Abstract
Sensitive information leakages from applications are a critical issue in the Android ecosystem. Despite the advance of techniques to secure applications such as packing and obfuscation, a lot of applications are still under the threat of repackaging attacks that inject malicious code and re-distribute applications. Also, as we are becoming more dependent on mobile technologies, more sensitive information is used on our mobile devices. Hence, it is of great importance to reduce the risk of such sensitive information leaks. In this paper, we first present a threat model that attempts to leak users’ sensitive information by using the repackaging attack, named ReMaCi attack. By analyzing the top 8,546 applications downloaded from Google Play Store, we show that 50% of them are really vulnerable to the ReMaCi attack. We, thus, propose a novel, automated static anti-analysis tool, called AmpDroid, for preventing sensitive information leaks. AmpDroid identifies sensitive dataflows and isolates the code that handles the sensitive data from an application. To demonstrate the effectiveness of AmpDroid, we perform the security and performance evaluation of AmpDroid, comparing it with other obfuscation tools.
Highlights
As we are becoming more dependent on mobile technologies, the amount of sensitive information such as user names, phone numbers, e-mail addresses, and credit card numbers used on our mobile devices has been dramatically increased [30, 36]
We focus on the threat: (1) We first present the threat model, named Repackaging with Malicious Code Injected (ReMaCi) attacks, and show that roughly 50% of top-downloaded applications in the Google Play Store are really vulnerable to the attack model
As we described the management of the SC dex, AmpDroid makes AmpDroid-protected applications executable by dynamically loading the SC dex received from the code management application (CMA)
Summary
As we are becoming more dependent on mobile technologies, the amount of sensitive information such as user names, phone numbers, e-mail addresses, and credit card numbers used on our mobile devices has been dramatically increased [30, 36]. To reduce the risk, we must secure sensitive data flows in applications [8]. If attackers identified such sensitive data flows in Android applications, they can leak the sensitive data of users by conducting repackaging attacks [24, 27, 22]. We introduce sensitive data flows in commercial applications and how the sensitive data can be leaked, and look around obfuscation techniques. We define a sensitive data flow as that shows how sensitive information such as credit card number, phone number, email, and International Mobile Equipment Identify (IMEI), is passed among variables or methods. We introduce real-world examples of the sensitive data flow in Android applications that we identified. Listing 1 shows Smali instructions that we traced by using a dynamic analyzer of a commercial application
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
