A Study of Network Domains Used in Android Applications

Numerous Android applications use the Internet to share and exchange data. Such data can range from posting simple status updates to private sensitive information such as the users’ location or business contacts. Popular Android applications from Google Play have been identified leaking private data to remote third party servers. Existing works focuses on protecting sensitive information from leaving the smartphone, or detecting which applications leak information based on API calls or the permission requests in their Manifest file. In this work, we propose to leverage the combination of static analysis and dynamic analysis to understand ultimately the network domain to which the Android applications are interacting. Network graphs are constructed and demonstrate implicitly the relation of application developers and the network domains used in the applications.

[1]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[2]  Jason Nieh,et al.  A measurement study of google play , 2014, SIGMETRICS '14.

[3]  Yuan Zhang,et al.  Permission Use Analysis for Vetting Undesirable Behaviors in Android Apps , 2014, IEEE Transactions on Information Forensics and Security.

[4]  Shengzhi Zhang,et al.  Comprehensive Analysis of the Android Google Play's Auto-update Policy , 2015, ISPEC.

[5]  Fevzi Belli,et al.  Model-Based Integration Testing with Communication Sequence Graphs , 2011, Model-Based Testing for Embedded Systems.

[6]  Yajin Zhou,et al.  Taming Information-Stealing Smartphone Applications (on Android) , 2011, TRUST.

[7]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[8]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[9]  Byung-Gon Chun,et al.  TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones , 2014, Commun. ACM.

[10]  Helen J. Wang,et al.  Permission Re-Delegation: Attacks and Defenses , 2011, USENIX Security Symposium.

[11]  Zhen Huang,et al.  PScout: analyzing the Android permission specification , 2012, CCS.

[12]  Sencun Zhu,et al.  ViewDroid: towards obfuscation-resilient mobile application repackaging detection , 2014, WiSec '14.

[13]  Yuan Zhang,et al.  Vetting undesirable behaviors in android apps with permission use analysis , 2013, CCS.

[14]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.