6. Why Android is so popular?
● Open source
● Google support
● Free
● Linux based
● Java
● Rich SDK
● Strong third party
community ve support
○ Sony, Motorola, HTC, Samsung
9. Malware Types
● Backdoor
○ Access to a computer system that
bypasses security mechanisms
● Exploit
○ Modifications on operating system
○ User interface modifications
● Spyware
○ Unauthorized advertising
○ Private data collection, transmission
○ Unauthorized operations (SMS, calls)
10. Android Security Mechanism
● Permission based
○ Accept / Reject
● Public, indefensible market
○ Everyone can upload any
application
● Passive protection - feedback based
○ Applications are removed through
negative feedbacks
11. User Profiles
42%
Unaware about
permissions
83%
do not interest in
permissions
Source: Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: User
Attention, Comprehension, and Behavior. Proceedings of the Eighth Symposium on Usable Privacy and
Security - SOUPS ’12. p. 1 (2012).
12. Static Analysis Approach
● Inspection of APK files using reverse
engineering
● Manifest file
○ Permissions
○ Activities
○ Services
○ Receives
● API calls
● Source code inspection
18. Signature Based Analysis & Control
● Signature database
● Smartphone client
● Central server
● Learning based
● Classification
Bening Malware
19. Encrypted Data Communication
● All valuable data is encrypted and stored in
SQLite database; decrypted when it is
required.
● SMS
● Email
● Sensitive files
● Password
● Personal
information Pocatilu, 2011
20. System Comparisons
Ability MADAM DroidMat Julia
Manifest inspection Var Var Var
API call trace Var Var Var
Signature database Var Var Yok
Encrypted communication Yok Yok Yok
Machine learning Var Var Yok
21. References I
● Bicheno, S.: Android Captures Record 81 Percent Share of Global Smartphone Shipments in
Q3 2013, http://blogs.strategyanalytics.com/WSS/post/2013/10/31/Android-Captures-
Record-81-Percent-Share-of-Global-Smartphone-Shipments-in-Q3-2013.aspx.
● Rowinski, D.: Google Play Hits One Million Android Apps, http://readwrite.
com/2013/07/24/google-play-hits-one-million-android-apps.
● Cisco 2014 Annual Security Report, https://www.cisco.
com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf.
● Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild.
SPSM ’11 Proceedings
● Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, You, Get Off of My Market: Detecting Malicious
Apps in Official and Alternative Android Markets. Proceedings of the 19th Annual Network
and Distributed System Security Symposium (NDSS) (2012).
● Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: User
Attention, Comprehension, and Behavior. Proceedings of the Eighth Symposium on Usable
Privacy and Security - SOUPS ’12. p. 1 (2012).
● Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions.
Proceeding of the WebApps’11 Proceedings of the 2nd USENIX conference on Web
application development. p. 7. USENIX Association, Berkeley, CA, USA (2011).
● Enck, W., Ongtang, M., Mcdaniel, P.: On Lightweight Mobile Phone Application Certification.
ACM conference on Computer and communications security. pp. 235–245 (2009).
22. References II
● Android Architecture, http://www.tutorialspoint.
com/android/android_architecture.htm.
● Wu, D.-J., Mao, C.-H., Wei, T.-E., Lee, H.-M., Wu, K.-P.: DroidMat: Android
Malware Detection through Manifest and API Calls Tracing. 2012 Seventh
Asia Joint Conference on Information Security. pp. 62–69 (2012).
● Payet, É., Spoto, F.: Static analysis of Android programs, (2012).
● Guido, M., Ondricek, J., Grover, J., Wilburn, D., Nguyen, T., Hunt, A.:
Automated identification of installed malicious Android applications. Digital
Investigation (2013).
● Dini, G., Martinelli, F., Saracino, A., Sgandurra, D.: MADAM: A Multi-level
Anomaly Detector for Android Malware. In: Kotenko, I. and Skormin, V. (eds.)
Computer Network Security. pp. 240–253. Springer Berlin Heidelberg, Berlin,
Heidelberg (2012).
● Pocatilu, P.: Android applications security. Inform. Econ. 15, 163–171.
Retrieved from http://revistaie.ase.ro (2011).