Demystifying Hidden Sensitive Operations in Android apps

Sun, Xiaoyu; Chen, Xiao; Li, Li; Cai, Haipeng; Grundy, John; Samhi, Jordan; Bissyande, Tegawendé François D Assise; Klein, Jacques

doi:10.1145/3574158

Download

Article (Scientific journals)

Demystifying Hidden Sensitive Operations in Android apps

Sun, Xiaoyu; Chen, Xiao; Li, Li et al.

2022 • In ACM Transactions on Software Engineering and Methodology

Peer Reviewed verified by ORBi

Permalink
https://hdl.handle.net/10993/54303

DOI
10.1145/3574158

Files Send to Details Statistics Bibliography Similar publications

Files

Full Text

tosem-Xiaoyu.pdf

Publisher postprint (606.39 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink Twitter Linkedin

Details

Disciplines :

Computer science

Author, co-author :

Sun, Xiaoyu; Monash University

Chen, Xiao; Monash University

Li, Li; Monash University

Cai, Haipeng; Washington State University

Grundy, John; Monash University

Samhi, Jordan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

Bissyande, Tegawendé François D Assise ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

Klein, Jacques ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

External co-authors :

yes

Language :

English

Title :

Demystifying Hidden Sensitive Operations in Android apps

Publication date :

December 2022

Journal title :

ACM Transactions on Software Engineering and Methodology

ISSN :

1049-331X

Publisher :

Association for Computing Machinery (ACM), United States

Peer reviewed :

Peer Reviewed verified by ORBi

Focus Area :

Security, Reliability and Trust

Name of the research project :

sparta

Funders :

FNR - Fonds National de la Recherche [LU]
CE - Commission Européenne [BE]

Available on ORBilu :

since 31 January 2023

Statistics

Number of views

28 (3 by Unilu)

Number of downloads

47 (1 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

WoS citations^™

Bibliography

2022. Android Security: Adding Tampering Detection to Your App. Retrieved November 20, 2021 from https://www. airpair.com/android/posts/adding-tampering-detection-to-your-android-app#4-1-emulator. Accessed December 27, 2022.
2022. Android.hehe: Malware Now Disconnects Phone Calls. Retrieved November 20, 2021 from https://www. fireeye.com/blog/threat-research/2014/01/android-hehemalware-now-disconnects-phone-calls.html. Accessed December 27, 2022.
2022. FlowDroid Development Branch. Retrieved October 14, 2021 from https://github.com/secure-softwareengineering/ FlowDroid/tree/develop. Accessed December 27, 2022.
2022. Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get in. Retrieved November 20, 2021 from http://en.hackdig.com/07/26261.htm. Accessed December 27, 2022.
2022. HiSenDroid. https://bitbucket.org/se_anonymous/workspace/projects/HIS. Accessed December 27, 2022.
2022. Virusshare. http://virusshare.com/. Accessed December 27, 2022.
Yousra Aafer, Guanhong Tao, Jianjun Huang, Xiangyu Zhang, and Ninghui Li. 2018. Precise android api protection mapping derivation and reasoning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 1151-1164.
Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein, and Yves Le Traon. 2016. Androzoo: Collecting millions of android apps for the research community. In Proceedings of the 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories. IEEE, 468-471.
William Stofega Anthony Scarsella. 2022. Worldwide Smartphone Market Shares. https://www.idc.com/getdoc.jsp? containerId=US48435122&pageType=PRINTFRIENDLY. Accessed December 27, 2022.
Simone Aonzo, Gabriel Claudiu Georgiu, Luca Verderame, and Alessio Merlo. 2020. Obfuscapk: An open-source blackbox obfuscation tool for Android apps. SoftwareX 11 (2020), 100403.
Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon, Konrad Rieck, and CERT Siemens. 2014. Drebin: Effective and explainable detection of android malware in your pocket. In Proceedings of the Ndss. 23-26.
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. Acm Sigplan Notices 49, 6 (2014), 259-269.
KathyWain Yee Au, Yi Fan Zhou, Zhen Huang, and David Lie. 2012. Pscout: Analyzing the android permission specification. In Proceedings of the 2012 ACM Conference on Computer and Communications Security. 217-228.
Michael Backes, Sven Bugiel, Erik Derr, Patrick McDaniel, Damien Octeau, and SebastianWeisgerber. 2016. On demystifying the android application framework: {Re-Visiting} Android permission specification analysis. In Proceedings of the 25th USENIX Security Symposium. 1101-1118.
Davide Balzarotti, Marco Cova, Christoph Karlberger, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. 2010. Efficient detection of split personalities in malware. In Proceedings of the NDSS. Citeseer.
David Brumley, Cody Hartwig, Zhenkai Liang, James Newsome, Dawn Song, and Heng Yin. 2008. Automatically identifying trigger-based behavior in malware. In Proceedings of the Botnet Detection. Springer, 65-88.
Xu Chen, Jon Andersen, Z. Morley Mao, Michael Bailey, and Jose Nazario. 2008. Towards an understanding of antivirtualization and anti-debugging behavior in modern malware. In Proceedings of the 2008 IEEE International Conference on Dependable Systems and Networks with FTCS and DCC. IEEE, 177-186.
Valerio Costamagna, Cong Zheng, and Heqing Huang. 2018. Identifying and evading Android sandbox through usageprofile based fingerprints. In Proceedings of the 1st Workshop on Radical and Experiential Security. 17-23.
Marco Cova, Christopher Kruegel, and Giovanni Vigna. 2010. Detection and analysis of drive-by-download attacks and malicious JavaScript code. In Proceedings of the 19th International Conference on World Wide Web. 281-290.
Jedidiah R. Crandall, Gary Wassermann, Daniela A. S. de Oliveira, Zhendong Su, S. Felix Wu, and Frederic T. Chong. 2006. Temporal search: Detecting hidden malware timebombs with virtual machines. ACM SIGOPS Operating Systems Review 40, 5 (2006), 25-36.
Wenrui Diao, Xiangyu Liu, Zhou Li, and Kehuan Zhang. 2016. Evading android runtime analysis through detecting programmed interactions. In Proceedings of the 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks. 159-164.
Feng Dong, Haoyu Wang, Li Li, Yao Guo, Tegawendé F. Bissyandé, Tianming Liu, Guoai Xu, and Jacques Klein. 2018. Frauddroid: Automated ad fraud detection for android apps. In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 257-268.
Feng Dong, Haoyu Wang, Li Li, Yao Guo, Guoai Xu, and Shaodong Zhang. 2018. How do mobile apps violate the behavioral policy of advertisement libraries?. In Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications. 75-80.
Shuaike Dong, Menghao Li, Wenrui Diao, Xiangyu Liu, Jian Liu, Zhou Li, Fenghao Xu, Kai Chen, Xiaofeng Wang, and Kehuan Zhang. 2018. Understanding android obfuscation techniques: A large-scale investigation in the wild. In Proceedings of the International Conference on Security and Privacy in Communication Systems. Springer, 172-192.
Manuel Egele, Theodoor Scholte, Engin Kirda, and Christopher Kruegel. 2008. A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys 44, 2 (2008), 1-42.
Michael P. Fay and Michael A. Proschan. 2010. Wilcoxon-mann-whitney or t-test? On assumptions for hypothesis tests and multiple interpretations of decision rules. Statistics Surveys 4 (2010), 1.
Yanick Fratantonio, Antonio Bianchi, William Robertson, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. 2016. Triggerscope: Towards detecting logic bombs in android applications. In Proceedings of the 2016 IEEE Symposium on Security and Privacy. IEEE, 377-396.
Jun Gao, Li Li, Pingfan Kong, Tegawendé F. Bissyandé, and Jacques Klein. 2020. Borrowing your enemy's arrows: The case of code reuse in Android via direct inter-app code invocation. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering.
Leonid Glanz, Patrick Müller, Lars Baumgärtner, Michael Reif, Sven Amann, Pauline Anthonysamy, and Mira Mezini. 2020. Hidden in plain sight: Obfuscated strings threatening your privacy. In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security. 694-707.
Michael I. Gordon, Deokhwan Kim, Jeff H. Perkins, Limei Gilham, Nguyen Nguyen, and Martin C. Rinard. 2015. Information flow analysis of android applications in droidsafe. In Proceedings of the NDSS. 110.
Yiming Jing, Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu. 2014. Morpheus: Automatically generating heuristics to detect android emulators. In Proceedings of the 30th Annual Computer Security Applications Conference. 216-225.
Dhilung Kirat and Giovanni Vigna. 2015. Malgene: Automatic extraction of malware analysis evasion signature. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 769-780.
Dhilung Kirat, Giovanni Vigna, and Christopher Kruegel. 2014. Barecloud: Bare-metal analysis-based evasivemalware detection. In Proceedings of the 23rd {USENIX} Security Symposium. 287-301.
Pingfan Kong, Li Li, Jun Gao, Kui Liu, Tegawendé F. Bissyandé, and Jacques Klein. 2018. Automated testing of Android apps: A systematic literature review. IEEE Transactions on Reliability 68, 1 (2018), 45-66.
Patrick Lam, Eric Bodden, Ondrej Lhoták, and Laurie Hendren. 2011. The soot framework for Java program analysis: A retrospective. In Proceedings of the Cetus Users and Compiler Infastructure Workshop. 35.
Chaoran Li, Xiao Chen, Ruoxi Sun, Jason Xue, ShengWen, Muhammad Ejaz Ahmed, Seyit Camtepe, and Yang Xiang. 2022. Cross-language android permission specification. In Proceedings of the 30th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering.
Li Li, Kevin Allix, Daoyuan Li, Alexandre Bartel, Tegawendé F. Bissyandé, and Jacques Klein. 2015. Potential component leaks in Android apps: An investigation into a new feature set for malware detection. In Proceedings of the 2015 IEEE International Conference on Software Quality, Reliability, and Security. IEEE, 195-200.
Li Li, Alexandre Bartel, Tegawendé F. Bissyandé, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick Mcdaniel. 2015. IccTA: Detecting inter-component privacy leaks in Android apps. In Proceedings of the 37th International Conference on Software Engineering.
Li Li, Tegawendé F. Bissyandé, and Jacques Klein. 2019. Rebooting research on detecting repackaged android apps: Literature review and benchmark. IEEE Transactions on Software Engineering 47, 4 (2019), 676-693.
Li Li, Tegawendé F. Bissyandé, Damien Octeau, and Jacques Klein. 2016. Droidra: Taming reflection to support wholeprogram analysis of android apps. In Proceedings of the 25th International Symposium on Software Testing and Analysis. 318-329.
Li Li, Tegawendé F. Bissyandé, Mike Papadakis, Siegfried Rasthofer, Alexandre Bartel, Damien Octeau, Jacques Klein, and Yves Le Traon. 2017. Static analysis of Android apps: A systematic literature review. Information and Software Technology 88 (2017), 67-95.
Li Li, Tegawendé F. Bissyandé, Haoyu Wang, and Jacques Klein. 2018. Cid: Automating the detection of api-related compatibility issues in android apps. In Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis. 153-163.
Li Li, Daoyuan Li, Tegawendé F. Bissyandé, Jacques Klein, Yves Le Traon, David Lo, and Lorenzo Cavallaro. 2017. Understanding Android app piggybacking: A systematic study of malicious code grafting. IEEE Transactions on Information Forensics and Security 12, 6 (2017), 1269-1284.
Martina Lindorfer, Clemens Kolbitsch, and Paolo Milani Comparetti. 2011. Detecting environment-sensitive malware. In Proceedings of the International Workshop on Recent Advances in Intrusion Detection. Springer, 338-357.
Pei Liu, Li Li, Yanjie Zhao, Xiaoyu Sun, and John Grundy. 2020. Androzooopen: Collecting large-scale open source android apps for the research community. In Proceedings of the 17th International Conference on Mining Software Repositories. 548-552.
Tianming Liu, Haoyu Wang, Li Li, Xiapu Luo, Feng Dong, Yao Guo, Liu Wang, Tegawendé F. Bissyandé, and Jacques Klein. 2020. MadDroid: Characterising and detecting devious Ad content for android apps. In Proceedings of the Web Conference 2020.
Yonghui Liu, Li Li, Pingfan Kong, Xiaoyu Sun, and Tegawendé F. Bissyandé. 2021. A first look at security risks of Android TV apps. In Proceedings of the 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops. IEEE, 59-64.
Yue Liu, Chakkrit Tantithamthavorn, Li Li, and Yepang Liu. 2022. Deep learning for android malware defenses: A systematic literature review. arXiv preprint arXiv:2103.05292. (2021).
Yue Liu, Chakkrit Tantithamthavorn, Li Li, and Yepang Liu. 2021. Deep learning for android malware defenses: A systematic literature review. arXiv preprint arXiv:2103.05292. (2021).
Yue Liu, Chakkrit Tantithamthavorn, Li Li, and Yepang Liu. 2022. Explainable AI for android malware detection: Towards understanding why the models perform so well?. In Proceedings of the 33rd IEEE International Symposium on Software Reliability Engineering.
Benjamin Livshits, Manu Sridharan, Yannis Smaragdakis, Ondej Lhoták, J. Nelson Amaral, Bor-Yuh Evan Chang, Samuel Z. Guyer, Uday P. Khedker, Anders Møller, and Dimitrios Vardoulakis. 2015. In defense of soundiness: A manifesto. Communications of the ACM 58, 2 (2015), 44-46.
Enrico Mariconti, Lucky Onwuzurike, Panagiotis Andriotis, Emiliano De Cristofaro, Gordon Ross, and Gianluca Stringhini. 2016. Mamadroid: Detecting android malware by building markov chains of behavioral models. arXiv preprint arXiv:1612.04433. (2016).
Andreas Moser, Christopher Kruegel, and Engin Kirda. 2007. Limits of static analysis for malware detection. In Proceedings of the 23rd Annual Computer Security Applications Conference. IEEE, 421-430.
Ravshanbek Norboev, Zakia Hossain, Lannan Luo, and Qiang Zeng. 2017. On the Robustness of Stochastic Stealthy Network against Android App Repackaging. Technical Report. Temple University.
Jon Oberheide and Charlie Miller. 2012. Dissecting the android bouncer. SummerCon2012, New York 95 (2012), 110.
Damien Octeau, Daniel Luchaup, Matthew Dering, Somesh Jha, and Patrick McDaniel. 2015. Composite constant propagation: Application to android inter-component communication analysis. In Proceedings of the 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering. IEEE, 77-88.
Xiaorui Pan, Xueqiang Wang, Yue Duan, XiaoFeng Wang, and Heng Yin. 2017. Dark hazard: Learning-based, largescale discovery of hidden sensitive operations in android apps. In Proceedings of the NDSS.
Dorottya Papp, Thorsten Tarrach, and Levente Buttyán. 2019. Towards detecting trigger-based behavior in binaries: Uncovering the correct environment. In Proceedings of the International Conference on Software Engineering and Formal Methods. Springer, 491-509.
Thanasis Petsas, Giannis Voyatzis, Elias Athanasopoulos, Michalis Polychronakis, and Sotiris Ioannidis. 2014. Rage against the virtual machine: Hindering dynamic analysis of android malware. In Proceedings of the 7th European Workshop on System Security. 1-6.
Lina Qiu, Yingying Wang, and Julia Rubin. 2018. Analyzing the analyzers: FlowDroid/IccTA, AmanDroid, and Droid-Safe. In Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis. Association for Computing Machinery, 176-186. DOI:https://doi.org/10.1145/3213846.3213873
Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, and Eric Bodden. 2016. Harvesting runtime values in android applications that feature anti-analysis techniques. In Proceedings of the NDSS.
Siegfried Rasthofer, Steven Arzt, Stefan Triller, and Michael Pradel. 2017. Making malory behave maliciously: Targeted fuzzing of android execution environments. In Proceedings of the 2017 IEEE/ACM 39th International Conference on Software Engineering. IEEE, 300-311.
Jordan Samhi and Alexandre Bartel. 2021. On the (In) effectiveness of static logic bomb detector for android apps. arXiv preprint arXiv:2108.10381. (2021).
Jordan Samhi, Jun Gao, Nadia Daoudi, Pierre Graux, Henri Hoyez, Xiaoyu Sun, Kevin Allix, Tegawendé F. Bissyandé, and Jacques Klein. 2022. JuCify: A step towards Android code unification for enhanced static analysis. In Proceedings of the 44th International Conference on Software Engineering. 1232-1244.
Xiaoyu Sun, Xiao Chen, Kui Liu, Sheng Wen, Li Li, and John Grundy. 2021. Characterizing sensor leaks in android apps. In Proceedings of the 2021 IEEE 32nd International Symposium on Software Reliability Engineering. IEEE, 498-509.
Xiaoyu Sun, Xiao Chen, Yanjie Zhao, Pei Liu, John Grundy, and Li Li. 2022. Mining Android API usage to generate unit test cases for pinpointing compatibility issues. arXiv preprint arXiv:2208.13417. (2022).
Xiaoyu Sun, Li Li, Tegawendé F. Bissyandé, Jacques Klein, Damien Octeau, and John Grundy. 2021. Taming reflection: An essential step toward whole-program analysis of Android apps. ACM Transactions on Software Engineering and Methodology 30, 3 (2021), 1-36.
Timothy Vidas and Nicolas Christin. 2014. Evading android runtime analysis via sandbox detection. In Proceedings of the 9th ACM Symposium on Information, Computer, and Communications Security. 447-458.
XiaoleiWang, Sencun Zhu, Dehua Zhou, and Yuexiang Yang. 2017. Droid-AntiRM: Taming control flow anti-analysis to support automated dynamic analysis of android malware. In Proceedings of the 33rd Annual Computer Security Applications Conference. 350-361.
Fengguo Wei, Sankardas Roy, and Xinming Ou. 2014. Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 1329-1341.
Guosheng Xu, Yangyu Hu, Qian Guo, Ren He, Li Li, Guoai Xu, Zhihui Han, and Haoyu Wang. 2020. Dissecting mobile offerwall advertisements: An explorative study. In Proceedings of the 2020 IEEE 20th International Conference on Software Quality, Reliability, and Security. 518-526. DOI:https://doi.org/10.1109/QRS51102.2020.00072
Guosheng Xu, Siyi Li, Hao Zhou, Shucen Liu, Yutian Tang, Li Li, Xiapu Luo, Xusheng Xiao, Guoai Xu, and Haoyu Wang. 2022. Lie to me: Abusing the mobile content sharing service for fun and profit. In Proceedings of the ACM Web Conference 2022. 3327-3335.
Qiang Zeng, Lannan Luo, Zhiyun Qian, Xiaojiang Du, and Zhoujun Li. 2018. Resilient decentralized android application repackaging detection using logic bombs. In Proceedings of the 2018 International Symposium on Code Generation and Optimization. 50-61.
Yanjie Zhao, Li Li, Haoyu Wang, Haipeng Cai, Tegawende Bissyande, Jacques Klein, and John Grundy. 2021. On the impact of sample duplication in machine learning based Android malware detection. ACM Transactions on Software Engineering and Methodology (TOSEM) 30, 3 (2021), 1-38.
Cong Zheng, Shixiong Zhu, Shuaifu Dai, Guofei Gu, Xiaorui Gong, Xinhui Han, and Wei Zou. 2012. Smartdroid: An automatic system for revealing ui-based trigger conditions in android applications. In Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. 93-104.