Open AccessProceedings Article
PiOS : Detecting privacy leaks in iOS applications
TLDR
To protect its users from malicious applications, Apple has introduced a vetting process, which should ensure that all applications conform to Apple’s (privacy) rules before they can be offered via the App Store, but this vetting process is not welldocumented.Abstract:
With the introduction of Apple’s iOS and Google’s Android operating systems, the sales of smartphones have exploded. These smartphones have become powerful devices that are basically miniature versions of personal computers. However, the growing popularity and sophistication of smartphones have also increased concerns about the privacy of users who operate these devices. These concerns have been exacerbated by the fact that it has become increasingly easy for users to install and execute third-party applications. To protect its users from malicious applications, Apple has introduced a vetting process. This vetting process should ensure that all applications conform to Apple’s (privacy) rules before they can be offered via the App Store. Unfortunately, this vetting process is not welldocumented, and there have been cases where malicious applications had to be removed from the App Store afterread more
Citations
More filters
Proceedings ArticleDOI
Dissecting Android Malware: Characterization and Evolution
Yajin Zhou,Xuxian Jiang +1 more
TL;DR: Systematize or characterize existing Android malware from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software.
Proceedings Article
A study of android application security
TL;DR: A horizontal study of popular free Android applications uncovered pervasive use/misuse of personal/ phone identifiers, and deep penetration of advertising and analytics networks, but did not find evidence of malware or exploitable vulnerabilities in the studied applications.
Proceedings ArticleDOI
A survey of mobile malware in the wild
TL;DR: The incentives behind 46 pieces of iOS, Android, and Symbian malware that spread in the wild from 2009 to 2011 are analyzed and the effectiveness of techniques for preventing and identifying mobile malware is evaluated.
Proceedings Article
Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets
TL;DR: A permissionbased behavioral footprinting scheme to detect new samples of known Android malware families and a heuristics-based filtering scheme to identify certain inherent behaviors of unknown malicious families are proposed.
Proceedings ArticleDOI
PScout: analyzing the Android permission specification
TL;DR: An analysis of the permission system of the Android smartphone OS is performed and it is found that a trade-off exists between enabling least-privilege security with fine-grained permissions and maintaining stability of the permissions specification as the Android OS evolves.
References
More filters
Journal ArticleDOI
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
William Enck,Peter Gilbert,Seungyeop Han,Vasant Tendulkar,Byung-Gon Chun,Landon P. Cox,Jaeyeon Jung,Patrick McDaniel,Anmol Sheth +8 more
TL;DR: TaintDroid as mentioned in this paper is an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data by leveraging Android's virtualized execution environment.
Program slicing
Keith Gallagher,David Binkley +1 more
TL;DR: Applications of program slicing are surveyed, ranging from its first use as a debugging technique to current applications in property verification using finite state models, and a summary of research challenges for the slicing community is discussed.
Proceedings ArticleDOI
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
William Enck,Peter Gilbert,Byung-Gon Chun,Landon P. Cox,Jaeyeon Jung,Patrick McDaniel,Anmol Sheth +6 more
TL;DR: Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, this work found 68 instances of misappropriation of users' location and device identification information across 20 applications.
Proceedings ArticleDOI
Semantics-aware malware detection
TL;DR: Experimental evaluation demonstrates that the malware-detection algorithm can detect variants of malware with a relatively low run-time overhead and the semantics-aware malware detection algorithm is resilient to common obfuscations used by hackers.
Proceedings ArticleDOI
Pixy: a static analysis tool for detecting Web application vulnerabilities
TL;DR: This paper uses flow-sensitive, interprocedural and context-sensitive dataflow analysis to discover vulnerable points in a program and applies it to the detection of vulnerability types such as SQL injection, cross-site scripting, or command injection.