{"title":"Understanding the Service Life Cycle of Android Apps: An Exploratory Study","authors":"Kobra Khanmohammadi, M. Rejali, A. Hamou-Lhadj","doi":"10.1145/2808117.2808123","DOIUrl":null,"url":null,"abstract":"The fast growing use of the Android platform has been accompanied with an increase of malwares in Android applications. A popular way in distributing malwares in the mobile world is through repackaging legitimate apps, embedding malicious code in them, and publishing them in app stores. Therefore, examining the similarity between the behavior of malicious and normal apps can help detect malwares due to repacking. Malicious apps operate by keeping their operations invisible to the user. They also run long enough to perform their malicious tasks. One way to detect malicious apps is to examine their service life cycle. In this paper, we examine the service life cycle of apps. We extract various features of app services. We use these features to classify over 250 normal and malicious apps. Our findings show that malicious apps tend to use services to do their malicious operation and have no communication with the other components of the app, whereas the services in normal apps are usually bound to other components and send messages to notify users about the operations they perform. The results of this exploratory study can be used in the future to design techniques for detecting malicious apps using the classification of their service features.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2808117.2808123","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
Abstract
The fast growing use of the Android platform has been accompanied with an increase of malwares in Android applications. A popular way in distributing malwares in the mobile world is through repackaging legitimate apps, embedding malicious code in them, and publishing them in app stores. Therefore, examining the similarity between the behavior of malicious and normal apps can help detect malwares due to repacking. Malicious apps operate by keeping their operations invisible to the user. They also run long enough to perform their malicious tasks. One way to detect malicious apps is to examine their service life cycle. In this paper, we examine the service life cycle of apps. We extract various features of app services. We use these features to classify over 250 normal and malicious apps. Our findings show that malicious apps tend to use services to do their malicious operation and have no communication with the other components of the app, whereas the services in normal apps are usually bound to other components and send messages to notify users about the operations they perform. The results of this exploratory study can be used in the future to design techniques for detecting malicious apps using the classification of their service features.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
