Tianjun Wu, Yuexiang Yang

Intelligent Automation & Soft Computing, Vol.25, No.4, pp. 755-766, 2019, DOI:10.31209/2019.100000079

Abstract While many research efforts have been around auditing individual android apps, the security issues related to the interaction among multiple apps are less studied. Due to the hidden nature of Inter-App communications, few existing security tools are able to detect such related vulnerable behaviors. This paper proposes to perform overall security auditing using dynamic analysis techniques. We focus on data leakage as it is one of the most common vulnerabilities for Android applications. We present an app auditing system AppWalker, which uses concolic execution on a set of apps. We use static Inter-App taint analysis to guide the dynamic auditing… More >

Yue Li¹, Guangquan Xu^2,3, Hequn Xian^1,*, Longlong Rao³, Jiangang Shi^4,*

Intelligent Automation & Soft Computing, Vol.25, No.3, pp. 637-647, 2019, DOI:10.31209/2019.100000118

Abstract In order to prevent the spread of Android malware and protect privacy information from being compromised, this study proposes a novel multidimensional hybrid features extraction and analysis method for Android malware detection. This method is based primarily on a multidimensional hybrid features vector by extracting the information of permission requests, API calls, and runtime behaviors. The innovation of this study is to extract greater amounts of static and dynamic features information and combine them, that renders the features vector for training completer and more comprehensive. In addition, the feature selection algorithm is used to further optimize the extracted information to… More >

Kyeonghwan Lim¹, Nak Young Kim¹, Younsik Jeong¹, Seong-je Cho¹, Sangchul Han², Minkyu Park²

Intelligent Automation & Soft Computing, Vol.25, No.1, pp. 143-153, 2019, DOI:10.31209/2018.100000051

Abstract The Android application package (APK) uses the DEX format as an executable file format. Since DEX files are in Java bytecode format, you can easily get Java source code using static reverse engineering tools. This feature makes it easy to steal Android applications. Tools such as ijiami, liapp, alibaba, etc. can be used to protect applications from static reverse engineering attacks. These tools typically save encrypted classes.dex in the APK file, and then decrypt and load dynamically when the application starts. However, these tools do not protect multidex Android applications. A multidex Android application is an APK that contains multiple… More >

Wen Zhang¹, Keyue Li^1,*, Tianyang Li¹, Shaozhang Niu¹, Zhenguang Gao²

CMC-Computers, Materials & Continua, Vol.59, No.1, pp. 181-198, 2019, DOI:10.32604/cmc.2019.05813

Abstract Android applications are associated with a large amount of sensitive data, therefore application developers use encryption algorithms to provide user data encryption, authentication and data integrity protection. However, application developers do not have the knowledge of cryptography, thus the cryptographic algorithm may not be used correctly. As a result, security vulnerabilities are generated. Based on the previous studies, this paper summarizes the characteristics of password misuse vulnerability of Android application software, establishes an evaluation model to rate the security level of the risk of password misuse vulnerability and develops a repair strategy for password misuse vulnerability. And on this basis,… More >