• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.4
• /
• pp.11-18
• /
• 2016

Due to open source policy, Android systems are exposed to a variety of security problems. In particular, app reuse attacks are detrimental threat to the Android system security. This is because attacker can create core malign components and quickly generate a bunch of malicious apps by reusing these components. Hence, it is very imperative to discern whether Android apps contain reused components. To meet this need, we propose an Android app reuse analysis technique based on the Sequential Hypothesis Testing. This technique quickly makes a decision with a few number of samples whether a set of Android apps is made through app reuse. We performed experimental study with 6 malicious app groups, 1 google and 1 third-party app group such that each group consists of 100 Android apps. Experimental results demonstrate that our proposed analysis technique efficiently judges Android app groups with reused components.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.6
• /
• pp.107-113
• /
• 2021

In this paper, we conducted an empirical study to investigate whether Android app descriptions provide enough permission usages for measuring app quality in terms of human writing and consistency between code and descriptions. Android app descriptions are analyzed for various purposes such as quality measurement, functionality recommendation, and malware detection. However, many app descriptions do not disclose permission usages, whether accidentally or on purpose. Most importantly, the previous studies could not precisely analyze app descriptions if permission usages cannot be completely introduced in app descriptions. To assess the consistency between permissions and app descriptions, we implemented a state-of-the-art method to predict Android permissions for 29,270 app descriptions. As a result, 25% of app descriptions may not contain any permission semantic, and 57% of app descriptions cannot accurately reflect permission usages.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.5
• /
• pp.309-316
• /
• 2014

It is easy to reverse engineer an Android app package file(APK) and get its decompiled source code. Therefore, attackers obtains economic benefits by illegally using the decompiled source code, or modifies an app by inserting malware. To address these problems in Android, we propose an APK overwrite scheme that protects apps against illegal modification of themselves by using a new anti-reverse engineering technique. In this paper, the targets are the apps which have been written by any programmer. For a target app (original app), server system (1) makes a copy of a target app, (2) encrypts the target app, (3) creates a stub app by replacing the DEX (Dalvik Executable) of the copied version with our stub DEX, and then (4) distributes the stub app as well as the encrypted target app to users of smartphones. The users downloads both the encrypted target app and the corresponding stub app. Whenever the stub app is executed on smartphones, the stub app and our launcher app decrypt the encrypted target app, overwrite the stub app with the decrypted target one, and executes the decrypted one. Every time the target app ends its execution, the decrypted app is deleted. To verify the feasibility of the proposed scheme, experimentation with several popular apps are carried out. The results of the experiment demonstrate that our scheme is effective for preventing reverse engineering and tampering of Android apps.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.205-214
• /
• 2019

Android uses app cache files to improve app execution performance. However, this optimization technique may raise security issues that need to be examined. In this paper, we present a practical design of "Android app cache manipulation attack" to intentionally modify the cache files of a target app, which can be misused for stealing personal information and performing malicious activities on target apps. Even though the Android framework uses a checksum-based integrity check to protect app cache files, we found that attackers can effectively bypass such checks via the modification of checksum of the target cache files. To demonstrate the feasibility of our attack design, we implemented an attack tool, and performed experiments with real-world Android apps. The experiment results show that 25 apps (86.2%) out of 29 are vulnerable to our attacks. To mitigate app cache manipulation attacks, we suggest two possible defense mechanisms: (1) checking the integrity of app cache files; and (2) applying anti-decompilation techniques.

• Journal of Korea Multimedia Society
• /
• v.17 no.5
• /
• pp.601-612
• /
• 2014

As the more people use smart phones, the interest in the apps gets the higher. Studies such as App Inventor, app generation methods using templates provide app development process with app development methods by substituting programming work. However, the realm of producible apps is limited and there are a lot of set up operations and input informations. Also, there is lack of support for smart phone sensors that are in a high demand of utilization. This paper proposed an android app development method for resolving existing problems, and implemented an accompanying app development tool. When the proposed app development method derived through combination of function modules and sensor modules is used, it's possible to produce apps with minimal user inputs, and to use sensors easily. Also, because it is simple to identify overall flow of app execution, and functions addible to the app are provided for users by units of module, it is possible to develop apps quickly.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1209-1223
• /
• 2018

Android apps are made up of bytecode, so they are vulnerable to reverse engineering, and protection services are emerging that robustly repackage the app to compensate. Unlike cryptographic algorithms, the robustness of these protection services depends heavily on hiding the protection scheme. Therefore, there are few systematic discussions about the protection method even if destruction techniques of the protection service are various. And it is implemented according to the intuition of the developer. There is a need to discuss systematic protection schemes for robust security chains, rather than simple deployment of techniques disrupting static or dynamic analysis. In this paper, we analyze bangcle, a typical commercial Android app protection service, to examine the protection structure and vulnerable elements. We propose the requirements for robust structure and principles of protection structure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.617-623
• /
• 2018

This study focuses on detection of malicious code through AndroidManifest permissoion feature extracted based on Android static analysis. Features are built on the permissions of AndroidManifest, which can save resources and time for analysis. Malicious app detection model consisted of SVM (support vector machine), NB (Naive Bayes), Gradient Boosting Classifier (GBC) and Logistic Regression model which learned 1,500 normal apps and 500 malicious apps and 98% detection rate. In addition, malicious app family identification is implemented by multi-classifiers model using algorithm SVM, GPC (Gaussian Process Classifier) and GBC (Gradient Boosting Classifier). The learned family identification machine learning model identified 92% of malicious app families.

• Journal of Internet Computing and Services
• /
• v.20 no.2
• /
• pp.61-68
• /
• 2019

Although the number of smartphone users is continuously increasing due to the advantage of being able to easily use most of the Internet services, the number of counterfeit applications is rapidly increasing and personal information stored in the smartphone is leaked to the outside. Because Android app was developed with Java language, it is relatively easy to create counterfeit apps if attacker performs the de-compilation process to reverse app by abusing the repackaging vulnerability. Although an obfuscation technique can be applied to prevent this, but most mobile apps are not adopted. Therefore, it is fundamentally impossible to block repackaging attacks on Android mobile apps. In addition, personal information stored in the smartphone is leaked outside because it does not provide a forgery self-verification procedure on installing an app in smartphone. In order to solve this problem, blockchain is used to implement a process of certificated application registration and a fake app identification and detection mechanism is proposed on Hyperledger Fabric framework.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.9-15
• /
• 2012

In recently years, repackaged malwares are becoming increased rapidly in Android smartphones. The repackaging is a technique to disassemble an app in a market, modify its source code, and then re-assemble the code, so that it is commonly used to make malwares by inserting malicious code in an app. However, it is impossible to collect all the apps in many android markets including too many apps. To solve the problem, we propose RePAD (RePackaged App Detector) scheme that is composed of a client and a remote server. In the smartphone-side, the client extracts the information of an app with low CPU overhead when a user installs the app. The remote server analyzes the information to decide whether the app is repackaged or not. Thus, the scheme reduces the time and cost to decide whether apps are repackaged. For the experiments, the client and server are implemented as an app on Galaxy TAB and PC respectively. We indicated that seven pairs of apps among ones collected in official and unofficial market are repackaged. Furthermore, RePAD only increases the average of CPU overhead of 1.9% and the maximum memory usage of 3.5 MB in Galaxy TAB.

• The Journal of the Korea Contents Association
• /
• v.12 no.11
• /
• pp.20-29
• /
• 2012

Recently, Digital Information Display(DID) technologies have been used to advertise the various contents such as video, image, text and etc. However most of recent DIDs are still using the traditional one directional advertising mechanism delivering the contents only to the customers. In this paper, we present the design and implementation of an App Scheduler on Android platform to effectively manage the Android Apps related to the advertisement which can attract customers' attention and reflect their ideas in the advertisement.