Abstract
Millions of developers and third-party organizations have flooded into the Android ecosystem due to Android’s open-source feature and low barriers to entry for developers. .However, that also attracts many attackers. Over 90 percent of mobile malware is found targeted on Android. Though Android provides multiple security features and layers to protect user data and system resources, there are still some overprivileged applications in Google Play Store or third-party Android app stores at wild. In this paper, we proposed an approach to map system level behavior and Android APIs, based on the observation that system level behaviors cannot be avoidedbut sensitive Android APIs could be evaded.To the best of our knowledge, our approach provides the first work to decompose Android application behaviors based on system-level behaviors. We then map system level behaviors and Android APIs through System Call Dependence Graphs. The study also shows that our approach can effectively identify potential permission abusing, with an almost negligible performance impact.
Highlights
In the past ten years, there is a huge booming the global market for mobile devices, especially smartphones
We intend to build a mapping between the Android APIs and system-level behavior
We use the transplantation attack in [16] as a case study to show the process of our approach. It has three steps, obtaining system level behavior represented in System Call Dependence Graphs (SCDGs), retrieving Android APIs, and mapping system-level behavior with Android APIs
Summary
In the past ten years, there is a huge booming the global market for mobile devices, especially smartphones. Android is an open-source platform implemented primarily based on Linux kernel, and designed mainly for mobile devices It usually consists of an operating system based on Linux, middleware, application framework, and some essential applications [22], as shown in Fig.. Besides some traditional features like memory management, security model, network stack and process management that the original Linux kernel supports, power management, and some specific mobile phone related drivers are added into this Linux kernel. Those drivers include binder (IPC) driver, USB gadget driver, and Low Memory Killer, etc.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
