A study of android application security
作者: Damien Octeau , William Enck , Patrick McDaniel , Swarat Chaudhuri
DOI:
关键词:
摘要: The fluidity of application markets complicate smartphone security. Although recent efforts have shed light on particular security issues, there remains little insight into broader characteristics applications. This paper seeks to better understand by studying 1,100 popular free Android We introduce the ded decompiler, which recovers source code directly from its installation image. design and execute a horizontal study applications based static analysis 21 million lines recovered code. Our uncovered pervasive use/misuse personal/ phone identifiers, deep penetration advertising analytics networks. However, we did not find evidence malware or exploitable vulnerabilities in studied conclude considering implications these preliminary findings offer directions for future analysis.
elsevier.com
enck.org 
columbia.edu 
acm.org 参考文章(26)
Christopher Kruegel, Viktoria Felmetsger, Ludovico Cavedon, Giovanni Vigna, Toward automated detection of logic vulnerabilities in web applications usenix security symposium. pp. 10- 10 ,(2010)
Drew Dean, David A. Wagner, Hao Chen, Model Checking One Million Lines of C Code. network and distributed system security symposium. ,(2004)
Todd A. Proebsting, Scott A. Watterson, Krakatoa: decompilation in java (dose bytecode reveal source?) usenix conference on object oriented technologies and systems. pp. 14- 14 ,(1997)
V. Benjamin Livshits, Monica S. Lam, Finding security vulnerabilities in java applications with static analysis usenix security symposium. pp. 18- 18 ,(2005)
Jerome Miecznikowski, Laurie Hendren, Decompiling Java Bytecode: Problems, Traps and Pitfalls compiler construction. pp. 111- 127 ,(2002) , 10.1007/3-540-45937-5_10
Raja Vallée-Rai, Etienne Gagnon, Laurie Hendren, Patrick Lam, Patrice Pominville, Vijay Sundaresan, Optimizing Java Bytecode Using the Soot Framework: Is It Feasible? compiler construction. pp. 18- 34 ,(2000) , 10.1007/3-540-46423-9_2
Jerzy Tiuryn, Type inference problems: a survey mathematical foundations of computer science. pp. 105- 120 ,(1990) , 10.1007/BFB0029599
Engin Kirda, Richard A. Kemmerer, Christopher Kruegel, Greg Banks, Giovanni Vigna, Behavior-based spyware detection usenix security symposium. pp. 19- ,(2006)
Manuel Egele, Christopher Kruegel, Engin Kirda, Giovanni Vigna, PiOS : Detecting privacy leaks in iOS applications network and distributed system security symposium. ,(2011)
K. Ashcraft, D. Engler, Using programmer-written compiler extensions to catch security holes ieee symposium on security and privacy. pp. 143- 159 ,(2002) , 10.1109/SECPRI.2002.1004368