Journal ArticleDOI
User Credential Cloning Attacks in Android Applications: Exploiting Automatic Login on Android Apps and Mitigating Strategies
Reads0
Chats0
TLDR
This article demonstrates an execution of this attack in a systematic manner through two real-world Android application case studies by implementing a prototype to mitigate the risk of user credential data being stolen from the application files.Abstract:
Automatic login is a commonly used feature of smartphones, because their small keyboards make it difficult to key in user credential information. However, this feature may pose a serious risk to smartphone users? privacy. The stored data for automatic login could be stolen by an attacker, resulting in identity theft. In this article, we demonstrate an execution of this attack in a systematic manner through two real-world Android application case studies by implementing a prototype. We also discuss five possible defense strategies to mitigate the risk of user credential data being stolen from the application files.read more
Citations
More filters
Book ChapterDOI
When Harry Met Tinder: Security Analysis of Dating Apps on Android
TL;DR: An analysis of security and privacy issues in popular dating apps on Android through network traffic analyses and reverse engineering techniques for each dating app shows that user credential data can be stolen from all five applications.
Proceedings ArticleDOI
App's Auto-Login Function Security Testing via Android OS-Level Virtualization
TL;DR: VPDroid as discussed by the authors is a transparent Android OS-level virtualization platform tailored for security testing, where security analysts can customize different device artifacts, such as CPU model, Android ID, and phone number, in a virtual phone without user-level API hooking.
Book ChapterDOI
Research on the Security Risks and the Preventive Strategies of Android Smart-Phones
TL;DR: Based on the comprehensive analysis and study of various security risks faced by the Android smart phones, the corresponding preventive measures are put forward in order to ensure the security of the Androidsmart phones to some extent.
Journal ArticleDOI
Android Data-Clone Attack via Operating System Customization
TL;DR: This article designs an identity theft method that overcomes the problem of incomplete credential extraction and eliminates the requirement of root authority, and develops a transparent Android OS customization solution, named CloneDroid, which simulates 101 special attributes of Android OS.
Posted Content
App's Auto-Login Function Security Testing via Android OS-Level Virtualization.
TL;DR: VPDroid as mentioned in this paper is a transparent Android OS-level virtualization platform tailored for security testing, where security analysts can customize different device artifacts, such as CPU model, Android ID, and phone number, in a virtual phone without user-level API hooking.
References
More filters
Proceedings ArticleDOI
Obfuscation of executable code to improve resistance to static disassembly
Cullen Linn,Saumya K. Debray +1 more
TL;DR: Experimental results indicate that significant portions of executables that have been obfuscated using the techniques described are disassembled incorrectly, thereby showing the efficacy of the methods.
Proceedings ArticleDOI
RiskRanker: scalable and accurate zero-day android malware detection
TL;DR: An automated system called RiskRanker is developed to scalably analyze whether a particular app exhibits dangerous behavior and is used to produce a prioritized list of reduced apps that merit further investigation, demonstrating the efficacy and scalability of riskRanker to police Android markets of all stripes.
Proceedings ArticleDOI
Detecting repackaged smartphone applications in third-party android marketplaces
TL;DR: An app similarity measurement system called DroidMOSS is implemented that applies a fuzzy hashing technique to effectively localize and detect the changes from app-repackaging behavior, which shows a worrisome fact that 5% to 13% of apps hosted on six popular Android-based third-party marketplaces are repackaged.
Journal ArticleDOI
Understanding Android Security
TL;DR: Android's security model is described and attempts to unmask the complexity of secure application development, identifying lessons and opportunities for future enhancements.
Proceedings ArticleDOI
Password management strategies for online accounts
Shirley Gaw,Edward W. Felten +1 more
TL;DR: This study quantifies how many passwords undergraduates had and how often they reused them, and discusses how current systems support poor password practices and potential changes in website authentication systems and password managers.