A First Look at Security Risks of Android TV Apps

Liu, Yonhui; Li, Li; KONG, Pingfan; Sun, Xiaoyu; BISSYANDE, Tegawendé François D Assise

Télécharger

Communication publiée dans un ouvrage (Colloques, congrès, conférences scientifiques et actes)

A First Look at Security Risks of Android TV Apps

Liu, Yonhui; Li, Li; KONG, Pingfan et al.

2021 • In A First Look at Security Risks of Android TV Apps

Peer reviewed

Permalien
https://hdl.handle.net/10993/49671

Documents (1)Envoyer vers Détails Statistiques Bibliographie Publications similaires

Documents

Texte intégral

AndroidTVApps-postprint.pdf

Postprint Éditeur (1 MB)

Télécharger

Tous les documents dans ORBilu sont protégés par une licence d'utilisation.

Envoyer vers

RIS BibTex APA Chicago Permalink X Linkedin

Détails

Mots-clés :

Android; TV Apps; Security Risks

Résumé :

[en] In this paper, we present to the community the first preliminary study on the security risks of Android TV apps. To the best of our knowledge, despite the fact that various efforts have been put into analyzing Android apps, our community has not explored TV versions of Android apps. There is hence no publicly available dataset containing Android TV apps. To this end, We start by collecting a large set of Android TV apps from the official Google Play store. We then experimentally look at those apps from four security aspects: VirusTotal scans, requested permissions, security flaws, and privacy leaks. Our experimental results reveal that, similar to that of Android smartphone apps, Android TV apps can also come with different security issues. We hence argue that our community should pay more attention to analyze Android TV apps.

Disciplines :

Sciences informatiques

Auteur, co-auteur :

Liu, Yonhui; Monash University

Li, Li; Monash University

KONG, Pingfan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

Sun, Xiaoyu; Monash University

BISSYANDE, Tegawendé François D Assise ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

Co-auteurs externes :

yes

Langue du document :

Anglais

Titre :

A First Look at Security Risks of Android TV Apps

Date de publication/diffusion :

15 novembre 2021

Nom de la manifestation :

The 4th International Workshop on Advances in Mobile App Analysis (A-Mobile)

Date de la manifestation :

15-11-2021

Manifestation à portée :

International

Titre de l'ouvrage principal :

A First Look at Security Risks of Android TV Apps

Peer reviewed :

Peer reviewed

Focus Area :

Computational Sciences

Intitulé du projet de recherche :

Discovery Early Career Researcher Award Project DE200100016

Organisme subsidiant :

ARC - Australian Research Council

Disponible sur ORBilu :

depuis le 15 janvier 2022

Statistiques

Nombre de vues

236 (dont 3 Unilu)

Nombre de téléchargements

577 (dont 4 Unilu)

Voir plus de statistiques

citations Scopus^®

citations Scopus^®
sans auto-citations

Bibliographie

Number of smart TV users in the United States from 2016 to 2022 (in millions)∗, 2021. [online]. Available: https://www.statista. com/statistics/718737/number-of-smart-tv-users-in-the-us/
Y. Aafer, W. You, Y. Sun, Y. Shi, X. Zhang, and H. Yin, "Android smarttvs vulnerability discovery via log-guided fuzzing," in USENIX Security, 2021.
First Look at Security Risks of Android TV Apps, 2021. [online]. Available: https://github.com/DannyGooo/Android-TV-apps-found-in-Google-Play-Store
L. Li, J. Gao, M. Hurier, P. Kong, T. F. Bissyandé, A. Bartel, J. Klein, and Y. Le Traon, "Androzoo++: Collecting millions of android apps and their metadata for the research community," arXiv preprint arXiv:1709.05281, 2017.
VirusTotal API v3 Overview, 2021. [online]. Available: https://developers.virustotal.com/v3.0/reference
AAPT2, 2021. [online]. Available: https://developer.android.com/studio/command-line/aapt2
Android Developer Guide, 2021. [online]. Available: https://developer. android.com/reference/android/Manifest.permission
Y. Hu, H. Wang, L. Li, Y. Guo, G. Xu, and R. He, "Want to earn a few extra bucks? a first look at money-making apps," in 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER). ieee, 2019, pp. 332-343.
L. Li, D. Li, T. F. Bissyandé, J. Klein, Y. Le Traon, D. Lo, and L. Cavallaro, "Understanding android app piggybacking: a systematic study of malicious code grafting," TIFS, 2017.
L. Li, T. F. Bissyandé, and J. Klein, "Rebooting research on detecting repackaged android apps: Literature review and benchmark," IEEE Transactions on Software Engineering (TSE), 2019.
"Androbugs, open source repository," 2021. [online]. Available: https://github.com/AndroBugs/AndroBugs Framework
Y.-C. Lin, "Androbugs framework: An android application security vulnerability scanner," Blackhat Europe, vol. 2015, 2015.
Security SSL, 2021. [online]. Available: https://developer.android.com/training/articles/security-ssl
Y. Desmedt, "Man-in-the-middle attack," in Encyclopedia of cryptography and security. Springer, 2011, pp. 759-759.
D. R. Thomas, A. R. Beresford, T. Coudray, T. Sutcliffe, and A. Taylor, "The lifetime of android api vulnerabilities: case study on the javascript-to-java interface," in Cambridge International Workshop on Security Protocols. Springer, 2015, pp. 126-138.
C. W. Enumeration, "Use of implicit intent for sensitive communication," 2017.
S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel, "Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps," Acm Sigplan Notices, vol. 49, no. 6, pp. 259-269, 2014.
SuSi, 2021. [online]. Available: https://github.com/secure-software-engineering/SuSi/tree/develop/SourceSinkLists/Android%204.2/SourcesSinks
Y. Hu, H. Wang, R. He, L. Li, G. Tyson, I. Castro, Y. Guo, L. Wu, and G. Xu, "Mobile app squatting," in Proceedings of The Web Conference 2020, 2020, pp. 1727-1738.
L. Li, T. Bissyandé, and J. Klein, "Moonlightbox: Mining android api histories for uncovering release-time inconsistencies," in ISSRE. IEEE, 2018, pp. 212-223.
H. Wang, Z. Liu, J. Liang, N. Vallina-Rodriguez, Y. Guo, L. Li, J. Tapiador, J. Cao, and G. Xu, "Beyond google play: A large-scale comparative study of chinese android app markets," in Proceedings of the Internet Measurement Conference 2018, 2018, pp. 293-307.
X. Chen, W. Chen, K. Liu, C. Chen, and L. Li, "A comparative study of smartphone and smartwatch apps," in Proceedings of the 36th Annual ACM Symposium on Applied Computing, 2021, pp. 1484-1493.
P. Kong, L. Li, J. Gao, K. Liu, T. F. Bissyandé, and J. Klein, "Automated testing of android apps: A systematic literature review," IEEE Transactions on Reliability, vol. 68, no. 1, pp. 45-66, 2019.
L. Li, T. F. Bissyandé, M. Papadakis, S. Rasthofer, A. Bartel, D. Octeau, J. Klein, and L. Traon, "Static analysis of android apps: A systematic literature review," Information and Software Technology, vol. 88, pp. 67-95, 2017.
L. Li, A. Bartel, T. F. Bissyandé, J. Klein, Y. Le Traon, S. Arzt, S. Rasthofer, E. Bodden, D. Octeau, and P. McDaniel, "Iccta: Detecting inter-component privacy leaks in android apps," in 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, vol. 1, 2015, pp. 280-291.
X. Sun, L. Li, T. F. Bissyandé, J. Klein, D. Octeau, and J. Grundy, "Taming reflection: An essential step toward whole-program analysis of android apps," TOSEM, vol. 30, no. 3, pp. 1-36, 2021.
W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, "Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones," ACM Transactions on Computer Systems (TOCS), vol. 32, no. 2, pp. 1-29, 2014.
F. Dong, H. Wang, L. Li, Y. Guo, T. F. Bissyandé, T. Liu, G. Xu, and J. Klein, "Frauddroid: Automated ad fraud detection for android apps," in ESEC/FSE, 2018.
X. Chen, C. Li, D. Wang, S. Wen, J. Zhang, S. Nepal, Y. Xiang, and K. Ren, "Android hiv: A study of repackaging malware for evading machine-learning detection," TIFS, 2019.
Y. Liu, C. Tantithamthavorn, L. Li, and Y. Liu, "Deep learning for android malware defenses: a systematic literature review," arXiv preprint arXiv:2103.05292, 2021.
Y. Zhao, L. Li, H. Wang, H. Cai, T. F. Bissyandé, J. Klein, and J. Grundy, "On the impact of sample duplication in machine-learning-based android malware detection," TOSEM, vol. 30, no. 3, pp. 1-38, 2021.
X. Yang, D. Lo, L. Li, X. Xia, T. F. Bissyandé, and J. Klein, "Characterizing malicious android apps by mining topic-specific data flow signatures," Information and Software Technology, 2017.
L. Li, T. F. Bissyandé, J. Klein, and Y. Le Traon, "An investigation into the use of common libraries in android apps," in SANER, 2016.