nach oben

Erschienen in:

2016 | OriginalPaper | Buchkapitel

AndroPatchApp: Taming Rogue Ads in Android

verfasst von : Vasilis Tsiakos, Constantinos Patsakis

Erschienen in: Mobile, Secure, and Programmable Networking

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Mobile applications have drastically changed the way that we use our mobile devices. The different sensors that are embedded allow novel user interaction and make them context-aware. However, the operating system of most mobile devices allows limited user configuration; the user does not have full access, in order to make them more secure. Despite this measure, the overall security and privacy of users cannot be considered adequate. While there are many tools for “rooted” devices, the choices for “out of the stock” devices are not that many, and more importantly, they are not that effective.

To address these shortcomings, AndroPatchApp takes a different approach. Instead of installing monitoring and detection apps in the operating system, AndroPatchApp embeds some security and privacy controls before installation, by generating a “sanitized” version of the app.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel A Middleware to Allow Fine-Grained Access Control of Twitter Applications

Nächstes Kapitel Creating an Easy to Use and High Performance Parallel Platform on Multi-cores Networks

Hoffman-Andrews, J.: Verizon injecting perma-cookies to track mobile customers, bypassing privacy controls (2014). https://www.eff.org/deeplinks/2014/11/verizon-x-uidh

Mills, E.: Malware delivered by yahoo, fox, google ads (2010). http://www.cnet.com/news/malware-delivered-by-yahoo-fox-google-ads/

Thomas, K., Bursztein, E., Grier, C., Ho, G., Jagpal, N., Kapravelos, A., McCoy, D., Nappa, A., Paxson, V., Pearce, P., et al.: Ad injection at scale: assessing deceptive advertisement modifications. In: IEEE Symposium on Security and Privacy (SP), pp. 151–167. IEEE (2015)

Graham, R.: Extracting the superfish certificate (2015). http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html

Inc. 5000 2015: The full list (2016). http://www.inc.com/inc5000/list/2014/

Vigneri, L., Chandrashekar, J., Pefkianakis, I., Heen, O.: Taming the android appstore: lightweight characterization of android applications, CoRR abs/1504.06093

Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX Conference on Security, p. 21. USENIX Association (2011)

Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 346–360. Springer, Heidelberg (2011). doi:10.1007/978-3-642-18178-8_30 CrossRef

Orthacker, C., Teufl, P., Kraxberger, S., Lackner, G., Gissing, M., Marsalek, A., Leibetseder, J., Prevenhueber, O.: Android security permissions–can we trust them? In: Prasad, R., Farkas, K., Schmidt, A.U., Lioy, A., Russello, G., Luccio, F.L. (eds.) MobiSec 2011. LNICSSITE, vol. 94, pp. 40–51. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30244-2_4 CrossRef

10.

Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, p. 3. ACM (2012)

11.

Enck, W., Ongtang, M., McDaniel, P.: Understanding android security. IEEE Secur. Priv. 7(1), 50–57 (2009)CrossRef

12.

Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)

13.

Grace, M.C., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock android smartphones. In: NDSS (2012)

14.

Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., Vigna, G.: Execute this! analyzing unsafe, malicious dynamic code loading in android applications. In: 21st Annual Network and Distributed System Security Symposium, NDSS, San Diego, California, USA, 23–26 February. The Internet Society (2014)

15.

Zhauniarovich, Y.: Android security (and not) internals

16.

Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an android smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34638-5_6 CrossRef

17.

Balebako, R., Jung, J., Lu, W., Cranor, L.F., Nguyen, C.: Little brothers watching you: raising awareness of data leaks on smartphones. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, p. 12. ACM (2013)

18.

Stevens, R., Gibler, C., Crussell, J., Erickson, J., Chen, H.: Investigating user privacy in android ad libraries. In: Proceedings of the Workshop on Mobile Security Technologies (MoST) (2012)

19.

Grace, M.C., Zhou, W., Jiang, X., Sadeghi, A.-R.: Unsafe exposure analysis of mobile in-app. advertisements. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2012, pp. 101–112. ACM (2012)

20.

Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., Smith, M.: Why Eve and Mallory love android: an analysis of android SSL (in) security. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 50–61. ACM (2012)

21.

Conti, M., Dragoni, N., Gottardo, S.: MITHYS: mind the hand you shake-protecting mobile devices from SSL usage vulnerabilities. In: Accorsi, R., Ranise, S. (eds.) STM 2013. LNCS, vol. 8203, pp. 65–81. Springer, Heidelberg (2013). doi:10.1007/978-3-642-41098-7_5 CrossRef

22.

Hubbard, J., Weimer, K., Chen, Y.: A study of SSL proxy attacks on android, iOS mobile applications. In: IEEE 11th Consumer Communications and Networking Conference (CCNC), pp. 86–91. IEEE (2014)

23.

Book, T., Wallach, D.S.: A case of collusion: a study of the interface between ad libraries and their apps. In: Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 79–86. ACM (2013)

24.

Book, T., Pridgen, A., Wallach, D.S.: Longitudinal analysis of android ad library permissions, arXiv preprint arXiv:1303.0857

25.

Goodin, D.: Beware of ads that use inaudible sound to link your phone, tv, tablet, and pc (2015). http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/

26.

Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 291–307. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30921-2_17 CrossRef

27.

Pearce, P., Felt, A.P., Nunez, G., Wagner, D.: AdDroid: privilege separation for applications and advertisers in android. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, pp. 71–72. ACM (2012)

28.

Xposed module repository (2015). http://repo.xposed.info/module/biz.bokhorst.xprivacy

29.

Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)CrossRef

30.

Shekhar, S., Dietz, M., Wallach, D.S.: AdSplit: Separating smartphone advertising from applications. In: Presented as Part of the 21st USENIX Security Symposium (USENIX Security 12), pp. 553–567 (2012)

31.

Winsniewski, R.: Android-apktool: a tool for reverse engineering android apk files (2012). http://ibotpeaches.github.io/Apktool/

32.

Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., Wallach, D.S.: Quire: lightweight provenance for smart phone operating systems. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, p. 23. USENIX Association, Berkeley (2011)

Titel: AndroPatchApp: Taming Rogue Ads in Android
verfasst von: Vasilis Tsiakos
Constantinos Patsakis
Verlag: Springer International Publishing
Buch: Mobile, Secure, and Programmable Networking
Print ISBN: 978-3-319-50462-9

Electronic ISBN: 978-3-319-50463-6

Copyright-Jahr: 2016
DOI: https://doi.org/10.1007/978-3-319-50463-6_15

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"