Mobile Ecosystem Research Articles

GBKPA and AuxShield: Addressing adversarial robustness and transferability in android malware detection

Android stands as the predominant operating system within the mobile ecosystem. Users can download applications from official sources like Google Play Store and other third-party platforms. However, malicious actors can attempt to compromise user device integrity through malicious applications. Traditionally, signatures, rules, and other methods have been employed to detect malware attacks and protect device integrity. However, the growing number and complexity of malicious applications have prompted the exploration of newer techniques like machine learning (ML) and deep learning (DL). Many recent studies have demonstrated promising results in detecting malicious applications using ML and DL solutions. However, research in other fields, such as computer vision, has shown that ML and DL solutions are vulnerable to targeted adversarial attacks. Malicious actors can develop malicious adversarial applications that can bypass ML and DL based anti-viruses. The study of adversarial techniques related to malware detection has now captured the security community’s attention. In this work, we utilise android permissions and intents to construct 28 distinct malware detection models using 14 classification algorithms. Later, we introduce a novel targeted false-negative evasion attack, Gradient Based K Perturbation Attack (GBKPA), designed for grey-box knowledge scenarios to assess the robustness of these models. The GBKPA attempts to craft malicious adversarial samples by making minimal perturbations without violating the syntactic and functional structure of the application. GBKPA achieved an average fooling rate (FR) of 77 % with only five perturbations across the 28 detection models. Additionally, we identified the most vulnerable android permissions and intents that malicious actors can exploit for evasion attacks. Furthermore, we analyse the transferability of adversarial samples across different classes of models and provide explanations for the same. Finally, we proposed AuxShield defence mechanism to develop robust detection models. AuxShield reduced the average FR to 3.25 % against 28 detection models. Our findings underscore the need to understand the causation of adversarial samples, their transferability, and robust defence strategies before deploying ML and DL solutions in the real world.

Factors Influencing the Click Intension Towards Mobile App Ads

With the rapid growth of mobile platforms, in-app advertising has emerged as a key component of modern marketing strategies. Understanding the factors influencing consumers' click intentions toward mobile app ads is critical for optimizing engagement and conversion rates. This study examines various determinants, including ad relevance, user experience, perceived value, privacy concerns, and technology literacy, which collectively shape consumer responses to mobile app ads. While technology literacy plays a role in how users interact with digital content, factors like ad design, user motivation, app environment, and contextual relevance also significantly impact click behavior. By analyzing these variables, this research aims to provide marketers with actionable insights to craft more effective and targeted advertising campaigns. The findings will offer a deeper understanding of the drivers behind click intentions, enabling marketers to enhance user engagement and boost ad performance in the increasingly competitive mobile ecosystem.

Expediting the design and development of secure cloud-based mobile apps

The adoption and popularity of mobile devices by end-users is partially driven by the increasing development and availability of mobile applications that can aid solving different problems and provide access to services in a wide range of domains or categories, namely healthcare, education, e-commerce or entertainment. While these applications use and benefit from the combination of a wide panoply of technologies from the Internet of Things, fog and cloud computing, data security and privacy are typically not fully taken into account before the creation of many mobile applications or during the software development phases. This paper presents an in-depth approach to modeling attacks on the specific cloud and mobile ecosystem, given its importance in the process of secure application development. Moreover, aiming at bridging the knowledge gap between developers and security experts, this paper presents an alpha version of the security by design for cloud and mobile ecosystem (secD4CloudMobile) framework. secD4CloudMobile is a set of tools that covers cloud and mobile security requirement elicitation (CMSRE), cloud and mobile security best practices guidelines (CMSBPG), cloud mobile attack modeling elicitation (CMAME), and cloud mobile security test specification and tools (CM2ST). The purpose of the framework is to provide cloud and mobile application developers useful readily applicable information and guidelines, striving to bring security engineering and software engineering closer, in a more accessible and automated manner, aiming at the incorporation of security by construction. Finally, the paper presents some preliminary results and discussion.

Super SDKs: Tracking personal data and platform monopolies in the mobile

In this article we address the question ‘what is tracking in the mobile ecosystem’ through a comprehensive overview of the Software Development Kit (SDK). Our research reveals a complex infrastructural role for these technical objects connecting end-user data with app developers, third parties and dominant advertising platforms like Google and Facebook. We present an innovative theoretical framework which we call a data monadology to foreground this interrelationship, predicated on an economic model that exchanges personal data for the infrastructural services used to build applications. Our main contribution is an SDK taxonomy, which renders them more transparent and observable. We categorise SDK services into three main categories: (i) Programmatic AdTech for monetisation; (ii) App Development, for building, maintaining and offering additional artificial intelligence features and (iii) App Extensions which more visibly embed third parties into apps like maps, wallets or other payment services. A major finding of our analysis is the special category of the Super SDK, reserved for platforms like Google and Facebook. Not only do they offer a vast array of services across all three categories, making them indispensable to developers, they are super conduits for personal data and the primary technical means for the expansion of platform monopolisation across the mobile ecosystem.

Do mobile money services enhance business performance? An empirical analysis of Kenyan businesses

This study examines the impact of mobile money services on business performance by comparing the performance between businesses that use and do not use mobile money. The analysis empirically draws on cross-sectional data of 1001 Kenyan businesses from the 2018 World Bank Enterprise Survey. Propensity Score Matching is used to control for selection bias and variations in business characteristics. The results reveal that businesses that use mobile money services are more likely to be innovative in products and processes than non-users. However, they perform as well as businesses that do not use mobile money. The results also show that differences in business-specific characteristics such as business size, sector, location, and business obstacles significantly influence the adoption of mobile money by Kenyan businesses. Therefore, these results highlight the importance of mobile money services for Kenyan businesses with effective digital tools and support. Policy recommendations to enhance the financial mobile ecosystem and financial inclusion are discussed.

Trinity: High-Performance and Reliable Mobile Emulation through Graphics Projection

Mobile emulation, which creates full-fledged software mobile devices on a physical PC/server, is pivotal to the mobile ecosystem. Unfortunately, existing mobile emulators perform poorly on graphics-intensive apps in terms of efficiency and compatibility. To address this, we introduce graphics projection , a novel graphics virtualization mechanism that adds a small-size projection space inside the guest memory, which processes graphics operations involving control contexts and resource handles without host interactions. While enhancing performance, the decoupled and asynchronous guest/host control flows introduced by graphics projection can significantly complicate emulators’ reliability issue diagnosis when faced with a variety of uncommon or non-standard app behaviors in the wild, hindering practical deployment in production. To overcome this drawback, we develop an automatic reliability issue analysis pipeline that distills the critical code paths across the guest and host control flows by runtime quarantine and state introspection. The resulting new Android emulator, dubbed Trinity, exhibits an average of 97% native hardware performance and 99.3% reliable app support, in some cases outperforming other emulators by more than an order of magnitude. It has been deployed in Huawei DevEco Studio, a major Android IDE with millions of developers.

A Scalable Malware Detection Approach through Significant Permission Identification for Android Devices

The global ubiquity of smartphones has led to the availability of many free apps for gaming, communication, financial, and educational needs. However, hazardous malicious software targeting smartphones has increased as the global adoption of these devices has grown. Malware is growing rapidly, with reports predicting a new Android app every 10 seconds, threatening the mobile ecosystem. Due to Android's versatility, users can install apps from third-party app shops and file-sharing websites, compounding malware outbreaks. The seriousness of this situation requires scalable malware detection. Based on permission usage analysis, this project introduces Significant Permission Identification (SigPID), a novel malware detection technique. SigPID uses a three-tiered permission pruning mechanism to discover the most important permissions for distinguishing benign from malicious apps, unlike standard methods that scan all Android permissions. The system first uses the Random Forest method for machine learning classifications. The study reduces non-sensitive permissions by identifying benign and harmful permission lists. Support Vector Machine classification, K-Nearest Neighbor, and Linear Regression are then used to a fresh dataset. SigPID, written in Python 3.7, is a powerful and scalable Android malware countermeasure. SigPID uses advanced machine learning and large permissions to protect the mobile ecosystem from harmful apps, making it safer and more secure.

Vertical Interoperability in Mobile Ecosystems: Will the DMA Deliver (What Competition Law Could Not)?

Vertical Interoperability in Mobile Ecosystems: Will the DMA Deliver (What Competition Law Could Not)?

SUPER-APPIFICATION: CONGLOMERATION IN THE MOBILE ECOSYSTEM

“Super apps” are on the rise and gaining popularity worldwide, especially in Southeast Asia, India and Africa. These are “do-everything apps” that offer a wide range of services in a single interface, making them more integrated into people's lives. Super apps thus highlight the organisation, political economy and geopolitics of the platformisation process in the app economy. While most studies on super apps focus on Chinese and Southeast Asian apps, this paper examines super apps from around the world to better understand and discuss the phenomenon. Specifically, it examines and discusses (1) what “super apps” are, (2) by whom they were developed, (3) when they were created or how they evolved over time, and (4) where—in which countries or regions or parts of the world—they emerged. We provide a typology of super-app constellations based on the different characteristics identified in a global collection of 40 super-apps. We discuss the local or regional differences between apps, their historical emergence, modes of capital accumulation and the challenges and implications arising from them for critical research. The rise of super-apps and their integration into people's daily lives in general invites us to delve deeper into the relatedness and situatedness of apps, and focus in particular on the unique conglomeration processes currently taking place in the mobile ecosystem.

Fostering Effective Problem Solving Skills: The Role of QR Scanner-Integrated Mobile Ecosystem and Material Modules

This study intends to assess how well the integrated teaching module for the QR Scanner in ecological material improves students' problem-solving abilities. In this study, the experimental technique was used with a pretest-posttest control group design. The study's 60 participants were split into two groups: the experimental group and the control group, each of which included 30 participants. The control group did not get any special intervention, whereas the experimental group received it in the form of a QR scanner and HP Integrated Ecosystem-Based Material Modules. Data from the pre- and post-tests of both groups were gathered in order to assess how the intervention affected the groups' problem-solving abilities. Utilizing exams and questionnaires, data was gathered. Paired t tests were used to compare each group's pretest and posttest results in the analysis of the study data. The findings revealed that the experimental group's problem-solving abilities significantly improved (p 0.001), but the control group exhibited no significant difference (p > 0.05). As a result, the integrated teaching module for the QR Scanner in the ecosystem materials was successful in enhancing students' ability to solve problems. The findings of this study have significant ramifications for the design of technology-based learning strategies that will enhance student learning and help them apply concepts in real-world situations.

A federated approach for detecting data hidden in icons of mobile applications delivered via web and multiple stores

An increasing volume of malicious software exploits information hiding techniques to cloak additional attack stages or bypass frameworks enforcing security. This trend has intensified with the growing diffusion of mobile ecosystems, and many threat actors now conceal scripts or configuration data within high-resolution icons. Even if machine learning has proven to be effective in detecting various hidden payloads, modern mobile scenarios pose further challenges in terms of scalability and privacy. In fact, applications can be retrieved from multiple stores or directly from the Web or social media. Therefore, this paper introduces an approach based on federated learning to reveal information hidden in high-resolution icons bundled with mobile applications. Specifically, multiple nodes are used to mitigate the impact of different privacy regulations, the lack of comprehensive datasets, or the computational burden arising from distributed stores and unofficial repositories. Results collected through simulations indicate that our approach achieves performances similar to those of centralized blueprints. Moreover, federated learning demonstrated its effectiveness in coping with simple “obfuscation” schemes like Base64 encoding and zip compression used by attackers to avoid detection.

Transgressive Play and the Inherent Limits of Business Growth for China’s LGBTQ Platforms: The Case of a Social Game in Aloha

Since 2016, China’s online LGBTQ platforms, such as Blued and Aloha, have been seeking to increase user acquisition and retention by introducing new functionalities to their interfaces. Although these attempts were promising at first, most of their endeavors proved unsustainable, largely due to the condition in which their businesses operate: a niche audience segment in a winner-take-all mobile market and a highly regulatory market in which LGBTQ content is often made a site for the execution of power. This article investigates the now-defunct role-playing social game Werewolf embedded in Aloha, one of the popular dating apps for queer men in China. By bringing together scholarship on game studies and queer media studies, it is argued that social games embedded in dating apps foster a new form of sexual sociality in which desires become increasingly gamified and intimacy networked, which are essential for queer social media to retain users. Although Werewolf was ultimately closed due to Aloha’s budgetary controls, queer players have emerged as a promising market for their unique engagement in social games. LGBTQ platforms, however, are not the main beneficiary of the queer gaming market because of the winner-take-all mobile ecosystem. The article highlights the inherent limits of “outward” expansion of China’s LGBTQ platforms into the mainstream market and suggests that prioritizing the unaddressed needs of their niche audience through an inward approach may be a more viable strategy for business growth in a mobile ecosystem dominated by a handful of major players.

Exploring Personal Data Processing in Video Conferencing Apps

The use of video conferencing applications has increased tremendously in recent years, particularly due to the COVID-19 pandemic and the associated restrictions on movements. As a result, the corresponding smart apps have also seen increased usage, leading to a surge in downloads of video conferencing apps. However, this trend has generated several data protection and privacy challenges inherent in the smart mobile ecosystem. This paper aims to study data protection issues in video conferencing apps by statistically and dynamically analyzing the most common such issues in real-time operation on Android platforms. The goal is to determine what these applications do in real time and verify whether they provide users with sufficient information regarding the underlying personal data processes. Our results illustrate that there is still room for improvement in several aspects, mainly because the relevant privacy policies do not always provide users with sufficient information about the underlying personal data processes (especially with respect to data leaks to third parties), which, in turn, raises concerns about compliance with data protection by design and default principles. Specifically, users are often not informed about which personal data are being processed, for what purposes, and whether these processes are necessary (and, if yes, why) or based on their consent. Furthermore, the permissions required by the apps during runtime are not always justified.

Secure cloud-based mobile apps: attack taxonomy, requirements, mechanisms, tests and automation

AbstractThe adoption and popularization of mobile devices, such as smartphones and tablets, accentuated after the second decade of this century, has been motivated by the growing number of mobile applications, which can solve problems in different areas of contemporary societies. Conversely, the software development industry is motivated by the increasing number and quality of resources that mobile devices possess nowadays (e.g., memory, sensors, processing power or battery). While powerful mobile devices do exist, one of the main driving factors behind the increase of resources is the usage of Cloud technology, which strongly complement mobile computing. As expected, the adoption of measures to mitigate security issues has not accompanied the growth and speed of development for Cloud and Mobile software, to ensure that these are resilient to attacks by design. Aiming to contribute to decrease the gap between software and security engineering, this paper presents a deep approach to attack taxonomy, security mechanisms, and security test specification for the Cloud and Mobile ecosystem of applications. This is also the first time an encompassing and conjoined approach is provided for attack taxonomy and specification of security tests automation tools for this ecosystem.

Spyware Identification for Android Systems Using Fine Trees

Android operating system (OS) has been recently featured as the most commonly used and ingratiated OS for smartphone ecosystems. This is due to its high interoperability as an open-source platform and its compatibility with all the major browsers within the mobile ecosystem. However, android is susceptible to a wide range of Spyware traffic that can endanger a mobile user in many ways, like password stealing and recording patterns of a user. This paper presents a spyware identification schemes for android systems making use of three different machine learning schemes, including fine decision trees (FDT), support vector machines (SVM), and the naïve Bayes classifier (NBC). The constructed models have been evaluated on a novel dataset (Spyware-Android 2022) using several performance measurement units such as accuracy, precision, and sensitivity. Our experimental simulation tests revealed the notability of the model-based FDT, making the peak accuracy 98.2%. The comparison with the state-of-art spyware identification models for android systems showed that our proposed model had improved the model’s accuracy by more than 18%.

NT-GNN: Network Traffic Graph for 5G Mobile IoT Android Malware Detection

IoT Android application is the most common implementation system in the mobile ecosystem. As assaults have increased over time, malware attacks will likely happen on 5G mobile IoT Android applications. The huge threat posed by malware to communication systems security has made it one of the main focuses of information security research. Therefore, this paper proposes a new graph neural network model based on a network traffic graph for Android malware detection (NT-GNN). While some current malware detection systems use network traffic data for detection, they ignore the complex structural relationships of network traffic, focusing exclusively on network traffic between pairs of endpoints. Additionally, our suggested network traffic graph neural network model (NT-GNN) considers the graph node and edge aspects, capturing the connection between various traffic flows and individual traffic attributes. We first extract the network traffic graph and then detect it using a novel graph neural network architecture. Finally, we experimented with the proposed NT-GNN model on the well-known Android malware CICAndMal2017 and AAGM datasets and achieved 97% accuracy. The results reflect the sophisticated nature of our methodology. Furthermore, we want to provide a new method for malicious code detection.

Android malware detection method based on highly distinguishable static features and DenseNet.

The rapid growth of malware has become a serious problem that threatens the security of the mobile ecosystem and needs to be studied and resolved. Android is the main target of attackers due to its open source and popularity. To solve this serious problem, an accurate and efficient malware detection method is needed. Most existing methods use a single type of feature, which can be easily bypassed, resulting in low detection accuracy. In addition, although multiple types of features are used in some methods to solve the drawbacks of detection methods using a single type of feature, there are still some problems. Firstly, due to multiple types of features, the number of features in the initial feature set is extremely large, and some methods directly use them for training, resulting in excessive overhead. Furthermore, some methods utilize feature selection to reduce the dimensionality of features, but they do not select highly distinguishable features, resulting in poor detection performance. In this article, an effective and accurate method for identifying Android malware, which is based on an analysis of the use of seven types of static features in Android is proposed to cope with the rapid increase in the amount of Android malware and overcome the drawbacks of detection methods using a single type of feature. Instead of utilizing all extracted features, we design three levels of feature selection methods to obtain highly distinguishable features that can be effective in identifying malware. Then a fully densely connected convolutional network based on DenseNet is adopted to leverage features more efficiently and effectively for malware detection. Compared with the number of features in the original feature set, the number of features in the feature set obtained by the three levels of feature selection methods is reduced by about 97%, but the accuracy is only reduced by 0.45%, and the accuracy is more than 99% in a variety of machine learning methods. Moreover, we compare our detection method with different machine learning models, and the experimental results show that our method outperforms general machine learning models. We also compare the performance of our detection method with two state-of-the-art neural networks. The experimental results show that our detection model can greatly reduce the training cost and still achieve good detection performance, reaching an accuracy of 99.72%. In addition, we compare our detection method with other similar detection methods that also use multiple types of features. The results show that our detection method is superior to the comparison methods.

AI-driven predictive and scalable management and orchestration of network slices

The future network slicing enabled mobile ecosystem is expected to support a wide set of heterogenous vertical services over a common infrastructure. The service robustness and their intrinsic requirements, together with the heterogeneity of mobile infrastructure and resources in both the technological and the spatial domain, significantly increase the complexity and create new challenges regarding network management and orchestration. High degree of automation, flexibility and programmability are becoming the fundamental architectural features to enable seamless support for the modern telco-based services. In this paper, we present a novel management and orchestration platform for network slices, which has been devised by the Horizon 2020 MonB5G project. The proposed framework is a highly scalable solution for network slicing management and orchestration that implements a distributed and programmable AI-driven management architecture. The cognitive capabilities are provided at different levels of management hierarchy by adopting necessary data abstractions. Moreover, the framework leverages intent-based operations to improve its modularity and genericity. The mentioned features enhance the management automation, making the architecture a significant step towards self-managed network slices.

Explainable Malware Detection System Using Transformers-Based Transfer Learning and Multi-Model Visual Representation.

Android has become the leading mobile ecosystem because of its accessibility and adaptability. It has also become the primary target of widespread malicious apps. This situation needs the immediate implementation of an effective malware detection system. In this study, an explainable malware detection system was proposed using transfer learning and malware visual features. For effective malware detection, our technique leverages both textual and visual features. First, a pre-trained model called the Bidirectional Encoder Representations from Transformers (BERT) model was designed to extract the trained textual features. Second, the malware-to-image conversion algorithm was proposed to transform the network byte streams into a visual representation. In addition, the FAST (Features from Accelerated Segment Test) extractor and BRIEF (Binary Robust Independent Elementary Features) descriptor were used to efficiently extract and mark important features. Third, the trained and texture features were combined and balanced using the Synthetic Minority Over-Sampling (SMOTE) method; then, the CNN network was used to mine the deep features. The balanced features were then input into the ensemble model for efficient malware classification and detection. The proposed method was analyzed extensively using two public datasets, CICMalDroid 2020 and CIC-InvesAndMal2019. To explain and validate the proposed methodology, an interpretable artificial intelligence (AI) experiment was conducted.

Recent Developments at the CMA: 2021-22.

This article discusses three important pieces of work that the Competition and Markets Authority has completed over the last year. The first two are market studies: The Mobile Ecosystems Market Study was launched over concerns that Apple and Google have too much control over operating systems (iOS and Android), app stores (App Store and Play Store), and web browsers (Safari and Chrome) that together form their ‘ecosystems’; the Electric Vehicles Charging Market Study took actions and provided recommendations in a nascent but critically important market. The final piece of work is “State of Competition”: a research project that assesses the evolution of competition in the UK over the past two decades.