Consumers' willingness to adopt and use WeChat wallet: An empirical study in South Africa

The number of applications (apps) available for smart devices or Android based IoT (Internet of Things) has surged dramatically over the past few years. Meanwhile, the volume of ill-designed or malicious apps (malapps) has been growing explosively. To ensure the quality and security of the apps in the markets, many approaches have been proposed in recent years to discriminate malapps from benign ones. Machine learning is usually utilized in classification process. Accurately characterizing apps' behaviors, or so-called features, directly affects the detection results with machine learning algorithms. Android apps evolve very fast. The size of current apps has become increasingly large and the behaviors of apps have become increasingly complicated. The extracting effective and representative features from apps is thus an ongoing challenge. Although many types of features have been extracted in existing work, to the best of our knowledge, no work has systematically surveyed the features constructed for detecting Android malapps. In this paper, we are motivated to provide a clear and comprehensive survey of the state-of-the-art work that detects malapps by characterizing behaviors of apps with various types of features. Through the designed criteria, we collect a total of 1947 papers in which 236 papers are used for the survey with four dimensions: the features extracted, the feature selection methods employed if any, the detection methods used, and the scale of evaluation performed. Based on our in-depth survey, we highlight the issues of exploring effective features from apps, provide the taxonomy of these features and indicate the future directions.

/pdf/constructing-features-for-detecting-android-malicious-22xpnwdms4.pdf

Constructing Features for Detecting Android Malicious Applications: Issues, Taxonomy and Directions

Forensic analysis of Telegram Messenger on Android smartphones

Smartphone market is growing day by day and according to Statista, as of 2017, 68.4% of the U.S. population uses smartphones. Similarly, the amount of information stored on these mobile devices is tremendous and ranging from personal details, contacts, applications data, to exchange of texts and media. This information can become a significant evidence during a digital forensics investigation and thereafter in courts. As Android is one of the leading smartphone operating systems worldwide, it is important to have the knowledge of Android forensics. Moreover, chat messaging between the users becoming the most prominent communication medium particularly among the youth. The exponential increase in the interception of chat messages on mobile devices led to implementation of end to end encryption. This is mainly due to the concerns raised on privacy and security of user data on smartphones. In this paper we analyze widely used encrypted Instant Messaging (IM) applications namely WeChat, Telegram, Viber and Whatsapp. We also show how these applications store data in the Android file system. In addition we also discuss forensic implications of the IM applications that are utilizing encryption. Analysis of artifacts collected from these applications is performed using the Android Debugging Bridge (ADB) tool and some other open source tools. Moreover, we also present the challenges faced during the collection of the forensically important artifacts.

Forensic analysis of encrypted instant messaging applications on Android

This review paper covers the forensic-relevant literature in digital evidence from 2016 to 2019 as a part of the 19th Interpol International Forensic Science Managers Symposium. The review papers are also available at the Interpol website at: https://www.interpol.int/content/download/14458/file/Interpol Review Papers 2019.pdf

Interpol review of digital evidence 2016 - 2019.

Forensic analysis of WeChat on Android smartphones

The invention relates to a feature extraction achieving method based on deploy and control data mining. The method includes that deploy and control data in an instant messaging tool is obtained; online time of different instant messaging accounts with the same internet protocol (IP) address is analyzed to obtain time relation among the accountants; password data of all instant messaging accounts is analyzed to obtain a password relation among the accounts; behavior data of all the instant messaging accounts is analyzed to obtain a behavior relation among the accounts; same-person relation value among the instant messaging accounts is obtained through comprehensive analysis according to the time relation, the password relation and the behavior relation among the IP addresses and accounts of all the instant messaging accounts. By means of the method, whether a plurality of the instant messaging accounts belong to the same person can be identified effectively, chat record data is correlated and analyzed, feature extraction is conducted in massive data, and the method is easy to apply and has wide application range.

Feature extraction achieving method based on deploy and control data mining

The invention relates to a mobile phone evidence obtaining method based on recovery. The method comprises the following steps that (1) whether a mobile phone is connected with a computer in a fastboot mode is judged by the computer; (2) if the mobile phone is connected with the computer in the fastboot mode, recovery of the third party is reinstalled; (3) the partition of the mobile phone is mounted; (4) files in the mobile phone are derived to the computer; (5) and if there is no mobile phone connected with the computer in the fastboot mode, the step (1) is continued. The mobile phone evidence obtaining method based on recovery of the structure is adopted to perform mobile phone information reading on the Android mobile phone so that Android mobile phone information reading efficiency is greatly enhanced, data reading is complete and effective, judicial evidence obtaining and actual work demands can be effectively assisted, and thus the mobile phone evidence obtaining method based on recovery is suitable for large-scale popularization and application.

Mobile phone evidence obtaining method based on recovery

The invention relates to a memory device data recovery achieving method based on a flash memory chip. The method includes that original data stored in the flash memory chip is obtained; file mirror images capable of being recognized by an operation system are restored according to data storage rules of the flash memory chip, namely the data is rearranged in a logic arrangement mode from a physical arrangement mode according to marked information in a backup data area. By means of the method, when a main controller or a peripheral logic circuit board breaks down, the data can be read from the bottom layer of the flash memory chip directly, and the file mirror images capable of being recognized by the operation system are restored according to the data storage rules so that direct recovery of data in a memory device and based on the flash memory chip is achieved, data loss caused by damage to a memory device portion is avoided, data recovery success rate is improved, an application method is simple, and the method is applicable to different flash memory devices and has a wide application range.

Memory device data recovery achieving method based on flash memory chip

Android smart phones often carry personal sensitive information, which makes Android a tempting target for malwares. Recent studies have showed that Android applications frequently are over privileged and the risk of personal privacy leakage is very high. With known Android statics security analysis techniques in literatures, due to lack of considering the control flow between components, the static analysis of sensitive data transmission paths often costs a larger computation overheads, static analysis methods have to make a trade-off between computing time and the precision of analysis results. In this work, we propose a static analysis framework to discovery the sensitive data propagation paths and extract execution conditions (including data inputs and events inputs) of these paths. Our approach first extract a asynchronously executing events sequence graph that directly handles inter-components control flows, it then can be used to archive higher efficient taint analysis when the data propagation path asynchronously cross the boundaries of multiply components. The represented analysis results (data and events inputs) will make the analyst easier to determine if the sensitive data transmission is really a privacy leakage. We present an evaluation with a typical Android malicious app. The result of case study shows that our scheme can effectively help discover the privacy leakage behaviors in the malicious apps.

Xiong Xiong

Papers

Forensic analysis of WeChat on Android smartphones

Feature extraction achieving method based on deploy and control data mining

Mobile phone evidence obtaining method based on recovery

Memory device data recovery achieving method based on flash memory chip

Efficient Privacy Leakage Discovery for Android Applications Based on Static Analysis