Security analysis of modern mission critical android mobile applications

Xi Zheng, Lei Pan, Erdem Yilmaz

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

8 Citations (Scopus)

Abstract

Mobile devices have become an indispensable component of our daily life. New applications published by developers help users to do their daily activities easier and faster. As the market leader of mobile OS, Android provides numerous applications in official and other application markets. However the simplified access model to mobile applications makes malicious applications more accessible to sensitive data that users store on their mobile devices. For instance, mobile banking applications are lucrative targets of the hackers to access user data without authorization. Current security structure of the Android OS makes trivial for hackers to acquire source codes of legitimate applications and republish them after injecting malicious codes into the original source codes. This process of acquiring legitimate application codes, modifying them with malicious intents and then republishing on available application stores is often known as Repackaging attack. The main focus of this study is to analyze popular security attacks to mobile applications, conduct preliminary experiments to evaluate the feasibility and difficulty in implementing security attacks to a mission critical mobile application, identify existing solutions and research gaps, and propose research directions. We successfully conduct three repackaging attacks to access victim's data by by using different hacking tools and techniques. By analyzing these scenarios, we evaluate their level of risks and propose technical mitigation.
Original languageEnglish
Title of host publicationACSW 2017
Subtitle of host publicationProceedings of the Australasian Computer Science Week Multiconference
Place of PublicationNew York, NY
PublisherAssociation for Computing Machinery
Number of pages9
ISBN (Electronic)9781450347686
DOIs
Publication statusPublished - 2017
Externally publishedYes
EventAustralasian Computer Science Week 2017 - Geelong, Australia
Duration: 31 Jan 20173 Feb 2017

Other

OtherAustralasian Computer Science Week 2017
Country/TerritoryAustralia
CityGeelong
Period31/01/173/02/17

Keywords

  • Mobile Applications
  • Security Vulnerabilities
  • APK Tamper Detection
  • Repackaging Attack
  • Code Obfuscation
  • Reverse Engineering
  • Security vulnerabilities
  • Reverse engineering
  • APK tamper detection
  • Code obfuscation
  • Mobile applications
  • Repackaging attack

Fingerprint

Dive into the research topics of 'Security analysis of modern mission critical android mobile applications'. Together they form a unique fingerprint.

Cite this