Identifying Insecure Features in Android Applications using Model Checking

Fabio Martinelli; Francesco Mercaldo; Vittoria Nardone

doi:10.5220/0006758105890596

Identifying Insecure Features in Android Applications using Model Checking

Fabio Martinelli, Francesco Mercaldo, Vittoria Nardone

2018

Abstract

Nowadays Android is the most widespread operating system. This is the reason why malware writers target it. Both researchers and commercial antimalware provide several solutions to fix and detect this phenomenon. They analyze one single application per time using combinations of static, dynamic and behavior based techniques. However, one of the last new threats is the collusion attack. In order to perpetrate this attack the malicious behaviour is divided between two or more applications: collusion refers to multiple applications that accomplish their fragment of malicious behaviour and then communicate using the Inter Component Communication mechanism provided by Android platform. Basically the colluded applications intentionally put in view private and sensitive information. The aim of this paper is to investigate whether legitimate and malware applications share private data. One way to exchange data between different applications in Android environment is through Shared Preferences. In this preliminary work we investigate whether an application transfers data using Shared Preferences with public visibility.

Download

Paper Citation

in Harvard Style

Martinelli F., Mercaldo F. and Nardone V. (2018). Identifying Insecure Features in Android Applications using Model Checking.In Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ForSE, ISBN 978-989-758-282-0, pages 589-596. DOI: 10.5220/0006758105890596

in Bibtex Style

@conference{forse18,
author={Fabio Martinelli and Francesco Mercaldo and Vittoria Nardone},
title={Identifying Insecure Features in Android Applications using Model Checking},
booktitle={Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ForSE,},
year={2018},
pages={589-596},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006758105890596},
isbn={978-989-758-282-0},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ForSE,
TI - Identifying Insecure Features in Android Applications using Model Checking
SN - 978-989-758-282-0
AU - Martinelli F.
AU - Mercaldo F.
AU - Nardone V.
PY - 2018
SP - 589
EP - 596
DO - 10.5220/0006758105890596