Control-flow analysis of function calls and returns by abstract interpretation
Proceedings of the 14th ACM SIGPLAN international conference on Functional programming
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Automating GUI testing for Android applications
Proceedings of the 6th International Workshop on Automation of Software Test
Vision: automated security validation of mobile apps at app markets
MCS '11 Proceedings of the second international workshop on Mobile cloud computing and services
Analyzing inter-application communication in Android
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
A survey of mobile malware in the wild
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Crowdroid: behavior-based malware detection system for Android
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
"Andromaly": a behavioral malware detection framework for android devices
Journal of Intelligent Information Systems
Detecting repackaged smartphone applications in third-party android marketplaces
Proceedings of the second ACM conference on Data and Application Security and Privacy
DroidChecker: analyzing android applications for capability leak
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Dissecting Android Malware: Characterization and Evolution
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Automated concolic testing of smartphone apps
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
AppsPlayground: automatic security analysis of smartphone applications
Proceedings of the third ACM conference on Data and application security and privacy
Insights into layout patterns of mobile user interfaces by an automatic analysis of android apps
Proceedings of the 5th ACM SIGCHI symposium on Engineering interactive computing systems
Proceedings of the 4th Asia-Pacific Workshop on Systems
AppIntent: analyzing sensitive data transmission in android for privacy leakage detection
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Sound and precise malware analysis for android via pushdown reachability and entry-point saturation
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
SEC'13 Proceedings of the 22nd USENIX conference on Security
Static Reference Analysis for GUI Objects in Android Software
Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization
PREC: practical root exploit containment for android devices
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.00 |
User interface (UI) interactions are essential to Android applications, as many Activities require UI interactions to be triggered. This kind of UI interactions could also help malicious apps to hide their sensitive behaviors (e.g., sending SMS or getting the user's device ID) from being detected by dynamic analysis tools such as TaintDroid, because simply running the app, but without proper UI interactions, will not lead to the exposure of sensitive behaviors. In this paper we focus on the challenging task of triggering a certain behavior through automated UI interactions. In particular, we propose a hybrid static and dynamic analysis method to reveal UI-based trigger conditions in Android applications. Our method first uses static analysis to extract expected activity switch paths by analyzing both Activity and Function Call Graphs, and then uses dynamic analysis to traverse each UI elements and explore the UI interaction paths towards the sensitive APIs. We implement a prototype system SmartDroid and show that it can automatically and efficiently detect the UI-based trigger conditions required to expose the sensitive behavior of several Android malwares, which otherwise cannot be detected with existing techniques such as TaintDroid.