A Survey of Android Security Threats and Defenses

With billions of people using smartphones and the exponential growth of smartphone apps, it is prohibitive for app marketplaces, such as Google App Store, to thoroughly verify if an app is legitimate or malicious. As a result, mobile users are left to decide for themselves whether an app is safe to use. Even worse, recent studies have shown that over 70% of apps in markets request to collect data irrelevant to the main functions of the apps, which could cause leaking of private information or inefficient use of mobile resources. It is worth mentioning that since resource management mechanism of mobile devices is different from PC machines, existing security solutions in PC malware area are not quite compatible with mobile devices. Therefore, academic researchers and commercial anti-malware companies have proposed many security mechanisms to address the security issues of the Android devices. Considering the mechanisms and techniques which are different in nature and used in proposed works, they can be classified into different categories. In this survey, we discuss the existing Android security threats and existing security enforcements solutions between 2010−2015 and try to classify works and review their functionalities. We review a few works of each class. The survey also reviews the strength and weak points of the solutions.

[1]  Hao Chen,et al.  Attack of the Clones: Detecting Cloned Applications on Android Markets , 2012, ESORICS.

[2]  Stefan Br,et al.  Analysis of the Android Architecture , 2010 .

[3]  Xuxian Jiang,et al.  AppInk: watermarking android apps for repackaging deterrence , 2013, ASIA CCS '13.

[4]  Aristide Fattori,et al.  CopperDroid: Automatic Reconstruction of Android Malware Behaviors , 2015, NDSS.

[5]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[6]  Ross J. Anderson,et al.  Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.

[7]  Ahmad-Reza Sadeghi,et al.  Practical and lightweight domain isolation on Android , 2011, SPSM '11.

[8]  Michael K. Reiter,et al.  Crowdsourced Exploration of Security Configurations , 2015, CHI.

[9]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.

[10]  Vitaly Shmatikov,et al.  Memento: Learning Secrets from Process Footprints , 2012, 2012 IEEE Symposium on Security and Privacy.

[11]  Yajin Zhou,et al.  Fast, scalable detection of "Piggybacked" mobile applications , 2013, CODASPY.

[12]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[13]  Yuan Zhang,et al.  AppIntent: analyzing sensitive data transmission in android for privacy leakage detection , 2013, CCS.

[14]  Jeremy Clark,et al.  Understanding and improving app installation security mechanisms through empirical analysis of android , 2012, SPSM '12.

[15]  Todd D. Millstein,et al.  Dr. Android and Mr. Hide: fine-grained permissions in android applications , 2012, SPSM '12.

[16]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[17]  Vijay Laxmi,et al.  AndroSimilar: robust statistical feature signature for Android malware detection , 2013, SIN.

[18]  Ahmad-Reza Sadeghi,et al.  ASM: A Programmable Interface for Extending Android Security , 2014, USENIX Security Symposium.

[19]  Kouichi Sakurai,et al.  A proposal for the privacy leakage verification tool for Android application developers , 2013, ICUIMC '13.

[20]  Matthias Lange,et al.  L4Android: a generic operating system framework for secure smartphones , 2011, SPSM '11.

[21]  Hao Chen,et al.  Quantifying the Effects of Removing Permissions from Android Applications , 2013 .

[22]  Julia Rubin,et al.  A Bayesian Approach to Privacy Enforcement in Smartphones , 2014, USENIX Security Symposium.

[23]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[24]  David A. Wagner,et al.  AdDroid: privilege separation for applications and advertisers in Android , 2012, ASIACCS '12.

[25]  Srdjan Capkun,et al.  Application Collusion Attack on the Permission-Based Security Model and its Implications for Modern Smartphone Systems , 2010 .

[26]  Joel J. P. C. Rodrigues,et al.  Survey and analysis of current mobile learning applications and technologies , 2013, ACM Comput. Surv..

[27]  Ahmad-Reza Sadeghi,et al.  Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies , 2013, USENIX Security Symposium.

[28]  Gang Tan,et al.  NativeGuard: protecting android applications from third-party native libraries , 2014, WiSec '14.

[29]  Toshihiro Yamauchi,et al.  DroidTrack: Tracking and Visualizing Information Diffusion for Preventing Information Leakage on Android , 2014, J. Internet Serv. Inf. Secur..

[30]  Steve Hanna,et al.  Juxtapp: A Scalable System for Detecting Code Reuse among Android Applications , 2012, DIMVA.

[31]  Yajin Zhou,et al.  Detecting repackaged smartphone applications in third-party android marketplaces , 2012, CODASPY '12.

[32]  Tao Zhang,et al.  RobotDroid: A Lightweight Malware Detection Framework On Smartphones , 2012, J. Networks.

[33]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[34]  Aditya Akella,et al.  ECOS: Leveraging Software-Defined Networks to support mobile application offloading , 2012, 2012 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[35]  Siu-Ming Yiu,et al.  DroidChecker: analyzing android applications for capability leak , 2012, WISEC '12.

[36]  Shashi Shekhar,et al.  AdSplit: Separating Smartphone Advertising from Applications , 2012, USENIX Security Symposium.

[37]  Zhenkai Liang,et al.  AirBag: Boosting Smartphone Resistance to Malware Infection , 2014, NDSS.

[38]  Ian Yeoman When the price is free , 2015 .

[39]  Kang G. Shin,et al.  Location Privacy Protection for Smartphone Users , 2014, CCS.

[40]  Bohn Stafleu van Loghum,et al.  Online … , 2002, LOG IN.

[41]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[42]  Herbert Bos,et al.  Paranoid Android: versatile protection for smartphones , 2010, ACSAC '10.

[43]  Yajin Zhou,et al.  Taming Information-Stealing Smartphone Applications (on Android) , 2011, TRUST.

[44]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[45]  Carol J. Fung,et al.  A game-theoretic model for defending against malicious users in RecDroid , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[46]  William Enck,et al.  Defending Users against Smartphone Apps: Techniques and Future Directions , 2011, ICISS.

[47]  William K. Robertson,et al.  PatchDroid: scalable third-party security patches for Android devices , 2013, ACSAC.

[48]  Lauren Darcey,et al.  Introduction to Android Application Development: Android Essentials , 2013 .

[49]  Nikolay Elenkov Android Security Internals: An In-Depth Guide to Android's Security Architecture , 2014 .

[50]  Mu Zhang,et al.  AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking Attacks in Android Applications , 2014, NDSS.

[51]  Yanick Fratantonio,et al.  ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors , 2014, 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS).

[52]  Tadayoshi Kohno,et al.  Securing Embedded User Interfaces: Android and Beyond , 2013, USENIX Security Symposium.

[53]  Norman M. Sadeh,et al.  Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing , 2012, UbiComp.

[54]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[55]  Shashi Shekhar,et al.  QUIRE: Lightweight Provenance for Smart Phone Operating Systems , 2011, USENIX Security Symposium.

[56]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[57]  Ranveer Chandra,et al.  Empowering developers to estimate app energy consumption , 2012, Mobicom '12.

[58]  Helen J. Wang,et al.  Permission Re-Delegation: Attacks and Defenses , 2011, USENIX Security Symposium.

[59]  Zhen Huang,et al.  PScout: analyzing the Android permission specification , 2012, CCS.

[60]  William Enck,et al.  AppsPlayground: automatic security analysis of smartphone applications , 2013, CODASPY.

[61]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[62]  John Aycock,et al.  ThinAV: truly lightweight mobile cloud-based anti-malware , 2012, ACSAC '12.

[63]  Mauro Conti,et al.  FM 99.9, Radio Virus: Exploiting FM Radio Broadcasts for Malware Deployment , 2013, IEEE Transactions on Information Forensics and Security.

[64]  Jacques Klein,et al.  IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[65]  Shouhuai Xu,et al.  Real-time detection and prevention of android SMS permission abuses , 2013, SESP '13.

[66]  Yuan Zhang,et al.  Vetting undesirable behaviors in android apps with permission use analysis , 2013, CCS.

[67]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[68]  Tao Xie,et al.  WHYPER: Towards Automating Risk Assessment of Mobile Applications , 2013, USENIX Security Symposium.

[69]  Xiao Zhang,et al.  AFrame: isolating advertisements from mobile applications in Android , 2013, ACSAC.

[70]  Ryan Stevens,et al.  MAdFraud: investigating ad fraud in android applications , 2014, MobiSys.

[71]  David Brumley,et al.  An empirical study of cryptographic misuse in android applications , 2013, CCS.

[72]  Iulian Neamtiu,et al.  Targeted and depth-first exploration for systematic testing of android apps , 2013, OOPSLA.

[73]  Wenke Lee,et al.  CHEX: statically vetting Android apps for component hijacking vulnerabilities , 2012, CCS.

[74]  John C. S. Lui,et al.  ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-virus Systems , 2012, DIMVA.

[75]  Anjana Gosain,et al.  A Survey of Dynamic Program Analysis Techniques and Tools , 2014, FICTA.

[76]  Michael Backes,et al.  AppGuard - Enforcing User Requirements on Android Apps , 2013, TACAS.

[77]  Ahmad-Reza Sadeghi,et al.  XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks , 2011 .

[78]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[79]  Ziming Zhao,et al.  RiskMon: continuous and automated risk assessment of mobile applications , 2014, CODASPY '14.

[80]  Sencun Zhu,et al.  A Framework for Evaluating Mobile App Repackaging Detection Algorithms , 2013, TRUST.

[81]  Christian Platzer,et al.  MARVIN: Efficient and Comprehensive Mobile App Classification through Static and Dynamic Analysis , 2015, 2015 IEEE 39th Annual Computer Software and Applications Conference.

[82]  Sheran Gunasekera Android Apps Security , 2012, Apress.

[83]  Thomas Ball,et al.  The concept of dynamic analysis , 1999, ESEC/FSE-7.

[84]  Giovanni Russello,et al.  FireDroid: hardening security in almost-stock Android , 2013, ACSAC.

[85]  Patrick D. McDaniel,et al.  Porscha: policy oriented secure content handling in Android , 2010, ACSAC '10.

[86]  Jie Liu,et al.  DECAF: Detecting and Characterizing Ad Fraud in Mobile Apps , 2014, NSDI.

[87]  Carol J. Fung,et al.  Demo: RecDroid: An Android Resource Access Permission Recommendation System , 2015, MobiHoc.

[88]  Julian Schütte,et al.  On the Effectiveness of Malware Protection on Android An evaluation of Android antivirus , 2013 .

[89]  Trent Jaeger Reference Monitor , 2011, Encyclopedia of Cryptography and Security.

[90]  Carol J. Fung,et al.  Dude, ask the experts!: Android resource access permission recommendation with RecDroid , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[91]  Dawn Xiaodong Song,et al.  Contextual Policy Enforcement in Android Applications with Permission Event Graphs , 2013, NDSS.

[92]  Mauro Conti,et al.  CRePE: Context-Related Policy Enforcement for Android , 2010, ISC.

[93]  Patrick D. McDaniel,et al.  Semantically Rich Application-Centric Security in Android , 2009, 2009 Annual Computer Security Applications Conference.

[94]  Andrea Valdi,et al.  AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors , 2013, SPSM '13.

[95]  Ahmad-Reza Sadeghi,et al.  Privilege Escalation Attacks on Android , 2010, ISC.

[96]  Thomas Schreck,et al.  Mobile-sandbox: having a deeper look into android applications , 2013, SAC '13.

[97]  Samuel P. Midkiff,et al.  What is keeping my phone awake?: characterizing and detecting no-sleep energy bugs in smartphone apps , 2012, MobiSys '12.

[98]  Byung-Gon Chun,et al.  Vision: automated security validation of mobile apps at app markets , 2011, MCS '11.

[99]  Muttukrishnan Rajarajan,et al.  Android Security: A Survey of Issues, Malware Penetration, and Defenses , 2015, IEEE Communications Surveys & Tutorials.

[100]  Rui Wang,et al.  Unauthorized origin crossing on mobile platforms: threats and mitigation , 2013, CCS.

[101]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[102]  Stephen Smalley,et al.  Security Enhanced (SE) Android: Bringing Flexible MAC to Android , 2013, NDSS.

[103]  Carol J. Fung,et al.  RecDroid: a resource access permission control portal and recommendation service for smartphone users , 2014, SPME@MobiCom.

[104]  Malcolm Hall,et al.  ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing , 2013, MobiSys '13.

[105]  Hao Chen,et al.  AnDarwin: Scalable Detection of Semantically Similar Android Applications , 2013, ESORICS.

[106]  Carol J. Fung,et al.  Disincentivizing Malicious Users in RecDroid Using Bayesian Game Model , 2015, J. Internet Serv. Inf. Secur..