Android APK on-the-fly tampering

The Android operating system is widely deployed and relied upon by both providers and users of various applications. These applications get frequently downloaded from other sources than just Google Play. This makes Android and its application treatment a popular target for attackers. We first present an automated offline attack injecting a previously prepared code to a previously unseen Android application installation file (APK) in an automatic manner. Moreover, we present a novel transparent on-the-fly extension of our attack when a proxy server performs code injection during a new APK download.

[1]  Tao Zhang,et al.  Security Analysis and Protection Based on Smali Injection for Android Applications , 2014, ICA3PP.

[2]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[3]  Levente Buttyán,et al.  ROSCO: REPOSITORY OF SIGNED CODE , 2015 .

[4]  Sevil Sen,et al.  Automatic Generation of Mobile Malwares Using Genetic Programming , 2015, EvoApplications.

[5]  Jean-François Lalande,et al.  Repackaging Android Applications for Auditing Access to Private Data , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[6]  Sunny Consolvo,et al.  Improving SSL Warnings: Comprehension and Adherence , 2015, CHI.

[7]  Dengguo Feng,et al.  A Rapid and Scalable Method for Android Application Repackaging Detection , 2015, ISPEC.

[8]  Xin Sun,et al.  Detecting Code Reuse in Android Applications Using Component-Based Control Flow Graph , 2014, SEC.

[9]  Ying Zou,et al.  Detecting Android Malware Using Clone Detection , 2015, Journal of Computer Science and Technology.

[10]  Franklin Tchakounté,et al.  Permission-based Malware Detection Mechanisms on Android: Analysis and Perspectives , 2014 .

[11]  Bohn Stafleu van Loghum,et al.  Online … , 2002, LOG IN.

[12]  Sahin Albayrak,et al.  Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications , 2011, 2011 6th International Conference on Malicious and Unwanted Software.

[13]  John C. S. Lui,et al.  ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-virus Systems , 2012, DIMVA.

[14]  Olga Gadyatskaya,et al.  DEMO: Enabling trusted stores for android , 2013, CCS.

[15]  Tilo Müller,et al.  Protecting Android Apps Against Reverse Engineering by the Use of the Native Code , 2015, TrustBus.

[16]  Juanru Li,et al.  AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware , 2015, RAID.

[17]  Todd D. Millstein,et al.  Dr. Android and Mr. Hide: fine-grained permissions in android applications , 2012, SPSM '12.

[18]  Olga Gadyatskaya,et al.  FSquaDRA: Fast Detection of Repackaged Applications , 2014, DBSec.

[19]  Xuxian Jiang,et al.  DroidChameleon: evaluating Android anti-malware against transformation attacks , 2013, ASIA CCS '13.

[20]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[21]  Steve Hanna,et al.  Juxtapp: A Scalable System for Detecting Code Reuse among Android Applications , 2012, DIMVA.

[22]  Yajin Zhou,et al.  Detecting repackaged smartphone applications in third-party android marketplaces , 2012, CODASPY '12.

[23]  Adrienne Porter Felt,et al.  Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness , 2013, USENIX Security Symposium.

[24]  Atul Prakash,et al.  OASIS: Operational Access Sandboxes for Information Security , 2014, SPSM@CCS.

[25]  Hao Chen,et al.  Attack of the Clones: Detecting Cloned Applications on Android Markets , 2012, ESORICS.