| Author: | Zhou, Hao |
| Title: | Defending against stealthy mobile unwanted apps |
| Advisors: | Luo, Xiapu (COMP) |
| Degree: | Ph.D. |
| Year: | 2022 |
| Subject: | Android (Electronic resource) SmartphonesApplication software Hong Kong Polytechnic University -- Dissertations |
| Department: | Department of Computing |
| Pages: | xxi, 229 pages : color illustrations |
| Language: | English |
| Abstract: | Android has become the most popular mobile operating system, and billions of Android apps have been downloaded from either the official or third-party markets. Unfortunately, not all apps are benign, and defending against stealthy unwanted apps is essential for keeping the app ecosystem healthy. Although numerous work has been proposed to defend against unwanted apps, which negatively impact mobile devices and users in terms of user privacy, user experience, and device performance, the research community still lacks of comprehensive studies on (1) analyzing behaviors of unwanted apps; (2) investigating access control mechanism of Android system, which facilitates the detection of permission misuse in unwanted apps; and (3) evaluating security testing solutions against unwanted apps. To disclose stealthy and potential harmful behaviors of unwanted apps, we propose two approaches to demystify diehard behaviors of unwanted apps, which prolong liveness of unwanted apps on mobile devices to drain the device battery, and analyze packing behaviors of unwanted apps, which prevent malicious bytecode of unwanted apps to be analyzed to evade detection. Specially, we take a first step to systematically investigate diehard apps and diehard methods. In particular, we conduct a semi-automated analysis to illustrate insights why existing methods to kill app processes could be evaded, and then systematically present 12 diehard methods. After that, we develop a tool named DiehardDetector to detect diehard apps in a large scale. In addition, we propose a novel hardware-assisted approach and implement a tool named Happer to identify packing behaviors and unpack packed apps. Specifically, Happer first monitors the packing behaviors and then selects the proper approach to unpack the packed apps. We also design a domain-specific language for the ease of extending Happer to support the identification of new packing behaviors. To facilitate the detection of permission misuse in unwanted apps, we design two new methods to build permission specification for Android NDK and uncover the inconsistent access control enforcement across the Java context and native context of Android. Specifically, we conduct the first permission specification analysis for Android NDK. In particular, to automatically generate the permission specification for Android NDK, we design and develop PSGen, a new tool that statically analyzes the implementation of Android framework and Android kernel to correlate native framework APIs with their required permissions. Moreover, we conduct the first systematic investigation on the cross-context inconsistent access control enforcement in Android. Precisely, to automatically discover cross-context inconsistencies, we design and implement IAceFinder, a new tool that extracts and contrasts the access control enforced in the Java context and native context of Android. Complementing to evaluating security testing solutions against unwanted apps, we take a first step to systematically investigate UI obfuscation for Android apps and its effects on automated UI analysis. In particular, we point out the weaknesses in existing automated UI analysis methods and design 9 UI obfuscation approaches. We implement these approaches in a new tool named UIObfuscator after tackling several technical challenges. Moreover, we feed 3 kinds of tools that rely on automated UI analysis with the apps protected by UIObfuscator, and find that their performances severely drop. This work reveals limitations of automated UI analysis and sheds light on app protection techniques. |
| Rights: | All rights reserved |
| Access: | open access |
Copyright Undertaking
As a bona fide Library user, I declare that:
- I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
- I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
- I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.
By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.
Please use this identifier to cite or link to this item:
https://theses.lib.polyu.edu.hk/handle/200/12119