Top

Published in:

2017 | OriginalPaper | Chapter

Reconstruction of Task Lists from Android Applications

Authors : Xingmin Cui, Ruiyi He, Lucas C. K. Hui, S. M. Yiu, Gang Zhou, Eric Ke Wang

Published in: Information Science and Applications 2017

Publisher: Springer Singapore

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The popularity of Android devices has made Android apps attractive targets for attackers. Some static checkers have been proposed to check whether an Android app is vulnerable to privacy leakage and other attacks. However, these checkers model the control flows in the app following the ICC events, ignoring the intrinsic purpose of users’ interaction with mobile devices. In fact, users carry out various tasks using mobile apps, e.g. online shopping. An Android task consists of one or more Activities, which are organized in the back stack of the task. By extracting the task lists among Activities in Android apps, we can capture all control flow transitions between them, including those bring by ICC events and back button events. We design and implement a system, which leverages the combination of static and dynamic analysis to extract the task lists. Our system can be used to detect task related attacks and help static checkers construct more complete call graphs.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter k-Depth Mimicry Attack to Secretly Embed Shellcode into PDF Files

next chapter Design and Evaluation of Chaotic Iterations Based Keyed Hash Function

Tasks and Back Stack. http://developer.android.com/guide/components/tasks-and-back-stack.html

Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and -aware taint analysis for android apps. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, p. 29. ACM (2014)

Carter, P., Mulliner, C., Lindorfer, M., Robertson, W., Kirda, E.: CuriousDroid: automated user interface interaction for android application analysis sandboxes. In: Financial Cryptography and Data Security (FC), February 2016

Cui, X., Wang, J., Hui, L.C., Xie, Z., Zeng, T., Yiu, S.: WeChecker: efficient and precise detection of privilege escalation vulnerabilities in android apps. In: Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, p. 25. ACM (2015)

Cui, X., Yu, D., Chan, P., Hui, L.C.K., Yiu, S.M., Qing, S.: CoChecker: detecting capability and sensitive data leaks from component chains in android. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 446–453. Springer, Cham (2014). doi:10.1007/978-3-319-08344-5_31

Hao, S., Liu, B., Nath, S., Halfond, W.G., Govindan, R.: PUMA: programmable UI-automation for large-scale dynamic analysis of mobile apps. In: Proceedings of the 12th Annual International Conference on Mobile Systems (2014)

Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., Le Traon, Y.: Effective inter-component communication mapping in android with epicc: an essential step towards holistic security analysis. In: Proceedings of the 22nd USENIX Security Symposium (2013)

Ren, C., Zhang, Y., Xue, H., Wei, T., Liu, P.: Towards discovering and understanding task hijacking in android. In: Proceedings of the 24nd USENIX Security Symposium (2015)

Wei, F., Roy, S., Ou, X., Robby.: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 1329–1341, New York. ACM (2014)

10.

Wu, D., Luo, X., Chang, R.K.: A sink-driven approach to detecting exposed component vulnerabilities in android apps. arXiv preprint arXiv:1405.6282 (2014)

Title: Reconstruction of Task Lists from Android Applications
Authors: Xingmin Cui
Ruiyi He
Lucas C. K. Hui
S. M. Yiu
Gang Zhou
Eric Ke Wang
Publisher: Springer Singapore
Book: Information Science and Applications 2017
Print ISBN: 978-981-10-4153-2

Electronic ISBN: 978-981-10-4154-9

Copyright Year: 2017
DOI: https://doi.org/10.1007/978-981-10-4154-9_46

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"