SafeCandy: System for security, analysis and validation in Android

  • Sebastián Londoño Universidad Icesi, Cali
  • Christian Urcuqui Universidad Icesi, Cali http://orcid.org/0000-0002-4627-1477
  • Manuel Fuentes Amaya Password Consulting Services, Bogotá
  • Johan Gómez Password Consulting Services, Bogotá
  • Andrés Navarro Cadavid Universidad Icesi, Cali
Keywords: Mobile security, Android security, ASEF, anti-malware.

Abstract

Android is an operating system which currently has over one billion active users for all their mobile devices, a market impact that is influencing an increase in the amount of information that can be obtained from different users, facts that have motivated the development of malicious software by cybercriminals. To solve the problems caused by malware, Android implements a different architecture and security controls, such as a unique user ID (UID) for each application, while an API permits its distribution platform, Google Play applications. It has been shown that there are ways to violate that protection, so the developer community has been developing alternatives aimed at improving the level of safety. This paper presents: the latest information on the various trends and security solutions for Android, and SafeCandy, an app proposed as a new system for analysis, validation and configuration of Android applications that implements static and dynamic analysis with improved ASEF. Finally, a study is included to evaluate the effectiveness in threat detection of different malware antivirus software for Android.

Downloads

Download data is not yet available.

Author Biographies

Sebastián Londoño, Universidad Icesi, Cali

MSc. Systems Engineer (emphasis in Management and Computing) and Master in Computing Management and Telecommunications from the Universidad Icesi (Cali-Colombia). As part of Informatics and Telecommunications research group [i2t] participated in "Safe Candy: analysis, validation and security configuration for Android apps" project

Christian Urcuqui, Universidad Icesi, Cali

Systems Engineer (emphasis in Management and Computing) and Master in Computing Management and Telecommunications student from the Universidad Icesi (Cali-Colombia). As part of Informatics and Telecommunications research group [i2t] participated in "Safe Candy: analysis, validation and security configuration for Android apps" project

Manuel Fuentes Amaya, Password Consulting Services, Bogotá

Electronic Engineer from the Universidad del Cauca. He works for Password Consulting Services (Bogotá, Colombia) and was a member of developers team in "Safe Candy: analysis, validation and security configuration for Android apps" project

Johan Gómez, Password Consulting Services, Bogotá
Electronic Engineer from the Universidad del Cauca. He works for Password Consulting Services (Bogotá, Colombia) and was a member of developers team in "Safe Candy: analysis, validation and security configuration for Android apps" project
Andrés Navarro Cadavid, Universidad Icesi, Cali

Ph.D. Electronic Engineer and Magister in Technology Management of the Universidad Pontificia Bolivariana (Medellín, Colombia) and Doctor of Engineering in Telecommunications of the Universidad Politécnica de Valencia (Spain). Full time professor and leader of the Informatics and Telecommunications research group (i2T) attached to the Information and Communications Department at the Universidad Icesi (Cali-Colombia). Counselor at the National Program of Electronics, Telecommunications and Informatics [ETI]. Spectrum Management and Cognitive Radio are two of his major interest areas

References

Android Open Source Project (n.d). Security. Retrieved from: https://source.android.com/devices/tech/security/

Au, K. W. Y., Zhou, Y. F., Huang, Z., & Lie, D. (2012). Pscout. Analyzing the android permission specification. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, (pp. 217-228). New York, NY: ACM.

Batyuk, L., Herpich, M., Camtepe, S. A., Raddatz, K., Schmidt, A., & Albayrak, S. (2011). Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications. In 2011 6th International Conference on Malicious and Unwanted Software (MALWARE), (pp. 66-72). Piscataway, NJ: IEEE.

Bishop, M.A. (2002). The art and science of computer security, Boston, MA: Addison-Wesley Longman.

Burguera, I., Zurutuza, U., & Nadjm-Tehrani, S. (2011). Crowdroid: behavior-based malware detection system for android. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, (pp. 15-26). New York, NY: ACM.

Dharmdasani H., & Pidathala V. (2014, march 31). Android.MisoSMS : Its Back! Now With XTEA. Retrieved from: https://www.fireeye.com/blog/threat-research/2014/03/android-misosms-its-back-now-with-xtea.html

Drake, J. J., Lanier, Z., Mulliner, C., Fora, P. O., Ridley, S. A., & Wicherski, G. (2014). Android hacker's handbook. Indianapolis, IN: John Wiley & Sons.

Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B. G., Cox, L. P., ... & Sheth, A.N. (2014). TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), 32(2), 5.

Enck, W., Octeau, D., McDaniel, P., & Chaudhuri, S. (2011). A study of Android application security. In USENIX security symposium (Vol. 2, p. 2). Berkeley, CA: Usenix.

Forristal, J. (2014). Android fake ID vulnerability. In Black Hat USA, 2014. Black Hat Materials, Retrieved from: https://www.blackhat.com/docs/us-14/materials/us-14-Forristal-Android-FakeID-Vulnerability-Walkthrough.pdf

Fuentes, M. & Gómez, J. (2014). Valoración de la plataforma ASEF como base para detección de malware en aplicaciones Android. Ingenium, 8(21), 11-23.

Ghorbanzadeh, M., Chen, Y., Ma, Z., Clancy, T. C., & McGwier, R. (2013), A neural network approach to category validation of android applications. In 2013 International Conference on Computing, Networking and Communications (ICNC), (pp. 740-744), Piscataway, NJ: IEEE.

Gopan, D., & Reps, T. (2007). Low-level library analysis and summarization. In Computer aided verification (pp. 68-81).Berlin-Heidelberg, Germany: Springer.

Grace, M., Zhou, Y., Zhang, Q., Zou, S., & Jiang, X. (2012). Riskranker: scalable and accurate zero-day android malware detection. In Proceedings of the 10th international conference on Mobile systems, applications, and services, (pp. 281-294). New York, NY: ACM.

Khandelwal, S. (2014a, March 26). Android malware 'dendroid' targeting Indian users [blog The Hacker News]. Retrieved from: http://thehackernews.com/2014/03/android-malware-dendroid-targeting_26.html

Khandelwal, S. (2014b, May 6). Police ransomware malware targeting Android smartphones [blog The Hacker News]. Retrieved fromhttp://thehackernews.com/2014/05/police-ransomware-malware-targeting.html

Mutz, D., Robertson, W., Vigna, G., & Kemmerer, R. (2007). Exploiting execution context for the detection of anomalous system calls. In Recent advances in intrusion detection, (pp. 1-20. .Berlin-Heidelberg, Germany: Springer.

Nadji, Y., Giffin, J., & Traynor, P. (2011). Automated remote repair for mobile malware. In Proceedings of the 27th Annual Computer Security Applications Conference, (pp. 413-422). New York, NY: ACM.

Navarro, A., Sebastián, L., Urcuqui, C., Fuentes, M., & Gomez, J. (2014). Análisis y caracterización de frameworks para detección de aplicaciones maliciosas en Android. In XIV Jornada Internacional de Seguridad Informática ACIS 2014, (Art.1) [CD]. Available at http://52.0.140.184/typo43/index.php?id=2114

Oja, M., Kaski, S., & Kohonen, T. (2003). Bibliography of self-organizing map (SOM) papers: 1998-2001 addendum. Neural Computing Surveys, 3. Retrieved from http://www.cis.hut.fi/research/refs/NCS_vol3_1.pdf

Petsas, T., Voyatzis, G., Athanasopoulos, E., Polychronakis, M., & Ioannidis, S. (2014). Rage against the virtual machine: hindering dynamic analysis of android malware. In Proceedings of the Seventh European Workshop on System Security, (p. 5). New York, NY: ACM.

Pichai, S. (2014). Google I/O 2014 - Keynote [video. 6:43m]. Retrieved from: https://www.google.com/events/io

Portokalidis, G., Homburg, P., Anagnostakis, K., & Bos, H. (2010). Paranoid Android: versatile protection for smartphones. In Proceedings of the 26th Annual Computer Security Applications Conference, (pp. 347-356). New York, NY: ACM.

Smalley, S., & Craig, R. (2013). Security enhanced (SE) Android: Bringing flexible Mac to Android. In 20th Annual Network and Distributed System Security Symposium (NDSS'13), (pp. 20-38). Reston, VA: The Internet Society.

Tor Project (s.f). Anonymity online. Retrieved from: http://www.torproject.org/

Wei, T., Zhang, Y., Xue, H., Zheng, M., Ren, C., & Song, D. (2014). Sidewinder: Targeted attack against Android in the golden age of ad libraries. In Black Hat 2014, Black Hat Materials. Retrieved from: https://www.blackhat.com/docs/us-14/materials/us-14-Wei-Sidewinder-Targeted-Attack-Against-Android-In-The-Golden-Age-Of-Ad-Libs.pdf

Yadav, N. P. & Shivamurthy, R. C. (2013). Faamac: Forensic Analysis of Android Mobile Applications using Cloud Computing. International Journal on Recent and Innovation Trends in Computing and Communication, 2(5), 1069-1073.

Yan, L. K., & Yin, H. (2014). DroidScope: Seamlessly reconstructing the OS and dalvik semantic views for dynamic android malware analysis. In USENIX security symposium, (pp. 569--584).

Yerima, S. Y., Sezer, S., & Muttik, I. (2014). Android malware detection using parallel machine learning classifiers. In 2014 Eighth International Conference on Next Generation Mobile Apps, Services and Technologies (NGMAST), (pp. 37-42). Piscataway, NJ: IEEE.

Zhou, W., Zhou, Y., Jiang, X., & Ning, P. (2012). Detecting repackaged smartphone applications in third-party android marketplaces. In Proceedings of the second ACM conference on Data and Application Security and Privacy, (pp. 317-326). New York, NY: ACM.

Zhou, Y., & Jiang, X. (2012). Dissecting android malware: Characterization and evolution. In 2012 IEEE Symposium on Security and Privacy (SP), (pp. 95-109). Piscataway, NJ: IEEE.
Published
2015-12-03
Section
Original Research