Identifying Insecure Features in Android Applications using Model Checking

Nowadays Android is the most widespread operating system. This is the reason why malware writers target it. Both researchers and commercial antimalware provide several solutions to fix and detect this phenomenon. They analyze one single application per time using combinations of static, dynamic and behavior based techniques. However, one of the last new threats is the collusion attack. In order to perpetrate this attack the malicious behaviour is divided between two or more applications: collusion refers to multiple applications that accomplish their fragment of malicious behaviour and then communicate using the Inter Component Communication mechanism provided by Android platform. Basically the colluded applications intentionally put in view private and sensitive information. The aim of this paper is to investigate whether legitimate and malware applications share private data. One way to exchange data between different applications in Android environment is through Shared Preferences. In this preliminary work we investigate whether an application transfers data using Shared Preferences with public visibility.

[1]  Dan Arp,et al.  Drebin : � Efficient and Explainable Detection of Android Malware in Your Pocket , 2014 .

[2]  Gang Wang,et al.  MR-Droid: A Scalable and Prioritized Analysis of Inter-App Communication Risks , 2017, 2017 IEEE Security and Privacy Workshops (SPW).

[3]  Jacques Klein,et al.  ApkCombiner: Combining Multiple Android Apps to Support Inter-App Analysis , 2015, SEC.

[4]  Jacques Klein,et al.  IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[5]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.

[6]  Rance Cleaveland,et al.  The NCSU Concurrency Workbench , 1996, CAV.

[7]  Colin Stirling,et al.  An Introduction to Modal and Temporal Logics for CCS , 1991, Concurrency: Theory, Language, And Architecture.

[8]  Alireza Sadeghi,et al.  COVERT: Compositional Analysis of Android Inter-App Permission Leakage , 2015, IEEE Transactions on Software Engineering.

[9]  Vijay Laxmi,et al.  Detecting Inter-App Information Leakage Paths , 2017, AsiaCCS.

[10]  Antonella Santone,et al.  Infer Gene Regulatory Networks from Time Series Data with Probabilistic Model Checking , 2015, 2015 IEEE/ACM 3rd FME Workshop on Formal Methods in Software Engineering.

[11]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[12]  Antonella Santone,et al.  Clone detection through process algebras and Java bytecode , 2011, IWSC '11.

[13]  Ke Xu,et al.  ICCDetector: ICC-Based Malware Detection on Android , 2016, IEEE Transactions on Information Forensics and Security.

[14]  Glenn Bruns,et al.  Distributed systems analysis with CCS , 1997 .

[15]  Antonella Santone,et al.  Download Malware? No, Thanks. How Formal Methods Can Block Update Attacks , 2016, 2016 IEEE/ACM 4th FME Workshop on Formal Methods in Software Engineering (FormaliSE).

[16]  Alberto Bartoli,et al.  Efficient Verification of a Multicast Protocol for Mobile Computing , 2001, Comput. J..

[17]  Antonella Santone,et al.  Abstract Interpretation and Model Checking for Checking Secure Information Flow in Concurrent Systems , 2003, Fundam. Informaticae.

[18]  Nguyen Hoang Nga,et al.  Towards Automated Android App Collusion Detection , 2016, IMPS@ESSoS.

[19]  Antonella Santone,et al.  Identification of Android Malware Families with Model Checking , 2016, ICISSP.

[20]  Jacques Klein,et al.  Automatically Exploiting Potential Component Leaks in Android Applications , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.