Skip to main content
SpringerLink
Log in

Background

  • Chapter
  • First Online:
Android Application Security

Part of the book series: SpringerBriefs in Computer Science ((BRIEFSCOMPUTER))

  • 1223 Accesses

Abstract

Android applications are developed on top of Android framework and therefore bear particular features compared to traditional desktop software. In the meantime, due to the unique design and implementation, Android apps are threatened by emerging cyber attacks that target at mobile operating systems. As a result, security researchers have made considerable efforts to discover, mitigate and defeat these threats.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aafer Y, Du W, Yin H (2013) DroidAPIMiner: mining API-level features for robust malware detection in android. In: Proceedings of the 9th international conference on security and privacy in communication networks (SecureComm)

    Google Scholar 

  2. Arp D, Spreitzenbarth M, Hübner M, Gascon H, Rieck K (2014) Drebin: efficient and explainable detection of android malware in your pocket. In: Proceedings of the 21th annual network and distributed system security symposium (NDSS)

    Google Scholar 

  3. Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Traon YL, Octeau D, McDaniel P (2014) FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of the 35th ACM SIGPLAN conference on programming language design and implementation (PLDI)

    Google Scholar 

  4. Buse RP, Weimer WR (2010) Automatically documenting program changes. In: Proceedings of the IEEE/ACM international conference on automated software engineering (ASE)

    Google Scholar 

  5. Chandra D, Franz M (2007) Fine-grained information flow analysis and enforcement in a java virtual machine. In: Proceedings of the 23rd annual computer security applications conference (ACSAC)

    Google Scholar 

  6. Chen KZ, Johnson N, D’Silva V, Dai S, MacNamara K, Magrino T, Wu EX, Rinard M, Song D (2013) Contextual policy enforcement in android applications with permission event graphs. In: Proceedings of the 20th annual network and distributed system security symposium (NDSS)

    Google Scholar 

  7. Cui W, Peinado M, Wang HJ (2007) Shieldgen: automatic data patch generation for unknown vulnerabilities with informed probing. In: Proceedings of 2007 IEEE symposium on security and privacy

    Google Scholar 

  8. Davi L, Dmitrienko A, Sadeghi AR, Winandy M (2011) Privilege escalation attacks on android. In: Proceedings of the 13th international conference on Information security. Berlin/Heidelberg

    Google Scholar 

  9. Davis B, Sanders B, Khodaverdian A, Chen H (2012) I-ARM-Droid: a rewriting framework for in-app reference monitors for android applications. In: Proceedings of the mobile security technologies workshop

    Google Scholar 

  10. Egele M, Kruegel C, Kirda E, Vigna G (2011) PiOS: detecting privacy leaks in iOS applications. In: Proceedings of NDSS

    Google Scholar 

  11. Enck W, Ongtang M, McDaniel P (2009) On lightweight mobile phone application certification. In: Proceedings of the 16th ACM conference on computer and communications security (CCS)

    Google Scholar 

  12. Enck W, Gilbert P, Chun BG, Cox LP, Jung J, McDaniel P, Sheth AN (2010) TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX symposium on operating systems design and implementation (OSDI)

    Google Scholar 

  13. Enck W, Octeau D, McDaniel P, Chaudhuri S (2011) A study of android application security. In: Proceedings of the 20th USENIX Security Symposium

    Google Scholar 

  14. Felt AP, Wang HJ, Moshchuk A, Hanna S, Chin E (2011) Permission re-delegation: attacks and defenses. In: Proceedings of the 20th USENIX security symposium

    Google Scholar 

  15. Gibler C, Crussell J, Erickson J, Chen H (2012) AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. In: Proceedings of the 5th international conference on trust and trustworthy computing

    Google Scholar 

  16. Grace M, Zhou Y, Wang Z, Jiang X (2012) Systematic detection of capability leaks in stock android smartphones. In: Proceedings of the 19th network and distributed system security symposium

    Google Scholar 

  17. Grace M, Zhou Y, Zhang Q, Zou S, Jiang X (2012) RiskRanker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th international conference on mobile systems, applications and services (MobiSys)

    Google Scholar 

  18. Hanna S, Huang L, Wu E, Li S, Chen C, Song D (2012) Juxtapp: a scalable system for detecting code reuse among android applications. In: Proceedings of the 9th international conference on detection of intrusions and malware, and vulnerability assessment (DIMVA)

    Google Scholar 

  19. Hornyack P, Han S, Jung J, Schechter S, Wetherall D (2011) These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications. In: Proceedings of CCS

    Google Scholar 

  20. HP Fortify Source Code Analyzer (2016) http://www8.hp.com/us/en/software-solutions/static-code-analysis-sast/

  21. Jia L, Aljuraidan J, Fragkaki E, Bauer L, Stroucken M, Fukushima K, Kiyomoto S, Miyake Y (2013) Run-time enforcement of information-flow properties on android (extended abstract). In: Computer Security–ESORICS 2013: 18th European symposium on research in computer security

    Google Scholar 

  22. Kim J, Yoon Y, Yi K, Shin J (2012) Scandal: static analyzer for detecting privacy leaks in android applications. In: Mobile security technologies (MoST)

    Google Scholar 

  23. Lin Z, Jiang X, Xu D, Mao B, Xie L (2007) AutoPAG: towards automated software patch generation with source code root cause identification and repair. In: Proceedings of the 2nd ACM symposium on information, computer and communications security

    Google Scholar 

  24. Livshits B, Jung J (2013) Automatic mediation of privacy-sensitive resource access in smartphone applications. In: Proceedings of the 22th USENIX security symposium

    Google Scholar 

  25. Lu L, Li Z, Wu Z, Lee W, Jiang G (2012) CHEX: statically vetting android apps for component hijacking vulnerabilities. In: Proceedings of the 2012 ACM conference on computer and communications security (CCS)

    Google Scholar 

  26. Mann C, Starostin A (2012) A framework for static detection of privacy leaks in android applications. In: Proceedings of the 27th annual ACM symposium on applied computing

    Google Scholar 

  27. Martin M, Livshits B, Lam MS (2005) Finding application errors and security flaws using PQL: a program query language. In: Proceedings of the 20th annual ACM SIGPLAN conference on object-oriented programming, systems, languages, and applications

    Google Scholar 

  28. McAfee Labs Threats report Fourth Quarter (2013) http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2013.pdf

  29. Moreno L, Aponte J, Sridhara G, Marcus A, Pollock L, Vijay-Shanker K (2013) Automatic generation of natural language summaries for java classes. In: Proceedings of the 2013 IEEE 21th international conference on program comprehension (ICPC)

    Google Scholar 

  30. Myers AC (1999) JFlow: practical mostly-static information flow control. In: Proceedings of the 26th ACM symposium on principles of programming languages (POPL)

    Google Scholar 

  31. Newsome J (2006) Vulnerability-specific execution filtering for exploit prevention on commodity software. In: Proceedings of the 13th symposium on network and distributed system security (NDSS)

    Google Scholar 

  32. Niu B, Tan G (2013) Efficient user-space information flow control. In: Proceedings of the 8th ACM symposium on information, computer and communications security

    Google Scholar 

  33. Pandita R, Xiao X, Yang W, Enck W, Xie T (2013) WHYPER: towards automating risk assessment of mobile applications. In: Proceedings of the 22nd USENIX conference on security

    Google Scholar 

  34. Peng H, Gates C, Sarma B, Li N, Qi Y, Potharaju R, Nita-Rotaru C, Molloy I (2012) Using probabilistic generative models for ranking risks of android apps. In: Proceedings of the 2012 ACM conference on computer and communications security (CCS)

    Google Scholar 

  35. Privacy Blocker (2016) http://privacytools.xeudoxus.com/

  36. Qu Z, Rastogi V, Zhang X, Chen Y, Zhu T, Chen Z (2014) Autocog: measuring the description-to-permission fidelity in android applications. In: Proceedings of the 21st conference on computer and communications security (CCS)

    Google Scholar 

  37. Rastogi V, Chen Y, Jiang X (2013) DroidChameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM symposium on information, computer and communications security (ASIACCS)

    Google Scholar 

  38. Razmov V, Simon D (2001) Practical automated filter generation to explicitly enforce implicit input assumptions. In: Proceedings of the 17th annual computer security applications conference

    Google Scholar 

  39. Sidiroglou S and Keromytis AD (2005) Countering network worms through automatic patch generation. IEEE Secur Priv 3:41–49

    Article  Google Scholar 

  40. Sridhara G, Hill E, Muppaneni D, Pollock L, Vijay-Shanker K (2010) Towards automatically generating summary comments for java methods. In: Proceedings of the IEEE/ACM international conference on automated software engineering (ASE)

    Google Scholar 

  41. Sridhara G, Pollock L, Vijay-Shanker K (2011) Generating parameter comments and integrating with method summaries. In: Proceedings of the 2011 IEEE 19th international conference on program comprehension (ICPC)

    Google Scholar 

  42. Sridhara G, Pollock L, Vijay-Shanker K (2011) Automatically detecting and describing high level actions within methods. In: Proceedings of the 33rd international conference on software engineering (ICSE)

    Google Scholar 

  43. T.J. Watson Libraries for Analysis (2015) http://wala.sourceforge.net/wiki/index.php/Main_Page

  44. Wu C, Zhou Y, Patel K, Liang Z, Jiang X (2014) AirBag: boosting smartphone resistance to malware infection. In: Proceedings of the 21th annual network and distributed system security symposium (NDSS)

    Google Scholar 

  45. Xu W, Bhatkar S, Sekar R (2006) Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks. In: Proceedings of the 15th conference on USENIX security symposium

    Google Scholar 

  46. Xu R, Sadi H, Anderson R (2012) Aurasium: practical policy enforcement for android applications. In: Proceedings of the 21th USENIX security symposium

    Google Scholar 

  47. Yan LK, Yin H (2012) DroidScope: seamlessly reconstructing OS and Dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX security symposium

    Google Scholar 

  48. Yang Z, Yang M, Zhang Y, Gu G, Ning P, Wang XS (2013) AppIntent: analyzing sensitive data transmission in android for privacy leakage detection. In: Proceedings of the 20th ACM conference on computer and communications security (CCS)

    Google Scholar 

  49. Zeng B, Tan G, Erlingsson U (2013) Strato: a retargetable framework for low-level inlined-reference monitors. In: Proceedings of the 22th USENIX security symposium

    Google Scholar 

  50. Zhang C, Wang T, Wei T, Chen Y, Zou W (2010) IntPatch: automatically fix integer-overflow-to-buffer-overflow vulnerability at compile-time. In: Proceedings of the 15th European conference on research in computer security

    Google Scholar 

  51. Zhang Y, Yang M, Xu B, Yang Z, Gu G, Ning P, Wang XS, Zang B (2013) Vetting undesirable behaviors in android apps with permission use analysis. In: Proceedings of the 20th ACM conference on computer and communications security (CCS)

    Google Scholar 

  52. Zhou Y, Jiang X (2012) Dissecting android malware: characterization and evolution. In: Proceedings of the 33rd IEEE symposium on security and privacy. Oakland

    Google Scholar 

  53. Zhou Y, Jiang X (2013) Detecting passive content leaks and pollution in android applications. In: Proceedings of the 20th network and distributed system security symposium

    Google Scholar 

  54. Zhou Y, Wang Z, Zhou W, Jiang X (2012) Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: Proceedings of 19th annual network and distributed system security symposium (NDSS)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Security Department, NEC Laboratories America, Inc., Princeton, NJ, USA

    Mu Zhang

  2. University of California, Riverside, Riverside, CA, USA

    Heng Yin

Authors
  1. Mu Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Heng Yin
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2016 The Author(s)

About this chapter

Cite this chapter

Zhang, M., Yin, H. (2016). Background. In: Android Application Security. SpringerBriefs in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-319-47812-8_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-47812-8_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-47811-1

  • Online ISBN: 978-3-319-47812-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation