The Experts below are selected from a list of 1926 Experts worldwide ranked by ideXlab platform
Debin Gao - One of the best experts on this subject based on the ideXlab platform.
-
WISEC - Towards Dynamically Monitoring Android Applications on Non-Rooted Devices in the Wild
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks, 2018Co-Authors: Xiaoxiao Tang, Yan Lin, Debin GaoAbstract:Dynamic analysis is an important technique to reveal sensitive behavior of Android apps. Current works require access to the code-level and system-level events (e.g., API calls and system calls) triggered by the running apps and consequently they can only be conducted on in-lab running environments (e.g., emulators and modified OS). The strict requirement of running environment hinders their deployment in scale and makes them vulnerable to anti-analysis techniques. Furthermore, current dynamic analysis of Android apps exploits input generators to invoke app behavior, which, however, cannot provide sufficient code coverage. We propose to dynamically analyze app behavior on non-Rooted devices used by the public so that it is possible to analyze dynamically in scale without input generators. By doing so, we also maximize the code coverage since the app behavior is invoked by real users of the apps. To achieve such a goal, we build UpDroid, a system for detecting sensitive behavior without modifying Android OS, Rooting the device, or leveraging emulators. UpDroid detects sensitive events by monitoring the changing of public resources on the device, instead of accessing low-level events that require Rooting or system modification. To identify the apps that trigger the detected events, UpDroid formulates the identification as a ranking problem and adopts learning to rank technique to solve it. Our experimental results demonstrate that UpDroid can successfully detect the use of 15 out of 26 Permissions that are labeled dangerous in the official Android documentation. We also compare UpDroid with API hooking which can theoretically capture all sensitive behavior but requires Root Permission and system modifications. Results show that UpDroid can still achieve 70% coverage of API hooking even without Root Permission or any system modifications.
Jen-yi Pan - One of the best experts on this subject based on the ideXlab platform.
-
ICNC - Advertisement removal of Android applications by reverse engineering
2017 International Conference on Computing Networking and Communications (ICNC), 2017Co-Authors: Jen-yi PanAbstract:Millions of apps cover all aspects of our lives and make smartphones success. Advertisers financially support developers but also collect users' privacy. Several ad blocking apps help users to eliminate advertisement by filtering or redirection for certain targets whose list is maintained by a third party, and some of them require Root Permission. We develop an advertisement removal program with the technique of reverse engineering, which can effectively patch the advertising code, even obfuscated by other tools. The proposed method takes no overhead at runtime, and requires neither Root Permission nor list updating. This study also gives a different perspective on tailoring behavior of Android applications.
Xiaoxiao Tang - One of the best experts on this subject based on the ideXlab platform.
-
WISEC - Towards Dynamically Monitoring Android Applications on Non-Rooted Devices in the Wild
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks, 2018Co-Authors: Xiaoxiao Tang, Yan Lin, Debin GaoAbstract:Dynamic analysis is an important technique to reveal sensitive behavior of Android apps. Current works require access to the code-level and system-level events (e.g., API calls and system calls) triggered by the running apps and consequently they can only be conducted on in-lab running environments (e.g., emulators and modified OS). The strict requirement of running environment hinders their deployment in scale and makes them vulnerable to anti-analysis techniques. Furthermore, current dynamic analysis of Android apps exploits input generators to invoke app behavior, which, however, cannot provide sufficient code coverage. We propose to dynamically analyze app behavior on non-Rooted devices used by the public so that it is possible to analyze dynamically in scale without input generators. By doing so, we also maximize the code coverage since the app behavior is invoked by real users of the apps. To achieve such a goal, we build UpDroid, a system for detecting sensitive behavior without modifying Android OS, Rooting the device, or leveraging emulators. UpDroid detects sensitive events by monitoring the changing of public resources on the device, instead of accessing low-level events that require Rooting or system modification. To identify the apps that trigger the detected events, UpDroid formulates the identification as a ranking problem and adopts learning to rank technique to solve it. Our experimental results demonstrate that UpDroid can successfully detect the use of 15 out of 26 Permissions that are labeled dangerous in the official Android documentation. We also compare UpDroid with API hooking which can theoretically capture all sensitive behavior but requires Root Permission and system modifications. Results show that UpDroid can still achieve 70% coverage of API hooking even without Root Permission or any system modifications.
Yan Lin - One of the best experts on this subject based on the ideXlab platform.
-
WISEC - Towards Dynamically Monitoring Android Applications on Non-Rooted Devices in the Wild
Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks, 2018Co-Authors: Xiaoxiao Tang, Yan Lin, Debin GaoAbstract:Dynamic analysis is an important technique to reveal sensitive behavior of Android apps. Current works require access to the code-level and system-level events (e.g., API calls and system calls) triggered by the running apps and consequently they can only be conducted on in-lab running environments (e.g., emulators and modified OS). The strict requirement of running environment hinders their deployment in scale and makes them vulnerable to anti-analysis techniques. Furthermore, current dynamic analysis of Android apps exploits input generators to invoke app behavior, which, however, cannot provide sufficient code coverage. We propose to dynamically analyze app behavior on non-Rooted devices used by the public so that it is possible to analyze dynamically in scale without input generators. By doing so, we also maximize the code coverage since the app behavior is invoked by real users of the apps. To achieve such a goal, we build UpDroid, a system for detecting sensitive behavior without modifying Android OS, Rooting the device, or leveraging emulators. UpDroid detects sensitive events by monitoring the changing of public resources on the device, instead of accessing low-level events that require Rooting or system modification. To identify the apps that trigger the detected events, UpDroid formulates the identification as a ranking problem and adopts learning to rank technique to solve it. Our experimental results demonstrate that UpDroid can successfully detect the use of 15 out of 26 Permissions that are labeled dangerous in the official Android documentation. We also compare UpDroid with API hooking which can theoretically capture all sensitive behavior but requires Root Permission and system modifications. Results show that UpDroid can still achieve 70% coverage of API hooking even without Root Permission or any system modifications.
Sangjin Lee - One of the best experts on this subject based on the ideXlab platform.
-
Forensic analysis techniques for fragmented flash memory pages in smartphones
Digital Investigation, 2012Co-Authors: Jungheum Park, Hyunji Chung, Sangjin LeeAbstract:Abstract A mobile phone contains important personal information, and therefore, it should be considered in digital forensic investigations. Recently, the number of smartphone owners has increased drastically. Unlike feature phones, smartphones have high-performance operating systems (e.g., Android, iOS), and users can install and utilize various mobile applications on smartphones. Smartphone forensics has been actively studied because of the importance of smartphone user data acquisition and analysis for digital forensic purposes. In general, there are two logical approaches to smartphone forensics. The first approach is to extract user data using the backup and debugging function of smartphones. The second approach is to get Root Permission through the Rooting or the bootloader method with custom kernel, and acquire an image of the flash memory. In addition, the other way is to acquire an image on a more physical way by using e.g., JTAG or chipoff process. In some cases, it may be possible to reconstruct and analyze the file system. However, existing methods for file system analysis are not suitable for recovering and analyzing data deleted from smartphones depending on the manner in which the flash memory image has to be acquired. This paper proposes new analysis techniques for fragmented flash memory pages in smartphones. In particular, this paper demonstrates analysis techniques on the image that the reconstruction of file system is impossible because the spare area of flash memory pages does not exist or that it is created from the unallocated area of the undamaged file system.
