Android apps can conspire to mine information from your smartphone
Associate Professor of Computer Science Daphne Yao (left), Fang Liu, doctoral candidate (center), and Assistant Professor of Computer Science Gang Wang (right), are co-authors on a first-of-its-kind large scale and systematic study that evaluated collusion between Android smartphone apps.
Mobile phones have increasingly become the repository for the details that drive our everyday lives. But Virginia Tech researchers have recently discovered that the same apps we regularly use on our phones to organize lunch dates, make convenient online purchases, and communicate the most intimate details of our existence have secretly been colluding to mine our information.
Associate Professor Daphne Yao and Assistant Professor Gang Wang, both in the Department of Computer Science in Virginia Tech¹s College of Engineering, are part of a research team to conduct the first ever large-scale and systematic study of exactly how the trusty apps on Android phones are able to talk to one another and trade information.
Yao will present the team¹s findings in Dubai at the Association for Computing Machinery Asia Computer and Communications Security Conference on April 3.
“Researchers were aware that apps may talk to one another in some way, shape, or form,” said Wang. “What this study shows undeniably with real-world evidence over and over again is that app behavior, whether it is intentional or not, can pose a security breach depending on the kinds of apps you have on your phone.”
The types of threats fall into two major categories, either a malware app that is specifically designed to launch a cyberattack or apps that simply allow for collusion and privilege escalation. In the latter category, it is not possible to quantify the intention of the developer, so collusion, while still a security breach, can in many cases be unintentional.
In order to run the programs to test pairs of apps, the team developed a tool called DIALDroid to perform their massive inter-app security analysis. The study, funded by the Defense Advanced Research Projects Agency as part of its Automated Program Analysis for Cybersecurity initiative, took 6,340 hours using the newly developed DIALDroid software, a task that would have been considerably longer without it.
First author of the paper Amiangshu Bosu, an assistant professor at Southern Illinois University, spearheaded the software development effort and the push to release the code to the wider research community. Fang Liu, a fifth year Ph.D. candidate studying under Yao, also contributed to the malware detection research.
“Our team was able to exploit the strengths of relational databases to complete the analysis, in combination with efficient static program analysis, workflow engineering and optimization, and the utilization of high performance computing. Of the apps we studied, we found thousands of pairs of apps that could potentially leak sensitive phone or personal information and allow unauthorized apps to gain access to privileged data,” said Yao, who is both an Elizabeth and James E. Turner Jr. ’56 and L-3 Faculty Fellow.
The team studied a whopping 110,150 apps over three years including 100,206 of Google Play¹s most popular apps and 9,994 malware apps from Virus Share, a private collection of malware app samples. The set up for cybersecurity leaks works when a seemingly innocuous sender app like that handy and ubiquitous flashlight app works in tandem with a receiver app to divulge a user¹s information such as contacts, geolocation, or provide access to the web.
The team found that the biggest security risks were some of the least utilitarian. Apps that pertained to personalization of ringtones, widgets, and emojis.
“App security is a little like the Wild West right now with few regulations,” said Wang. “We hope this paper will be a source for the industry to consider re-examining their software development practices and incorporate safeguards on the front end. While we can¹t quantify what the intention is for app developers in the non-malware cases we can at least raise awareness of this security problem with mobile apps for consumers who previosuly may not have thought much about what they were downloading onto their phones.”
Edited by Ariasun editorial board
for ariasun products online shopping ,click here.
website ariasuniweb net ariasuniportal ariasuni Health Journal Family physician Medical Health Ariasan Elcomp </ em> Elcomp Exhibition </ em> Online Elcomp Therapy Health Electronics Tourism Aryans City Net Soocom Ariasun Soopak Ariasun medipharma Advertisement Reader The requirements Employment Currency Exchange Currency Coin Gold < em> car property land building stock exchange bank Government People Leader Assembly Quran Book Student University Knowledge base Exercise Sima Sound Religion < / em> Life People Hope Work Dread Unemployment youth exercise information technology computer < / em> Hardware Software Computer Server Virtual Tablet < / em> Mobile Zanjan Tehran Iran Germany Greece Georgia Georgia Dubai World Air Space < em> Country Product Finder AriaSun International Group Online Store WikiPharma AriaSun Production Industrial Operations Equip Installation & Investment Air Space International Trading Research Industrial Business Medical Dummy Undoubtedly Health Drug Therapy Health Information Technology & Computer Airlines Tourism Logo Design Sticker Design Advertising Campaign Science & Research News </em > Political News Economic Trade International Stock Market News Medical Tourism & Cultural Heritage Aeronautics & Tourism Sport & Olympic Domain and University The Quran Arts & Culture Industry & Technology Accidents Ladies Currency and Gold Coins Flats Rip’s Web Site Kandasheh Ahwaz Web Site Foot Website Abuse Clean Sean Cinere Live Nature Whats Punababy Mussels Clinic Radarians Man AriaSun Preddies Reservations < Em> Tourists Unemployment youth exercise CityNet PakSaman SooComAriaSun SooPakAriaSun MediPharma AriaSun Kalayab AriaSunBazar AriaSunBazar Medeca MediKala Artists Group AriaSunGroup Web site designing RP Pilgrimage website Historical tours website Web Resident Resorts site Tours website The Pana The Natural Tours Website Kandesheh Ahwaz The Scientific Tour Website Oil & Refineries The Sports Tour Website Gas The Web Tours Water Exposure Tour Site Travel Tour Website Travel Tours The Last-minute Tours Site Tours of the last minute Web-site of the local tours Recreation site Internal tours site Pilgrimage Fun Places Design Web Design City Net Designing a Holiday Resort Pilgrimage Pilgrimage Website designing pilgrimage City Net Pilgrimage Travel </em > Designing Travel Planner Website Designing Travel Places Historic Places Designing Historic Places Historic Places Design Residences Residential Residential Design Residential Residential Design Cultural Places Designing a Web Site for Cultural Places Designing Cultural Places Natural Places Natural Places Designing a natural site Designing a natural website scientific Designing for scientific Designing for scientific sports sports designing sports < Em> Sports Facilities Design Sports Facilities Sport Sport Designing a Sports Center for Extreme Sports Creating places Designing for Exhibition Exhibit places Designing Exhibit Places Designing Exposure Website Web Recreation Recreation Web Design Recreational tours The design of the tourist resorts Pilgrimage Pilgrimage Pilgrimage Pilgrimage Pilgrimage Tours Historic Tours Tour Design Historic Tours Web Tour Design Historical Tours Residential Tours Resorts Tour Design Residential Tour Website Design Cultural Design Cultural Tour Site Cultural Tour Website Natural Designing Natural Tours Designing Natural Tours Web Site Science Designing Scientific Tours Designing Sci-Fi Web Site Designing a Sports Tour Designing a Sports Tour Website Designing a Tours Tour Designing a Touring Web Site Exhibit Exhibit Tour Travel Designing Tours Tour The Last Moment Toure The Last Moment Designing the Last Minute Tours Internal Tours Designing Local Tours Designing a Web Site Tour </em > Foreign Tours Designing a Tours Site Designing a Website for Tours Coastal Work < em> Designing the Coast Guided Tour Urban Designing Urban Tours Urban Touring Sights < Em> Sightseeing Design Sightseeing Web Site Mountaineering Sailing Designing Sailing Tours < Em> Website Designing Sailing Tours Aviation Designing Tours Cruising Cruising ships Creating cruise ship cruises Creating Cruise Cruises Inbound Flights Designing Inbound Flights Foreign Flights Designing a Foreign Airmail Web site Last Minute Flights Web Design Last Minute Deals cheap Website Design Cheap Flights Online Shopping Online Sales Online Selling Website Design Online Shopping Online Store Online Store Design Online Tickets Design an Online Ticket Internet Designing a Web Store Internet Tickets Designing an Internet Ticket > parscoders
Finance & Administration
Soopak Ariasun ( IT )
Sookam Ariasun ( Medical and Veterinary )
Aerospace ( Pad Ariasun )
Manufacture and production ( Rad Ariasun )
Airline and Tourism ( Man Ariasun )
International Commerce ( Mad Ariasun )
Research Center Ariasun ( R&D&C )
Cultural,Satellite and Digital
AriaSun International Group