University of Birmingham > Talks@bham > Computer Security Seminars > Understanding and Improving the Security Impact of Smartphone Apps

Understanding and Improving the Security Impact of Smartphone Apps

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Andreea Radu.

Smartphones continue their explosive growth to ubiquity, and as their popularity increases, so does the attention they attract from adversaries. Adversaries need not be the typical attacker on the network. App developers, malicious or not, and third-party library developers also contribute to security concerns. In this talk, we outline a three-step approach to understanding and improving the health of the Android app ecosystem.

SecuRank: App stores contain many groups of functionally-similar apps. A worrying disparity in dangerous permission usage sometimes emerges, whereby apps in a group of functionally-similar apps use vastly different dangerous permissions. We study this disparity across 50,000 Google Play Store search results for 2500 general-purpose searches each yielding 20 functionally-similar apps. We describe a framework, called SecuRank, which exploits contextual permission usage analysis to identify and penalise over-privileged apps. We show that SecuRank can be used to recommend safer alternative apps to users.

LongLook: Several classes of Android vulnerabilities have been highlighted in the literature but it remains unclear whether Android app developers heed warnings and write secure apps. Additionally, it is not known how the vulnerabilities contained within apps change as apps get updated. We statically analyse a corpus of 30,000 apps for which we have app versions two years apart, to understand how vulnerabilities in apps have changed over the period. Worryingly, we find that many popular apps contain vulnerabilities, and that in many cases, app updates only serve to increase the number of vulnerabilities contained within apps.

AppScanner: Some apps are undesirable for the reasons identified by SecuRank and LongLook. We describe a system that can be used to identify apps from only their (encrypted) network traffic. This system can be used transparently and non-invasively identify apps that are unwelcome on a network so that their users can be notified. We test our system using a sample of 110 apps and show that apps can be accurately fingerprinted and later re-identified by their network traffic.

This talk is part of the Computer Security Seminars series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.

 

Talks@bham, University of Birmingham. Contact Us | Help and Documentation | Privacy and Publicity.
talks@bham is based on talks.cam from the University of Cambridge.