Looking back! Using early versions of Android apps as attack vectors

Android platform is gaining explosive popularity. This leads developers to invest resources to maintain the upward trajectory of the demand. Unfortunately, as the profit potential grows higher, the chances of these Apps getting attacked also get higher. Therefore, developers improved the security of...

Full description

Saved in:
Bibliographic Details
Main Authors: ZHANG, Yue, WENG, Jian, WNEG, Jia-Si, HOU, Lin, YANG, Anjia, LI, Ming, XIANG, Yang, DENG, Robert H.
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2021
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/6586
https://ink.library.smu.edu.sg/context/sis_research/article/7589/viewcontent/08703119.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-7589
record_format dspace
spelling sg-smu-ink.sis_research-75892022-01-13T08:25:19Z Looking back! Using early versions of Android apps as attack vectors ZHANG, Yue WENG, Jian WNEG, Jia-Si HOU, Lin YANG, Anjia LI, Ming XIANG, Yang DENG, Robert H., Android platform is gaining explosive popularity. This leads developers to invest resources to maintain the upward trajectory of the demand. Unfortunately, as the profit potential grows higher, the chances of these Apps getting attacked also get higher. Therefore, developers improved the security of their Apps, which limits attackers ability to compromise upgraded versions of the Apps. However, developers cannot enhance the security of earlier versions that have been released on the Play Store. The earlier versions of the App can be subject to reverse engineering and other attacks. In this paper, we find that attackers can use these earlier versions as attack vectors, which threatens well protected upgraded versions. We show how to attack the upgraded versions of some popular Apps, including Facebook, Sina Weibo and Qihoo360-Cloud-Driven by analyzing the vulnerabilities existing in their earlier versions. We design and implement a tool named DroidSkynet to analyze and find out vulnerable apps from the Play Store. Among 1,500 mainstream Apps collected from the real world, our DroidSkynet indicates the success rate of attacking an App using an earlier version is 34 percent. We also explore possible mitigation solutions to achieve a balance between utility and security of the App update process. 2021-04-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/6586 info:doi/10.1109/TDSC.2019.2914202 https://ink.library.smu.edu.sg/context/sis_research/article/7589/viewcontent/08703119.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Android early version attack vector reverse engineering code protection Information Security Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Android
early version
attack vector
reverse engineering
code protection
Information Security
Software Engineering
spellingShingle Android
early version
attack vector
reverse engineering
code protection
Information Security
Software Engineering
ZHANG, Yue
WENG, Jian
WNEG, Jia-Si
HOU, Lin
YANG, Anjia
LI, Ming
XIANG, Yang
DENG, Robert H.,
Looking back! Using early versions of Android apps as attack vectors
description Android platform is gaining explosive popularity. This leads developers to invest resources to maintain the upward trajectory of the demand. Unfortunately, as the profit potential grows higher, the chances of these Apps getting attacked also get higher. Therefore, developers improved the security of their Apps, which limits attackers ability to compromise upgraded versions of the Apps. However, developers cannot enhance the security of earlier versions that have been released on the Play Store. The earlier versions of the App can be subject to reverse engineering and other attacks. In this paper, we find that attackers can use these earlier versions as attack vectors, which threatens well protected upgraded versions. We show how to attack the upgraded versions of some popular Apps, including Facebook, Sina Weibo and Qihoo360-Cloud-Driven by analyzing the vulnerabilities existing in their earlier versions. We design and implement a tool named DroidSkynet to analyze and find out vulnerable apps from the Play Store. Among 1,500 mainstream Apps collected from the real world, our DroidSkynet indicates the success rate of attacking an App using an earlier version is 34 percent. We also explore possible mitigation solutions to achieve a balance between utility and security of the App update process.
format text
author ZHANG, Yue
WENG, Jian
WNEG, Jia-Si
HOU, Lin
YANG, Anjia
LI, Ming
XIANG, Yang
DENG, Robert H.,
author_facet ZHANG, Yue
WENG, Jian
WNEG, Jia-Si
HOU, Lin
YANG, Anjia
LI, Ming
XIANG, Yang
DENG, Robert H.,
author_sort ZHANG, Yue
title Looking back! Using early versions of Android apps as attack vectors
title_short Looking back! Using early versions of Android apps as attack vectors
title_full Looking back! Using early versions of Android apps as attack vectors
title_fullStr Looking back! Using early versions of Android apps as attack vectors
title_full_unstemmed Looking back! Using early versions of Android apps as attack vectors
title_sort looking back! using early versions of android apps as attack vectors
publisher Institutional Knowledge at Singapore Management University
publishDate 2021
url https://ink.library.smu.edu.sg/sis_research/6586
https://ink.library.smu.edu.sg/context/sis_research/article/7589/viewcontent/08703119.pdf
_version_ 1770575996500574208