Create your own awesome maps

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account?
Log In

Android Security Open Problems by Mind Map: Android Security Open Problems
0.0 stars - reviews range from 0 to 5

Android Security Open Problems

Repackaging

Detecting Piggybacked Code

Dynamic Analysis

Sandbox

Droidbox

Real-time Monitoring

Taintdroid

Aurasium

Input Generation

Dynodroid, Game Based Malware

Monkey

Mobile Specific Features

Battery consumption

Data Usage

Crowdsourcing

Crowdroid

Open Problems

Bouncer

Static Analysis

Class Dependence

The connections between components of a program can be used as features in application verification.

Graph Centrality

Component Count

Malicious applications have significantly more services and receivers than benign ones.

Permissions

The permissions requested by an application often indicate how dangerous it is. Several tools look for unusual permission request as one of many ways to characterize malware. For example a flashlight application should not need access to SMS functionality. Malicious applications tend to have more permissions than benign ones.

Data Flow

User-Centric Analysis

Control Flow

Opcodes

The linked paper describes DROIDMoss which uses a rolling hash to detect repackaged applications.

DroidMoss

Imported Packages

DroidRanger uses imported packages as one means of detecting malware.

Market Data

Features such as price, author, description, number of downloads, etc. can help identify malware.

Analyzing Native Code

Apps that load native code in an unusual way are likely to be malicious.

Tools

DroidMat

Androguard

Open problems?

Hard to separate malicious code from benign

Malware Provenance and Phylogeny

Poor Application Verification, Weak Default App Scanner, Limitted AV Products, Anti-malware against Transformation Attacks, Partial Solutions, Acquiring VirusTotal, Private App Channels

obfuscation

dynamic code loading

limitted availability of tools

Mobile Botnets

Epidemic Spread

Proposes a P.O.C. method for device to device infection of iPhones. The method is based on evil twin networks.

Attacking Network Services

Proposed a method for using a mobile botnet to attack network infrastructure. Very thorough in suggesting attacks that require less resources and maximize damage done.

Evasive and Robust P.O.C.

Proposed a very effective design for a mobile botnet.

Tracking Uninfected Devices

A network of participating/infected mobile devices can track other mobile devices that are near them, but not participating/infected.

User Education

Ignoring Permissions

83% of users don't pay attention to permissions. 42% do not know what permissions are.

Phishing

Improperly Rooting Devices

Alternative Markets

Browser Attacks

Phishing

Click Through

Easy to Reverse Engineer Apps

Adjacking

Modifying an application ads so that ad revenue is sent to the hacker instead of the original developer.

Loss of Intellectual Property

Tools

Apktool

Dex2Jar

Dexdump

Android Forensics

Hiding Data

Data Mining Personal Information

Link is to a video game demonstration. Players are able to hack mobile devices and see relevant, private information about the people they hack. In order to find the relevant information there would need to be an AI that determines what is most interesting.

Physical Access Attacks

password cracking, smudge detection, brute force, bypass

access data on RAM, FROST

survey of attacks

Malicious Applications

Rooting Exploits

The linked paper describes why rooting is possible and what it allows malware to do.

SMS Fraud

The link contains intuitive figures describing sms fraud.

Rapid Malware Production

Simply put, the way FakeInst is distributed enables promoters to slightly modify or customize their app for distribution, resulting in a completely unique instance of malware, while the executable code remains identical. Though simple, this technique yields a massive growth in the number of unique identifiable samples in the wild that vastly outstrips the growth of new malware families.

Defeats Signature Based Detection

Malware Phylogeny Could Fight This

False Notification Attacks

Applications can produce fake notifications that lead to phishing sites. For example a notification that is ostensibly from Facebook requires a log in when you tap it. The log in credentials are sent to the hacker.

Response to Malware Detection

Remote Revocation

Survey of Android Malware

Discusses trends in malware and several examples in detail. Pointed out repackaging as a common trend. Discussed evasion techniques and attacks performed by malware.

Baseband Attacks

One can attack the cellular baseband stack of smartphones instead of the application processor.

Comprehensive Analysis Tools

Andrubis

Upload an apk and get back a report based on static and dynamic analysis. Uses a combination of several publicly available tools.

DroidRanger

Uses static and dynamic analysis to look for malware on entire markets.

Resources for Understanding Android Security

Permissions

The permissions requested by an application often indicate how dangerous it is.  Several tools look for unusual permission request as one of many ways to characterize malware.  For example a flashlight application should not need access to SMS functionality.  Malicious applications tend to have more permissions than benign ones.

Google's Dev Site

Triage

Market-scale Mobile Malware Analysis