Mobile devices are increasingly becoming popular. Their annual sales already exceed PC sales. However, they bring new security and private issues with them owing to the different architectures and platforms, and the wealth of private data that they store.

Today’s smartphone application markets host an ever increasing number of applications. The sheer number of applications makes their review a daunting task. AppsPlayground is a framework that automates dynamic analysis of Android applications. It integrates multiple components comprising different detection and automatic exploration techniques for this purpose and is effective at detecting privacy leaks and malicious functionality in applications.

With mobile malware threats (e.g., on Android) becoming a real concern, it is important to measure the available defense against mobile malware and propose effective, next-generation solutions. With this purpose, we evaluated state-of-the-art commercial mobile anti-malware products for Android and tested how resistant they are against various common obfuscation techniques (even with known malware). We developed DroidChameleon, a systematic framework with various transformation techniques, and used it for our study. Our results on ten popular commercial anti-malware applications for Android are worrisome: none of these tools is resistant against common malware transformation techniques. Moreover, the required transformation for evading these tools are often simple.

Due to the open nature of application markets, especially on Android, there have been several privacy and security concerns with the applications hosted there. On Google Play, as with most other markets, users have direct access to natural-language descriptions of those applications, which give an intuitive idea of the functionality including the security-related information of those applications. Google Play also provides the permissions requested by applications to access security and privacy-sensitive APIs on the devices. Users may use such a list to evaluate the risks of using these applications. To best assist the end users, the descriptions should reflect the need for permissions, which we term description-to-permission fidelity. AutoCog is a system to automatically assess description-to-permission fidelity of applications. AutoCog employs state-of-the-art techniques in natural language processing and our own learning-based algorithm to relate description with permissions. In our evaluation, AutoCog outperforms other related work on both performance of detection and ability of generalization over various permissions by a large extent.

People

Zhengyang Qu
Xiang Pan
Yan Chen
Rui Shao
Guanyu Guo
Zhengyue Shao
Tiantian Zhu

Collaborators

Christopher Kruegel, University of California, Santa Barbara
Giovanni Vigna, University of California, Santa Barbara
William Enck, North Carolina State University
Xuxian Jiang, North Carolina State University
Ryan Riley, Qatar University
Vaibhav Rastogi, University of Wisconsin–Madison
Yinzhi Cao, Lehigh University
Shihong Zou, Beijing University of Post and Telecommunications

Publications

  1. Vaibhav Rastogi, Rui Shao, Yan Chen, Xiang Pan, Shihong Zou, and Ryan Riley, Are These Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces, in the Proc. of the Network and Distributed System Security Symposium (NDSS), 2016 (60/389=15%).
    Presentation PowerPoint
    Featured in Sciencecodex, Northwestern McComick News
  2. Vaibhav Rastogi, Zhengyang Qu, Jedidiah McClurg, Yinzhi Cao, and Yan Chen, "Uranine: Real-time Privacy Leakage Monitoring without System Modification for Android", in the Proc. of International Conference on Security and Privacy in Communication Networks (SECURECOMM), 2015 (30/108=28%).

  3. Yinzhi Cao, Xiang Pan, and Yan Chen, "SafePay: Protecting against Credit Card Forgery with Existing Magnetic Card Readers", in the Proc. of the IEEE Conference on Communications and Network Security (CNS), 2015 (48/171=28%).
    Presentation PowerPoint
    Won the Best Paper Award
  4. Yinzhi Cao, Yanick Fratantonio, Manuel Egele, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna, Yan Chen, EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework, in the Proc. of Internet Society NDSS Symposium, 2015 (50/313 = 15.9%).
    Data and source code can be downloaded here.
  5. Zhengyang Qu, Vaibhav Rastogi, Xinyi Zhang, Yan Chen, and Zhong Chen. AutoCog: Measuring the Description-to-permission Fidelity in Android Applications, to appear in the Proc. of 21st ACM Conference on Computer and Communications Security (CCS), 2014.

  6. Vaibhav Rastogi, Yan Chen, and Xuxian Jiang. Catch Me if You Can: Evaluating Android Anti-malware against Transformation Attacks, in IEEE Transactions on Information Forensics and Security (TIFS), Vol. 9, No. 1, pp.99-108, 2014.

  7. Vaibhav Rastogi, Yan Chen, and Xuxian Jiang. DroidChameleon: Evaluating Android Anti-malware against Transformation Attacks, in the Proc. of Eighth ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2013. [slides]

    Research featured in Dark Reading, Information Week, The H, heise Security, Security Week, Slashdot, Help Net Security, ISS Source, EFY Times, Tech News Daily, Fudzilla, VirusFreePhone, McCormick Northwestern News, ScienceDaily, Phys.org, ACM Tech News, NBC News, and Wall Street Journal.

    Dataset shared with several security companies, including Lookout, AVG, NQ Mobile, and McAfee, and with other researchers around the world.

  8. Vaibhav Rastogi, Yan Chen, and William Enck. AppsPlayground: Automatic Security Analysis of Smartphone Applications, in the Proc. of Third ACM Conference on Data and Application Security and Privacy (CODASPY), 2013. [slides] [demo]

Technical Reports

  1. Vaibhav Rastogi, Yan Chen, and Xuxian Jiang. DroidChameleon: Evaluating Android Anti-malware against Transformation Attacks, technical report NU-EECS-13-01, Electrical Engineering and Computer Science, Northwestern University, 2013.

Tool Release

Please use this link to obtain AppsPlayground. You will find here Android source code patches and instructions for building and running AppsPlayground.

DroidChameleon source code is available upon request. The tool does not have a public download link as it can be used for producing malware.

We have released two applications on Google Play, AutoCog and PrivacyShield, which is a project under development.