Understanding Android app piggybacking: A systematic study of malicious code grafting

The Android packaging model offers ample opportunities for malware writers to piggyback malicious code in popular apps, which can then be easily spread to a large user base. Although recent research has produced approaches and tools to identify piggybacked apps, the literature lacks a comprehensive...

Full description

Saved in:
Bibliographic Details
Main Authors: LI, Li, LI, Daoyuan, BISSYANDE, Tegawende F., KLEIN, Jacques, TRAON, Yves Le, LO, David, CAVALLARO, Lorenzo
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2017
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/3694
https://ink.library.smu.edu.sg/context/sis_research/article/4696/viewcontent/UnderstandingAndroidApp_2017.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-4696
record_format dspace
spelling sg-smu-ink.sis_research-46962018-06-11T03:08:11Z Understanding Android app piggybacking: A systematic study of malicious code grafting LI, Li LI, Daoyuan BISSYANDE, Tegawende F. KLEIN, Jacques TRAON, Yves Le LO, David CAVALLARO, Lorenzo The Android packaging model offers ample opportunities for malware writers to piggyback malicious code in popular apps, which can then be easily spread to a large user base. Although recent research has produced approaches and tools to identify piggybacked apps, the literature lacks a comprehensive investigation into such phenomenon. We fill this gap by: 1) systematically building a large set of piggybacked and benign apps pairs, which we release to the community; 2) empirically studying the characteristics of malicious piggybacked apps in comparison with their benign counterparts; and 3) providing insights on piggybacking processes. Among several findings providing insights analysis techniques should build upon to improve the overall detection and classification accuracy of piggybacked apps, we show that piggybacking operations not only concern app code, but also extensively manipulates app resource files, largely contradicting common beliefs. We also find that piggybacking is done with little sophistication, in many cases automatically, and often via library code. 2017-06-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/3694 info:doi/10.1109/TIFS.2017.2656460 https://ink.library.smu.edu.sg/context/sis_research/article/4696/viewcontent/UnderstandingAndroidApp_2017.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University android malware Android security code grafting piggybacking attack Information Security Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic android malware
Android security
code grafting
piggybacking attack
Information Security
Software Engineering
spellingShingle android malware
Android security
code grafting
piggybacking attack
Information Security
Software Engineering
LI, Li
LI, Daoyuan
BISSYANDE, Tegawende F.
KLEIN, Jacques
TRAON, Yves Le
LO, David
CAVALLARO, Lorenzo
Understanding Android app piggybacking: A systematic study of malicious code grafting
description The Android packaging model offers ample opportunities for malware writers to piggyback malicious code in popular apps, which can then be easily spread to a large user base. Although recent research has produced approaches and tools to identify piggybacked apps, the literature lacks a comprehensive investigation into such phenomenon. We fill this gap by: 1) systematically building a large set of piggybacked and benign apps pairs, which we release to the community; 2) empirically studying the characteristics of malicious piggybacked apps in comparison with their benign counterparts; and 3) providing insights on piggybacking processes. Among several findings providing insights analysis techniques should build upon to improve the overall detection and classification accuracy of piggybacked apps, we show that piggybacking operations not only concern app code, but also extensively manipulates app resource files, largely contradicting common beliefs. We also find that piggybacking is done with little sophistication, in many cases automatically, and often via library code.
format text
author LI, Li
LI, Daoyuan
BISSYANDE, Tegawende F.
KLEIN, Jacques
TRAON, Yves Le
LO, David
CAVALLARO, Lorenzo
author_facet LI, Li
LI, Daoyuan
BISSYANDE, Tegawende F.
KLEIN, Jacques
TRAON, Yves Le
LO, David
CAVALLARO, Lorenzo
author_sort LI, Li
title Understanding Android app piggybacking: A systematic study of malicious code grafting
title_short Understanding Android app piggybacking: A systematic study of malicious code grafting
title_full Understanding Android app piggybacking: A systematic study of malicious code grafting
title_fullStr Understanding Android app piggybacking: A systematic study of malicious code grafting
title_full_unstemmed Understanding Android app piggybacking: A systematic study of malicious code grafting
title_sort understanding android app piggybacking: a systematic study of malicious code grafting
publisher Institutional Knowledge at Singapore Management University
publishDate 2017
url https://ink.library.smu.edu.sg/sis_research/3694
https://ink.library.smu.edu.sg/context/sis_research/article/4696/viewcontent/UnderstandingAndroidApp_2017.pdf
_version_ 1770573673935142912