[en] The Android packaging model offers adequate opportunities for attackers to inject malicious code into popular benign apps, attempting to develop new malicious apps that can then be easily spread to a large user base. Despite the fact that the literature has already presented a number of tools to detect piggybacked apps, there is still lacking a comprehensive investigation on the piggybacking processes. To fill this gap, in this work, we collect a large set of benign/piggybacked app pairs that can be taken as benchmark apps for further investigation. We manually look into these benchmark pairs for understanding the characteristics of piggybacking apps and eventually we report 20 interesting findings. We expect these findings to initiate new research directions such as practical and scalable piggybacked app detection, explainable malware detection, and malicious code location.
Centre de recherche :
SnT
Disciplines :
Sciences informatiques
Auteur, co-auteur :
LI, Li ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
LI, Daoyuan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
KLEIN, Jacques ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC)
LE TRAON, Yves ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Lo, David; Singapore Management University
Cavallaro, Lorenzo; Royal Holloway, University of London
Co-auteurs externes :
yes
Langue du document :
Anglais
Titre :
Understanding Android App Piggybacking
Date de publication/diffusion :
mai 2017
Nom de la manifestation :
The 39th International Conference on Software Engineering
