 1,000,000 Apps Later: A View on Current Android Malware Behaviors
"... Abstract—Android is the most popular smartphone operating system with a market share of 80%, but as a consequence, also the platform most targeted by malware. To deal with the increasing number of malicious Android apps in the wild, malware analysts typically rely on analysis tools to extract charac ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
(Show Context)
Abstract—Android is the most popular smartphone operating system with a market share of 80%, but as a consequence, also the platform most targeted by malware. To deal with the increasing number of malicious Android apps in the wild, malware analysts typically rely on analysis tools to extract characteristic information about an app in an automated fashion. While the importance of such tools has been addressed by the research community, the resulting prototypes remain limited in terms of analysis capabilities and availability. In this paper we present ANDRUBIS, a fully automated, publicly available and comprehensive analysis system for Android apps. ANDRUBIS combines static analysis with dynamic analysis on both Dalvik VM and system level, as well as several stimulation techniques to increase code coverage. With ANDRUBIS, we collected a dataset of over 1,000,000 Android apps, including 40 % malicious apps. This dataset allows us to discuss trends in malware behavior observed from apps dating back as far as 2010, as well as to present insights gained from operating ANDRUBIS as a publicly available service for the past two years. I.
Oorschot. Baton: Key Agility for Android without a Centralized Certificate Infrastructure
, 2013
"... Android’s trust-on-first-use application signing model asso-ciates developers with a fixed signing key, but lacks a mecha-nism to transparently update the key or renew their signing certificate. As an advantage, this feature allows applica-tion updates to be recognized as authorized by a party with ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
Android’s trust-on-first-use application signing model asso-ciates developers with a fixed signing key, but lacks a mecha-nism to transparently update the key or renew their signing certificate. As an advantage, this feature allows applica-tion updates to be recognized as authorized by a party with access to the original signing key. Changing keys or cer-tificates requires that end-users manually uninstall/reinstall apps, losing all non-backed up user data. In this paper, we show that with appropriate OS support, developers can securely and without user intervention transfer signing au-thority to a new signing key. Our proposal, Baton, modifies Android’s app installation framework enabling key agility while preserving backwards compatibility with current apps and current Android releases. Baton is designed to work consistently with current UID sharing and signature permis-sion requirements. We discuss the technical changes made to Android, and remaining open issues such as key loss and signing authority revocation on Android.
CHARACTERIZING ANDROID PERMISSIONS AND ANALYZING THEIR PRIVACY-INTRUSION
, 2014
"... Characterizing Android permissions and analyzing their privacy-intrusion ..."
(Show Context)
Nishika et.al / International Journal on Computer Science and Engineering (IJCSE) Cryptography on Android Message Applications – A Review
"... Abstract — Short Message Service (SMS) is a text messaging service component of phone, web, or mobile communication systems, using standardized communications protocols that allow the exchange of short text messages between fixed line or mobile phone devices. Security of SMS’s is still an open chall ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract — Short Message Service (SMS) is a text messaging service component of phone, web, or mobile communication systems, using standardized communications protocols that allow the exchange of short text messages between fixed line or mobile phone devices. Security of SMS’s is still an open challenging task. Various Cryptographic algorithms have been applied to secure the mobile SMS. The success of any cryptography technique depends on various factors like complexity, time, memory requirement, cost etc. In this paper we survey the most common and widely used SMS Encryption techniques. Each has its own advantages and disadvantages. Recent trends on Cryptography on android message applications have also been discussed. The latest cryptographic algorithm is based on lookup table and dynamic key which is easy to implement and to use and improve the efficiency. In this paper, an improvement in lookup table and dynamic algorithm is proposed. Rather than using the Static Lookup Table, Dynamic Lookup Table may be used which will improve the overall efficiency. Keywords- SMS, AES, DES, Blowfish, RSA, 3DES, LZW. I.
CMU-CyLab-13-003
, 2013
"... Smartphones have unprecedented access to sensitive personal information. While users report having privacy concerns, they may not actively consider privacy while downloading apps from smartphone application marketplaces. Currently, Android users have only the Android permissions display, which appea ..."
Abstract
- Add to MetaCart
(Show Context)
Smartphones have unprecedented access to sensitive personal information. While users report having privacy concerns, they may not actively consider privacy while downloading apps from smartphone application marketplaces. Currently, Android users have only the Android permissions display, which appears after they have selected an app to download, to help them understand how applications access their information. We investigate how permissions and privacy could play a more active role in app-selection decisions. We designed a short “Privacy Facts ” display, which we tested in a 20-participant lab study and a 366-participant online experiment. We found that by bringing privacy information to the user when they were making the decision and by presenting it in a clearer fashion, we could assist users in choosing applications that request fewer permissions.
The Company You Keep: Mobile Malware Infection Rates and Inexpensive Risk Indicators
"... There is little information from independent sources in the public domain about mobile malware infection rates. The only previous independent estimate (0.0009%) [11], was based on indirect measurements obtained from domain-name reso-lution traces. In this paper, we present the first independent stud ..."
Abstract
- Add to MetaCart
(Show Context)
There is little information from independent sources in the public domain about mobile malware infection rates. The only previous independent estimate (0.0009%) [11], was based on indirect measurements obtained from domain-name reso-lution traces. In this paper, we present the first independent study of malware infection rates and associated risk factors using data collected directly from over 55,000 Android de-vices. We find that the malware infection rates in Android devices estimated using two malware datasets (0.28 % and 0.26%), though small, are significantly higher than the pre-vious independent estimate. Based on the hypothesis that some application stores have a greater density of malicious applications and that adver-tising within applications and cross-promotional deals may
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING 1 Process Authentication for High System Assurance
"... Abstract—This paper points out the need in modern operating system kernels for a process authentication mechanism, where a process of a user-level application proves its identity to the kernel. Process authentication is different from process identification. Identification is a way to describe a pri ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—This paper points out the need in modern operating system kernels for a process authentication mechanism, where a process of a user-level application proves its identity to the kernel. Process authentication is different from process identification. Identification is a way to describe a principal; PIDs or process names are identifiers for processes in an OS environment. However, the information such as process names or executable paths that is conventionally used by OS to identify a process is not reliable. As a result, malware may impersonate other processes, thus violating system assurance. We propose a lightweight secure application authentication framework in which user-level applications are required to present proofs at run time to be authenticated to the kernel. To demonstrate the application of process authentication, we develop a system call monitoring framework for preventing unauthorized use or access of system resources. It verifies the identity of processes before completing the requested system calls. We implement and evaluate a prototype of our monitoring architecture in Linux. The results from our extensive performance evaluation shows that our prototype incurs reasonably low overhead, indicating the feasibility of our approach for cryptographically authenticating applications and their processes in the operating system. Index Terms—Operating system security, process authentication, secret application credential, system call monitoring F
MARVIN: Efficient and Comprehensive Mobile App Classification Through Static and Dynamic Analysis
"... Abstract—Android dominates the smartphone operating sys-tem market and consequently has attracted the attention of malware authors and researchers alike. Despite the consider-able number of proposed malware analysis systems, compre-hensive and practical malware analysis solutions are scarce and ofte ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—Android dominates the smartphone operating sys-tem market and consequently has attracted the attention of malware authors and researchers alike. Despite the consider-able number of proposed malware analysis systems, compre-hensive and practical malware analysis solutions are scarce and often short-lived. Systems relying on static analysis alone struggle with increasingly popular obfuscation and dynamic code loading techniques, while purely dynamic analysis systems are prone to analysis evasion. We present MARVIN, a system that combines static with dynamic analysis and which leverages machine learning tech-niques to assess the risk associated with unknown Android apps in the form of a malice score. MARVIN performs static and dynamic analysis, both off-device, to represent properties and behavioral aspects of an app through a rich and comprehensive feature set. In our evaluation on the largest Android malware classification data set to date, comprised of over 135,000 Android apps and 15,000 malware samples, MARVIN correctly classifies 98.24 % of malicious apps with less than 0.04 % false positives. We further estimate the necessary retraining interval to maintain the detection performance and demonstrate the long-term practicality of our approach. Keywords-mobile security; malware analysis; classification I.
Android Permissions Remystified: A Field Study on Contextual Integrity
"... We instrumented the Android platform to collect data re-garding how often and under what circumstances smart-phone applications access protected resources regulated by permissions. We performed a 36-person field study to explore the notion of “contextual integrity, ” i.e., how often applications acc ..."
Abstract
- Add to MetaCart
We instrumented the Android platform to collect data re-garding how often and under what circumstances smart-phone applications access protected resources regulated by permissions. We performed a 36-person field study to explore the notion of “contextual integrity, ” i.e., how often applications access protected resources when users are not expecting it. Based on our collection of 27M data points and exit interviews with participants, we exam-ine the situations in which users would like the ability to deny applications access to protected resources. At least 80 % of our participants would have preferred to prevent at least one permission request, and overall, they stated a desire to block over a third of all requests. Our findings pave the way for future systems to automatically deter-mine the situations in which users would want to be con-fronted with security decisions. 1