research-article

AsDroid: detecting stealthy behaviors in Android applications by user interface and program behavior contradiction

Authors:

Bin LiangAuthors Info & Claims

ICSE 2014: Proceedings of the 36th International Conference on Software Engineering

Pages 1036 - 1046

https://doi.org/10.1145/2568225.2568301

Published: 31 May 2014 Publication History

Abstract

Android smartphones are becoming increasingly popular. The open nature of Android allows users to install miscellaneous applications, including the malicious ones, from third-party marketplaces without rigorous sanity checks. A large portion of existing malwares perform stealthy operations such as sending short messages, making phone calls and HTTP connections, and installing additional malicious components. In this paper, we propose a novel technique to detect such stealthy behavior. We model stealthy behavior as the program behavior that mismatches with user interface, which denotes the user's expectation of program behavior. We use static program analysis to attribute a top level function that is usually a user interaction function with the behavior it performs. Then we analyze the text extracted from the user interface component associated with the top level function. Semantic mismatch of the two indicates stealthy behavior. To evaluate AsDroid, we download a pool of 182 apps that are potentially problematic by looking at their permissions. Among the 182 apps, AsDroid reports stealthy behaviors in 113 apps, with 28 false positives and 11 false negatives.

References

[1]

Contagio mobile malware mini dump. http://contagiominidump.blogspot.com/.

[2]

Google play market. https://play.google.com/store/apps/.

[3]

Money-stealing apps are hosting in the mobile devices. http://finance.sina.com.cn/money/lczx/20120410/0703 11783396.shtml.

[4]

Wandoujia. http://www.wandoujia.com/apps/.

[5]

A. V. Aho, M. S. Lam, R. Sethi, and J. D. Ullman. Compilers: Principles, Techniques, and Tools (2nd Edition). Pearson Education, Inc., 2006.

Digital Library

[6]

S. Arzt, K. Falzon, A. Follner, S. Rasthofer, E. Bodden, and V. Stolz. How useful are existing monitoring languages for securing Android apps? In ATPS’13.

[7]

M. Becher, F. C. Freiling, J. Hoffmann, T. Holz, S. Uellenbeck, and C. Wolf. Mobile security catching up? revealing the nuts and bolts of the security of mobile devices. In S&P’’11.

Digital Library

[8]

T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein. Introduction to Algorithms, Third Edition. The MIT Press, 2009.

Digital Library

[9]

K. Elish, D. D. Yao, and B. G. Ryder. User-centric dependence analysis for identifying malicious mobile apps. In MoST’12.

[10]

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In OSDI’10.

Digital Library

[11]

W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of Android application security. In USENIX Security’11.

Digital Library

[12]

A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner. A survey of mobile malware in the wild. In SPSM’11.

Digital Library

[13]

C. Fritz, S. Arzt, S. Rasthofer, E. Bodden, A. Bartel, J. Klein, Y. le Traon, D. Octeau, and P. McDaniel. Highly precise taint analysis for Android applications. Technical report, TU Darmstadt, 2013.

[14]

Gartner. Gartner says worldwide sales of mobile phones declined 3 percent in third quarter of 2012; smartphone sales increased 47 percent. http://www.gartner.com/it/page.jsp?id=2237315.

[15]

C. Gibler, J. Crussell, J. Erickson, and H. Chen. AndroidLeaks: automatically detecting potential privacy leaks in Android applications on a large scale. In TRUST’12.

Digital Library

[16]

P. Gilbert, B.-G. Chun, L. P. Cox, and J. Jung. Vision: automated security validation of mobile apps at app markets. In MCS’11.

Digital Library

[17]

Google. Android 4.2 compatibility definition. http://source.android.com/compatibility/4.2/android- 4.2-cdd.pdf.

[18]

Google. Android developer guide. http://developer.android.com/guide/.

[19]

P. Gosling. Trojan: Trojans & spyware: an electronic achilles. Netw. Secur., 2005(3):17––18, Mar. 2005.

Digital Library

[20]

F. Gross, G. Fraser, and A. Zeller. EXSYST: search-based GUI testing. In ICSE’12.

Digital Library

[21]

P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall. These aren’t the droids you’re looking for: retrofitting Android to protect data from imperious applications. In CCS’11.

Digital Library

[22]

IBM T.J. Watson Research Center. T.J. Watson Libraries for Analysis (WALA). http://wala.sourceforge.net/.

[23]

A. Jääskeläinen. Design, Implementation and Use of a Test Model Library for GUI Testing of Smartphone Applications. Doctoral dissertation, Tampere University of Technology, Tampere, Finland, Jan. 2011.

[24]

Juniper Networks. Juniper mobile security report 2011 - unprecedented mobile threat growth. http://forums.juniper.net/t5/Security-Mobility-Now/ Juniper-Mobile-Security-Report-2011-Unprecedented-Mobile-Threat/ba-p/129529.

[25]

R. Levy and C. D. Manning. Is it harder to parse Chinese, or the Chinese Treebank? In ACL’03.

Digital Library

[26]

D. Maslennikov. IT threat evolution: Q1 2013. http://www.securelist.com/en/analysis/204792292/.

[27]

N. Mirzaei, S. Malek, and R. M. Corina S. Păsăreanu, Naeem Esfahani. Testing Android apps through symbolic execution. In JPF’12.

[28]

National Taiwan University. Chinese wordnet. http://lope.linguistics.ntu.edu.tw/cwm/.

[29]

D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. L. Traon. Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysi. In USENIX Security’13.

Digital Library

[30]

R. Pandita, X. Xiao, W. Yang, W. Enck, and T. Xie. WHYPER: Towards automating risk assessment of mobile applications. In USENIX Security’13.

Digital Library

[31]

pxb1988. dex2jar: Tools to work with android .dex and java .class files. http://code.google.com/p/dex2jar/.

[32]

TrendLabs. 3Q 2012 security roundup - Android under siege: Popularity comes at a price. http://www.trendmicro.com/us/security-intelligence/.

[33]

S. Zhang, H. Lü, and M. D. Ernst. Finding errors in multithreaded GUI applications. In ISSTA’12.

Digital Library

[34]

Y. Zhou and X. Jiang. Dissecting Android malware: Characterization and evolution. In S&P’’12.

Digital Library

[35]

Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in oﬃcial and alternative Android markets. In NDSS’12.

Cited By

Khedkar MMondal ABodden EFilkov VRay BZhou M(2024)Do Android App Developers Accurately Report Collection of Privacy-Related Data?Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops10.1145/3691621.3694949(176-186)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691621.3694949
Zhao YYu LSun YLiu QLuo BBaysal OLinares-Vasquez MMoran KSteinmacher I(2024)No Source Code? No Problem! Demystifying and Detecting Mask Apps in iOSProceedings of the 32nd IEEE/ACM International Conference on Program Comprehension10.1145/3643916.3644419(358-369)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643916.3644419
Chen JHuang CHan J(2024)VioDroid-Finder: automated evaluation of compliance and consistency for Android appsEmpirical Software Engineering10.1007/s10664-024-10470-829:3Online publication date: 3-May-2024
https://doi.org/10.1007/s10664-024-10470-8
Show More Cited By

Index Terms

AsDroid: detecting stealthy behaviors in Android applications by user interface and program behavior contradiction

Recommendations

Detecting clones in Android applications through analyzing user interfaces
ICPC '15: Proceedings of the 2015 IEEE 23rd International Conference on Program Comprehension

The blooming mobile smart phone device industry has attracted a large number of application developers. However, due to the availability of reverse engineering tools for Android applications, it also caught the attention of plagiarists and malware ...
Android Applications Repackaging Detection Techniques for Smartphone Devices

The problem of malwares affecting Smartphones has been widely recognized by the researchers across the world. Majority of these malwares target Android OS. Studies have found that most of the Android malwares hide inside repackaged apps to get inside ...
Detecting money-stealing apps in alternative Android markets
CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

The prevalence of malware in Android marketplaces is a growing and significant problem. Among the most worrisome concerns are with regarding to malicious Android applications that attempt to steal money from unsuspecting users. These malicious ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ICSE 2014: Proceedings of the 36th International Conference on Software Engineering

May 2014

1139 pages

ISBN:9781450327565

DOI:10.1145/2568225

General Chair:
Pankaj Jalote
IIIT-Delhi, India
,
Program Chairs:
Lionel Briand
University of Luxembourg, Luxembourg
,
André van der Hoek
University of California, Irvine, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

In-Cooperation

TCSE: IEEE Computer Society's Tech. Council on Software Engin.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 May 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICSE '14

Sponsor:

SIGSOFT

ICSE '14: 36th International Conference on Software Engineering

May 31 - June 7, 2014

Hyderabad, India

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

154
Total Citations
View Citations
1,222
Total Downloads

Downloads (Last 12 months)44
Downloads (Last 6 weeks)3

Reflects downloads up to 22 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Khedkar MMondal ABodden EFilkov VRay BZhou M(2024)Do Android App Developers Accurately Report Collection of Privacy-Related Data?Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops10.1145/3691621.3694949(176-186)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691621.3694949
Zhao YYu LSun YLiu QLuo BBaysal OLinares-Vasquez MMoran KSteinmacher I(2024)No Source Code? No Problem! Demystifying and Detecting Mask Apps in iOSProceedings of the 32nd IEEE/ACM International Conference on Program Comprehension10.1145/3643916.3644419(358-369)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643916.3644419
Chen JHuang CHan J(2024)VioDroid-Finder: automated evaluation of compliance and consistency for Android appsEmpirical Software Engineering10.1007/s10664-024-10470-829:3Online publication date: 3-May-2024
https://doi.org/10.1007/s10664-024-10470-8
Tu TZhang HGong BDu DWen Q(2024)Intelligent analysis of android application privacy policy and permission consistencyArtificial Intelligence Review10.1007/s10462-024-10798-z57:7Online publication date: 13-Jun-2024
https://doi.org/10.1007/s10462-024-10798-z
Wen HLin ZCalandrino JTroncoso C(2023)Egg hunt in Tesla infotainmentProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620461(3997-4014)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620461
Chen ZLiu JHu YWu LZhou YHe YLiao XWang KLi JQin ZJust RFraser G(2023)DeUEDroid: Detecting Underground Economy Apps Based on UTG SimilarityProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598051(223-235)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598051
Chen LZhang TMa YChen M(2023)Monitoring method of API encryption parameter tamper attack based on deep learningSixth International Conference on Intelligent Computing, Communication, and Devices (ICCD 2023)10.1117/12.2682859(28)Online publication date: 16-Jun-2023
https://doi.org/10.1117/12.2682859
Yu LWang HLuo XZhang TLiu KChen JZhou HTang YXiao X(2023)Towards Automatically Localizing Function Errors in Mobile Apps With User ReviewsIEEE Transactions on Software Engineering10.1109/TSE.2022.317809649:4(1464-1486)Online publication date: 1-Apr-2023
https://doi.org/10.1109/TSE.2022.3178096
Zhang SLei HWang YLi DGuo YChen X(2023)APIMind: API-driven Assessment of Runtime Description-to-permission Fidelity in Android Apps2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE59848.2023.00057(427-438)Online publication date: 9-Oct-2023
https://doi.org/10.1109/ISSRE59848.2023.00057
Cai ZNan YWang XLong MOu QYang MZheng Z(2023)DARPA: Combating Asymmetric Dark UI Patterns on Android with Run-time View Decorator2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58367.2023.00052(480-493)Online publication date: Jun-2023
https://doi.org/10.1109/DSN58367.2023.00052
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents