THREAT ATTRIBUTES HANGING IN THE WILD ANDROID
Keywords:
Harehunter, HareGuard, Android, Android Malware Detection.
Abstract
Android is a complicated system that applications and component are usable and support for multiple work together, giving rise to highly complex interdependence relationships. Meanwhile, the Android environment is notable for being greatlty disparate and decentralized: different Operation System version is personalized and re-personalized by different parties about fast and used by whoever that can develop an application for that version. Android secure its explanation sources over an app sandbox and permissions model, where each application execution in this part can entrance only suspectible overall assets and another application component (value providers, services, activities, publication receivers) by the appropriate liscense.
This study uses Harehunter measurement to automatically detect Hare vulnerabilities in Android system applications. Harehunter and HareGuard performance evaluations were carried out in this study, both of which proved to be highly effective. The approach used here is divergent investigation, by searching all quoted, decompiled script, and obvious data for targeted attribute determination as an initial step, and running an XML parser. The outcome of this research show that the impact of Hares is very significant. The application of HareGuard in this study proved to be effective in detecting all attack applications that were made. Further evaluation of the performance impact on the minimum system host. For future research, to make Harehunter more effective, it is suggested to use a more qualified analyzer. So that this direction can be explored in more depth.
References
A. Al-Haiqi, M. Ismail, and R. Nordin, "On the best sensor for keystrokes inference attack on android," in The 4th International Conference on Electrical Engineering and Informatics (ICEEI), Procedia Technology, 2013.
AP Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, “Android permissions demystified,” in Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS '11, (New York, NY, USA ), pp. 627–638, ACM, 2011.
B. Liu, J. Lin, and N. Sadeh, “Reconciling mobile app privacy and usability on smartphones: Could user privacy profiles help?,” in Proceedings of the 23rd International Conference on World Wide Web, WWW'14, ( New York, NY, USA), pp. 201–212, ACM, 2014.
C. Lin, H. Li, X. Zhou, and X. Wang, “Screenmilker: How to milk your android screen for secrets,” in 21st Annual Network and Distributed System Security Symposium (NDSS), The Internet Society, 2014.
E. Miluzzo, A. Varshavsky, S. Balakrishnan, and RR Choudhury, “Tapprints: Your finger taps have fingerprints,” in Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, MobiSys '12, (New York, NY, USA) pp. 323–336, ACM, 2012.
F. Roesner and T. Kohno, “Securing embedded user interfaces: Android and beyond,” in Proceedings of the 22nd USENIX Conference on Security, SEC'13, (Berkeley, CA, USA), pp. 97–112, USENIX Association, 2013.
F. Roesner, T. Kohno, A. Moshchuk, B. Parno, HJ Wang, and C. Cowan, “User-driven access control: Rethinking permission granting in modern operating systems,” in Proceedings of the 2012 IEEE Symposium on Security and Privacy, 2012.
H. Huang, S. Zhu, K. Chen, and P. Liu, “From system services freezing to system server shutdown in android: All you need is a loop in an app,” in Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, (New York, NY, USA), pp. 1236–1247, ACM, 2015.
H. Zhang, D. She, and Z. Qian, “Android root and its providers: A double-edged sword,” in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, (New York, NY, USA), pp. 1093–1104, ACM, 2015.
J. Caballero, G. Grieco, M. Marron, and A. Nappa, “ Undangle: Early detection of dangling pointers in use-after-free and double-free vulnerabilities,” in Proceedings of the 2012 International Symposium on Software Testing and Analysis, ISTA 2012, ACM, 2012.
KWY Au, YF Zhou, Z. Huang, and D. Lie, “Pscout: Analyzing the android permission specification,” in Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS '12, (New York, NY, USA), pp. 217–228, ACM, 2012.
L. Li, A. Bartel, J. Klein, YL Traon, S. Arzt, S. Rasthofer, E. Bodden, D. Octeau, and P. McDaniel, “I know what leaked in your pocket: uncovering privacy leaks on android apps with static taint analysis,” arXiv preprint arXiv:1404.7431, 2014.
L. Wu, M. Grace, Y. Zhou, C. Wu, and X. Jiang, “The impact of vendor customizations on android security,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS '13, (New York, NY, USA), pp. 623–634, ACM, 2013.
M. Egele, D. Brumley, Y. Fratantonio, and C. Kruegel, “An empirical study of cryptographic misuse in android applications,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS '13, (New York, NY, USA), pp. 73–84, ACM, 2013.
M. Zhang, Y. Duan, Q. Feng, and H. Yin, “Towards automatic generation of security-centric descriptions for android apps,” in Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, ( New York, NY, USA), pp. 518–529, ACM, 2015.
P. Brodley and leviathan Security Group, “Zero Permission Android Applications.” https://www.leviathansecurity.com/blog/zero-permission-android-applications/ . Accessed: 10/02/2013.
P. Ratazzi, Y. Aafer, A. Ahlawat, H. Hao, Y. Wang, and W. Du, “A systematic security evaluation of Android's multi-user framework,” in Mobile Security Technologies (MoST) 2014, MoST'14, (San Jose, CA, USA), May 17, 2014.
P. Wijesekera, A. Baokar, A. Hosseini, S. Egelman, D. Wagner, and K. Beznosov, “Android permissions remystified: A field study on contextual integrity,” in Proceedings of the 24th USENIX Conference on Security Symposium, SEC '15, (Berkeley, CA, USA), pp. 499–514, USENIX Association, 2015.
QA Chen, Z. Qian, and ZM Mao, “Peeking into your app without actually seeing it: Ui state inference and novel android attacks,” in Proceedings of the 23rd USENIX Conference on Security Symposium, SEC'14, (Berkeley, CA, USA), pp. 1037–1052, USENIX Association, 2014.
R. Pandita, X. Xiao, W. Yang, W. Enck, and T. Xie, “Whyper: Towards automated risk assessment of mobile applications,” in Proceedings of the 22nd USENIX Conference on Security, SEC'13, (Berkeley, CA, USA), pp. 527–542, USENIX Association, 2013.
R. Wang, L. Xing, X. Wang, and S. Chen, “Unauthorized origin crossing on mobile platforms: Threats and mitigation,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS '13, (New York, NY, USA), pp. 635–646, ACM, 2013.
S. Fahl, M. Harbach, M. Oltrogge, T. Muders, and M. Smith, “Hey, you, get off of my clipboard,” in proceeding of the 17th International Conference on Financial Cryptography and Data Security, 2013.
SH Kim, D. Han, and DH Lee, “Predictability of android OpenSSL's pseudorandom number generator,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS '13, (New York, NY, USA), pp. 659–68, ACM, 2013.
T. Li, X. Zhou, L. Xing, Y. Lee, M. Naveed, X. Wang, and X. Han, “Mayhem in the push clouds: Understanding and mitigating security hazards in mobile push-messaging services,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, (New York, NY, USA), pp. 978–989, ACM, 2014.
W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, “A study of android application security,” in Proceedings of the 20th USENIX conference on Security symposium, 2011.
X. Jin, X. Hu, K. Ying, W. Du, H. Yin, and GN Peri, “Code injection attacks on html5-based mobile apps: Characterization, detection and mitigation,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, (New York, NY, USA), pp. 66–77, ACM, 2014.
X. Zhang, K. Ying, Y. Aafer, Z. Qiu, and W. Du, “Life after app uninstallation: Are the data still alive? data residue attacks on android,” in NDSS, 2016.
X. Zhou, S. Demetriou, D. He, M. Naveed, X. Pan, X. Wang, CA Gunter, and K. Nahrstedt, “Identity, location, disease and more: Inferring your secrets from android public resources,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS '13, (New York, NY, USA), pp. 1017–28, ACM, 2013.
Y. Acar, M. Backes, S. Bugiel, S. Fahl, P. McDaniel, and M. Smith, “Sok: Lessons learned from android security research for appified software platforms,” in 37th IEEE Symposium on Security and Privacy (S&P '16), IEEE, 2016.
Y. Michalevsky, D. Boneh, and G. Nakibly, “Gyrophone: Recognizing speech from gyroscope signals,” in Proceedings of the 23rd USENIX Conference on Security Symposium, SEC'14, (Berkeley, CA, USA), pp. 1053–1067, USENIX Association, 2014.
Y. Michalevsky, G. Nakibly, A. Schulman, and D. Boneh, “Powerspy: Location tracking using mobile device power analysis,” in 24th USENIX Security Symposium, 2015.
Z. Qu, V. Rastogi, X. Zhang, Y. Chen, T. Zhu, and Z. Chen, “Autocog: Measuring the description-to-permission fidelity in android applications,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS'14, (New York, NY, USA), pp. 1354–1365, ACM, 2014
AP Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, “Android permissions demystified,” in Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS '11, (New York, NY, USA ), pp. 627–638, ACM, 2011.
B. Liu, J. Lin, and N. Sadeh, “Reconciling mobile app privacy and usability on smartphones: Could user privacy profiles help?,” in Proceedings of the 23rd International Conference on World Wide Web, WWW'14, ( New York, NY, USA), pp. 201–212, ACM, 2014.
C. Lin, H. Li, X. Zhou, and X. Wang, “Screenmilker: How to milk your android screen for secrets,” in 21st Annual Network and Distributed System Security Symposium (NDSS), The Internet Society, 2014.
E. Miluzzo, A. Varshavsky, S. Balakrishnan, and RR Choudhury, “Tapprints: Your finger taps have fingerprints,” in Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, MobiSys '12, (New York, NY, USA) pp. 323–336, ACM, 2012.
F. Roesner and T. Kohno, “Securing embedded user interfaces: Android and beyond,” in Proceedings of the 22nd USENIX Conference on Security, SEC'13, (Berkeley, CA, USA), pp. 97–112, USENIX Association, 2013.
F. Roesner, T. Kohno, A. Moshchuk, B. Parno, HJ Wang, and C. Cowan, “User-driven access control: Rethinking permission granting in modern operating systems,” in Proceedings of the 2012 IEEE Symposium on Security and Privacy, 2012.
H. Huang, S. Zhu, K. Chen, and P. Liu, “From system services freezing to system server shutdown in android: All you need is a loop in an app,” in Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, (New York, NY, USA), pp. 1236–1247, ACM, 2015.
H. Zhang, D. She, and Z. Qian, “Android root and its providers: A double-edged sword,” in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, (New York, NY, USA), pp. 1093–1104, ACM, 2015.
J. Caballero, G. Grieco, M. Marron, and A. Nappa, “ Undangle: Early detection of dangling pointers in use-after-free and double-free vulnerabilities,” in Proceedings of the 2012 International Symposium on Software Testing and Analysis, ISTA 2012, ACM, 2012.
KWY Au, YF Zhou, Z. Huang, and D. Lie, “Pscout: Analyzing the android permission specification,” in Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS '12, (New York, NY, USA), pp. 217–228, ACM, 2012.
L. Li, A. Bartel, J. Klein, YL Traon, S. Arzt, S. Rasthofer, E. Bodden, D. Octeau, and P. McDaniel, “I know what leaked in your pocket: uncovering privacy leaks on android apps with static taint analysis,” arXiv preprint arXiv:1404.7431, 2014.
L. Wu, M. Grace, Y. Zhou, C. Wu, and X. Jiang, “The impact of vendor customizations on android security,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS '13, (New York, NY, USA), pp. 623–634, ACM, 2013.
M. Egele, D. Brumley, Y. Fratantonio, and C. Kruegel, “An empirical study of cryptographic misuse in android applications,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS '13, (New York, NY, USA), pp. 73–84, ACM, 2013.
M. Zhang, Y. Duan, Q. Feng, and H. Yin, “Towards automatic generation of security-centric descriptions for android apps,” in Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, ( New York, NY, USA), pp. 518–529, ACM, 2015.
P. Brodley and leviathan Security Group, “Zero Permission Android Applications.” https://www.leviathansecurity.com/blog/zero-permission-android-applications/ . Accessed: 10/02/2013.
P. Ratazzi, Y. Aafer, A. Ahlawat, H. Hao, Y. Wang, and W. Du, “A systematic security evaluation of Android's multi-user framework,” in Mobile Security Technologies (MoST) 2014, MoST'14, (San Jose, CA, USA), May 17, 2014.
P. Wijesekera, A. Baokar, A. Hosseini, S. Egelman, D. Wagner, and K. Beznosov, “Android permissions remystified: A field study on contextual integrity,” in Proceedings of the 24th USENIX Conference on Security Symposium, SEC '15, (Berkeley, CA, USA), pp. 499–514, USENIX Association, 2015.
QA Chen, Z. Qian, and ZM Mao, “Peeking into your app without actually seeing it: Ui state inference and novel android attacks,” in Proceedings of the 23rd USENIX Conference on Security Symposium, SEC'14, (Berkeley, CA, USA), pp. 1037–1052, USENIX Association, 2014.
R. Pandita, X. Xiao, W. Yang, W. Enck, and T. Xie, “Whyper: Towards automated risk assessment of mobile applications,” in Proceedings of the 22nd USENIX Conference on Security, SEC'13, (Berkeley, CA, USA), pp. 527–542, USENIX Association, 2013.
R. Wang, L. Xing, X. Wang, and S. Chen, “Unauthorized origin crossing on mobile platforms: Threats and mitigation,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS '13, (New York, NY, USA), pp. 635–646, ACM, 2013.
S. Fahl, M. Harbach, M. Oltrogge, T. Muders, and M. Smith, “Hey, you, get off of my clipboard,” in proceeding of the 17th International Conference on Financial Cryptography and Data Security, 2013.
SH Kim, D. Han, and DH Lee, “Predictability of android OpenSSL's pseudorandom number generator,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS '13, (New York, NY, USA), pp. 659–68, ACM, 2013.
T. Li, X. Zhou, L. Xing, Y. Lee, M. Naveed, X. Wang, and X. Han, “Mayhem in the push clouds: Understanding and mitigating security hazards in mobile push-messaging services,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, (New York, NY, USA), pp. 978–989, ACM, 2014.
W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, “A study of android application security,” in Proceedings of the 20th USENIX conference on Security symposium, 2011.
X. Jin, X. Hu, K. Ying, W. Du, H. Yin, and GN Peri, “Code injection attacks on html5-based mobile apps: Characterization, detection and mitigation,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, (New York, NY, USA), pp. 66–77, ACM, 2014.
X. Zhang, K. Ying, Y. Aafer, Z. Qiu, and W. Du, “Life after app uninstallation: Are the data still alive? data residue attacks on android,” in NDSS, 2016.
X. Zhou, S. Demetriou, D. He, M. Naveed, X. Pan, X. Wang, CA Gunter, and K. Nahrstedt, “Identity, location, disease and more: Inferring your secrets from android public resources,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS '13, (New York, NY, USA), pp. 1017–28, ACM, 2013.
Y. Acar, M. Backes, S. Bugiel, S. Fahl, P. McDaniel, and M. Smith, “Sok: Lessons learned from android security research for appified software platforms,” in 37th IEEE Symposium on Security and Privacy (S&P '16), IEEE, 2016.
Y. Michalevsky, D. Boneh, and G. Nakibly, “Gyrophone: Recognizing speech from gyroscope signals,” in Proceedings of the 23rd USENIX Conference on Security Symposium, SEC'14, (Berkeley, CA, USA), pp. 1053–1067, USENIX Association, 2014.
Y. Michalevsky, G. Nakibly, A. Schulman, and D. Boneh, “Powerspy: Location tracking using mobile device power analysis,” in 24th USENIX Security Symposium, 2015.
Z. Qu, V. Rastogi, X. Zhang, Y. Chen, T. Zhu, and Z. Chen, “Autocog: Measuring the description-to-permission fidelity in android applications,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS'14, (New York, NY, USA), pp. 1354–1365, ACM, 2014
Published
2022-12-22
How to Cite
Irda Yunianto, Mars Caroline Wibowo, & Budi Raharjo. (2022). THREAT ATTRIBUTES HANGING IN THE WILD ANDROID. Journal of Technology Informatics and Engineering, 1(3), 67-84. https://doi.org/10.51903/jtie.v1i3.150
Section
Articles
