of the above injections. Some of them do issue some warnings tagged as security issues, by using some syntactical check of the code. Namely, SonarQube com- plains about the fact that some public fields should have been declared as final, since they are never modified; or that some visibility modifier is too weak; it also complains about calls to File.delete() without checking the result value, which in Java is meant to inform about the outcome of the operation. Julia would issue the same warnings, had the corresponding checkers been turned on; however, it does not tag them as security issues but rather as bugs or inefficiencies. Fur- thermore, the DSF app has not been analyzed with these tools, that cannot work on bytecode. Qark issues warnings about a too small minSdkVersion in the AndroidManifest.xml, which is known to allow some security problems; it also warns about the run-time registration of Android broadcast receivers, that might allow some form of data hijacking. FlowDroid issues Android security warnings about writing information in a log file, since it warns at all logging calls. The same happens for method putString, that FlowDroid assumes to al- ways inject tainted data into an intent. These are all simple syntactical checks of the code, in the sense that the analyzers do not make any effort in proving that the risk is real or only potential, which results in false alarms. These analyses are only simply pattern-matching. Julia avoids such false alarms since it performs a taintedness analysis of data, instead. Moreover, FlowDroid issues no warnings about information flow from/to the CAN bus. FindBugs and SpotBugs issue no security warning at all on the analyzed apps.
Hence, we observe there is a reduction of 5.74 % of mass of the automotive spring at candidate point 1 where coil radius is 9.0465 mm and wire diameter is 3.453625 mm. At candidate point 2, a reduction of 2.52 % of mass is obtained with coil radius 9.19 mm and wire diameter 3.488mm. We also observe the deformation and shear stress is well within limits at all the points predicted.
RiskRanker , among others, has a broader coverage. It exploits a proactive scheme that requires no malware specimen and their signatures. It provides two orders of risk analysis, firstly by statically analysing whether sample exploits platform-level vulnerabilities, and secondly searching for specific behaviour patterns, which malware commonly adopt but that is uncommon among legitimate apps. The result shows that RiskRanker is quite efficient to detect zero-day malware. But the detection mechanism can be easily circumvented by informed malware developers. Our work shares the same goal with RiskRanker, to identify the application risk in advance but, our analyser provides a broader coverage. Our static analyser extends this approach with the FileScan module, which analyses all the files stored in apks. It is able to pin point dangerous and potentially malicious files, such as embedded apps or hidden commands. In this way, by combining the analysis performed by Behaviour and FileScan modules, our static analyser strives to cover a larger surface and gives more concrete results of the risk level of analysed samples. Furthermore, our dynamic analysis module provides a thorough analysis of the analysed app running in an emulated environment, showing the real behaviour of the suspicious samples, and possibly confirming its potential risks.
Other approaches are tailored to third-party libraries on Android, e.g., by employing the concept of whitelisting package names to detect libraries within app code [65, 29, 33]. As such approaches fail to cope with even simple obfuscation techniques such as identifier renaming, more robust approaches based on machine learning or code clustering have been investigated. AdDetect  and PEDAL  use machine-learning to detect advertising libraries. AdDetect uses hierarchical package clustering to detect (non-)primary modules of apps whereas PEDAL extracts code-features from library SDKs and uses package relationship information to train a classifier to detect libraries even when identifiers are obfuscated. AnDarwin  and WuKong  detect app clones with high accuracy by filtering library code that is detected by means of code clustering techniques. Such approaches rely on the assumptions that libraries are pervasively used by many apps, and app developers do not modify the library. However, this second assumption is unrealistic, since automatic/manual dead-code elimination during app building will necessarily modify the library code . Moreover, these approaches only provide binary classifications since they cannot name the concrete library versions used within the apps. The recent LibRadar  extends WuKong’s clustering approach and generates unique profiles for each detected cluster. Profiles are generated from the frequency of API calls within distinct packages in a cluster and can subsequently be used for fast library detection. With this approach, LibRadar was able to find 29K potential libraries on a large corpus of Google Play apps. This number presumably constitutes an over-approximation, since the original code clustering and the subsequent feature extraction are not performed on the original libraries. This lack of ground truth produces false positives when multiple libraries have the same root package (e.g. com.google for the various Google Play Service libraries and Google libs like Gson/Guice). To avoid such heuristics, we extract our profiles from the original library binaries. This comes at the cost of completeness but has several advantages such as less false positives and the possibility of inferring exact library versions. In addition, this allows computation of more reliable similarity values for partial library inclusions (as a result of code optimizations).
The paper doesn’t embrace what datasets used and valuation measures. Additionally, it does not illustrate all the latest works extensively. According to Peng et al,., they scrutinize advancement of mobile malware, damages they cost and their proliferation model. Different operating systems are accounted for in the paper making it difficult to carefully review all available types. Conversely, we emphasize static malware detection for AndroidApps Permit to mitigate how best the method is compared to dynamic, hybrid or metadata malware detection and prevention methods where the application is run on the user device without the user's knowledge of what is actually happening on the background. The remainder of this paper is organized as follows. Section 2 offers background information on android and staticanalysis needed for paper repository by discussing definitions of static program analysis, model permission and techniques of analysis. Section 3 presents a summary of related work using staticanalysis presentations based on permissions from androidapps. Section 4 addresses the description of androidapps in reverse engineering. Section 5 outlines the debates and the paper is concluded.
Applications based on the Internet of Things (IoT) are increasingly vulnerable to disruption from cyber attacks. Developers and researchers attempt to prevent the growth of such disruption models, mitigate and limit their impact. This requires the understanding and characterization of things and the technologies that empower the IoT. Futhermore, tools to evaluate, analyze and detect security threats in IoT devices are strongly required. This paper presents a web tool, named GARMDROID, aimed to help IoT software developers and integrators to evaluate IoT security threats based on the visualization of Android application hardware requests. This procedure is based on the staticanalysis of permissions requested by Android applications. A mapping from the malware analysis data obtained to a SysML block definition diagram is also briefly described. This mapping shows how data can be used to model IoT systems under different proposals such as Model Integrated Mechatronics (MIM) and UML4IoT.
type, the Android SDK provides a base class from which the developer can inherit. Furthermore, each component type has its own lifecycle that defines how the operating system can interact with the component by calling methods pre-defined in the base classes. Conceptually, this retricts the possible sequences of method calls made by the operating system. Figure 14 shows the activity lifecycle 26 . The activity has the most complex lifecycle of all four component types. Still, even Figure 14, which is taken from the official Android documentation, is incomplete. As explained above, an activity must always be prepared to save its state before being stopped, and to restore its state after being resumed. For this state handling, Android provides the two additional lifecycle methods onSaveInstanceState and onRestoreInstanceState. Carefully reading the documentation (including the API’s Javadoc) and investigating the Android source code reveals more such methods (e.g., onPostCreate) that are missing from the lifecycle graphics. Nevertheless, all these methods must be added to the lifecycle to precisely capture the actual interaction between the Android operating system and the app at runtime.
Android developers heavily use reflection in their apps for legitimate reasons, but also significantly for hiding malicious actions. Unfortunately, current state-of-the-art static anal- ysis tools for Android are challenged by the presence of re- flective calls which they usually ignore. Thus, the results of their security analysis, e.g., for private data leaks, are incon- sistent given the measures taken by malware writers to elude static detection. We propose the DroidRA instrumentation- based approach to address this issue in a non-invasive way. With DroidRA, we reduce the resolution of reflective calls to a composite constant propagation problem. We leverage the COAL solver to infer the values of reflection targets and app, and we eventually instrument this app to include the corresponding traditional Java call for each reflective call. Our approach allows to boost an app so that it can be im- mediately analyzable, including by such static analyzers that were not reflection-aware. We evaluate DroidRA on bench- mark apps as well as on real-world apps, and demonstrate that it can allow state-of-the-art tools to provide more sound and complete analysis results.
A system call is the mechanism through which a user interacts with the kernel in the operating system to request an action to be performed. Similarly in Android users interact with the operating system through the system calls. In this approach, the system calls have been extracted in the Dynamic analysis phase. In order to achieve this we have made use of the Android Emulator which comes along with the Android Studio . Here we execute each Android application in separate emulator and record the system calls as soon as the application is installed in the emulator. This methodology records the frequency of all the successful system calls recorded. The log file contains percentage of the time utilized by the system call, seconds of the time for which the system call executed, count of the successful execution of the system call, number of errors in the interaction of system call and the name of the system call.
Abstract. The number of Androidapps have grown explosively in re- cent years and the number of apps leaking private data have also grown. It is necessary to make sure all the apps are not leaking private data before putting them to the app markets and thereby a privacy leaks detection tool is needed. We propose a static taint analysis approach which leverages the control-flow graph (CFG) of apps to detect privacy leaks among Androidapps. We tackle three problems related to inter- component communication (ICC), lifecycle of components and callback mechanism making the CFG imprecision. To bridge this gap, we ex- plicitly connect the discontinuities of the CFG to provide a precise CFG. Based on the precise CFG, we aim at providing a taint analysis approach to detect intra-component privacy leaks, inter-component privacy leaks and also inter-app privacy leaks.
Context Sensitivity. In a context-sensitive analysis, when analysing the target of a function call, one keeps track of the calling con- text. This information may allow to go back and forth to and from the original call site with precision, instead of trying out all possible call sites in the program. In the illustrative example of Figure 1d, at line 6, method walk is called by object a. Con- sidering a context-sensitive analysis, each method call is mod- eled independently. That is, for the first method call (line 4), the model of the parameter points to c and the return value model points to c. For the second method call (line 5), the model of the parameter points to h and the return value model points to h. Thus, only method Human.walk is added to the call graph. On the other hand, a context-insensitive analysis has only a single model of the parameter and a single model of the return value for a given method. Consequently, in a context-insensitive anal- ysis the model of the parameter points to c and h and the return value to c and h. Thus, a context-insensitive approach has both methods Human.walk and Cat.walk in the call graph. Object Sensitivity. An object-sensitive approach is a context- sensitive approach that distinguishes invocations of methods made on di↵erent objects. Take the code snippet of Figure 1e as an example. At line two and three, two Contains objects are instantiated. Variables c1 and c2 refer to these objects. The class Contains has an instance field animal of type Animal and an instance method setAnimal to associate a value with field animal. At line four, method setAnimal is called on c1 with a Human object as parameter. At line five, method setAni-
The Reflection Analysis Module identifies reflective calls in a given app and maps their target string/object values. For instance, considering the motivating example from the DroidBench app pre- sented in Listing 5.1, the aim with RAM is to extract not only the method name in the m2.invoke(o) reflective call (line 8 in Listing 5.1), but also the class name that m2 belongs to. In other words, we have to associate m2 with getImei, but also o with de.ecspride.Ref lectiveClass. To that end, based on the motivation example and our study of reflective call patterns, we observe that the reflection problem can be modeled as a constant propagation problem within an Android Inter-procedural Control-Flow Graph. Indeed, mapping a reflective call eventually consists in resolving the value of its parameters (i.e., name and type) through a context-sensitive and flow-sensitive inter-procedural data-flow analysis. The purpose is to obtain highly precise results, which are very important since the app will be automatically instrumented without any manual check of the results. Let us consider the resolution of the value of m2 in line 8 (‘String s = (String) m2.invoke(o)’ in Listing 5.1) as an example: if we cannot precisely extract the class name that m2 belongs to, say, our RAM tells that m2 belongs to class TelephonyManager, rather than the right class ReflectiveClass, then, during instrumentation, we will write code calling m2 as a member of TelephonyManager, which would yield an exception at runtime (e.g., no such method error), and consequently fail the staticanalysis. To build a mapping from reflective calls to their target string/object values, our staticanalysis adopts an inter-procedural, context-sensitive, flow-sensitive analysis approach leveraging the composite COnstant propAgation Language (COAL)  for specifying the reflection problem. In order to use COAL, the first step is to model the reflection analysis problem independently from any app using the abstract pattern of reflective call inferred in Section 184.108.40.206. This generic model is specified by composite objects, e.g., a reflective method is being specified as an object (in COAL) with two fields: the method name and its declaring class name. Once reflection analysis has been modeled, we build on top of the COAL solver to implement a specific analyzer for reflection. This analyzer then performs composite constant propagation to solve the previously defined composite objects and thereby to infer the reflective call target values.
Repository Search. To find datasets of publications we first lever- age five well-known electronic repositories, namely ACM Digi- tal Library 6 , IEEE Xplore Digital Library 7 , SpringerLink 8 , Web of Knowledge 9 and ScienceDirect 10 . Because in some cases the repository search engine imposes a limit to the amount of search result meta-data that can be downloaded, we consider, for such cases, splitting the search string and iterating until we collect all relevant meta-data of publications. For example, SpringerLink only allows to collect information on the first 1,000 items from its search results. Unfortunately, by applying our predefined search string, we get more than 10,000 results on this reposi- tory. Consequently, we must split our search string to narrow down the findings and afterwards combine all the findings into a final set. In other cases, such as with ACM Digital Library, where the repository search engine does not provide a way to download a batch of search results (meta-data), we resort to python scripts to scale up the collection of relevant publications.
of the targets. Second, we compare DroidRA with a state-of- the-art approach proposed by Barros et al.  (hereinafter we refer to it as the checker framework) on 10 open-sourced apps, which are actually used by Barros previously in their experiments. The results show that DroidRA is able to re- solve more reflective methods/constructors (e.g., 10 more constructors on 10 F-Droid apps that are previously used by Barros), though it does not need the source code of analyzed apps and additional developers efforts as what checker frame- work needs. Third, we check whether DroidRA is capable to support existing static analyzers to build sounder call graphs of Androidapps. To this end, we select Soot static analyzer to perform our experiments. In the same 500 apps that we have leveraged in our first evaluation aspect, for each app, 5
Privacy leakage in this paper means the stealing of user’s confidential information by getting the unauthorized access to resources during installation such as Device ID, contacts, call records, location information etc. and send these information through messages or network. As if now the methods of finding users data privacy and leakage of information in Smartphone has mainly two types, static and dynamic. Staticanalysis means to focus on control flow, data flow and structural analysis . As Androids major part is written in java programming language which has large number of function calls staticanalysis is not as effective as dynamic. As compared to static, dynamic analysis is concerned about sandboxing and dynamic taint tracking method. Sandboxing is the way of isolating android OS. Some background researches on Android security are mentioned as follows:
and Android’s Monkey program was run with 200 random key strokes. A key stroke is an action that a user can make, for example a finger touching the screen at a certain position. Since the key strokes are randomly selected, we wanted to ensure maximum operations while simultaneously not overwhelming the application. We tested different values for the number of key strokes and 200 was empirically chosen as it gave us adequate coverage and simultaneously did not produce a log file that was unreasonable large in size. At the end of the simulated interaction, the log file containing the logged function calls was extracted from the emulator. An application’s package name is written into the AndroidManifest.xml file. The package name is used to identify the main package of the application for the categorization of edges. We retrieved the application’s package name by using the Android Asset Packaging Tool(aapt) on the APK file and then run our tool with the extracted log file, dot file and the package name.
to form a Pareto-optimal set, while the corresponding objective vectors (containing the values of the objective functions) are said to form a Pareto frontier. Identifying a Pareto frontier is useful because the software engineer can use the frontier to make a well-informed decision that balances the trade-o↵s between the di↵erent objectives. In our context, one could select color choices achieving the lowest energy consumption, having the highest contrast, being the closest to the original design, or a compromise among these objectives. The specific multi-objective GAs we use for GEMMA is the Non-dominated Sorting Ge- netic Algorithms NSGA-II , which tries to ensure diversity in the evolving populations to avoid the situation where populations have been filled only with dominating solutions (because of the elitism e↵ect, i.e., best solutions are preserved). The key idea behind NSGA-II is to use an elitist selection strategy for replacement (with respect to fitness and spread). For each generation, parents and o↵springs are gathered in a mating pool. A fast, non-dominated sorting approach is used to rank these individuals in subsequent Pareto fronts. Then, the next generation is built by preferring the individuals with the lower non-domination ranks. In case of individuals with the same rank, the selection de- pends on a diversity preservation mechanism. A density measure—crowding distance—is computed in the objective space. The tournament used to select parents for reproduction is based on this density measure.
Apps Changing Default Settings: Apps that configure the con- nections with parameters other than the default ones include Uber, Facebook, and Microsoft apps (among others). While some of these apps alter parameters for better security (e.g., Facebook removes RC4, 3DES, and other vulnerable cipher suites from OpenSSL list of cipher suites), others do it in a way that arguably makes TLS connections less secure. For example, all analyzed versions of Black- Berry Messenger , Viber , Wire , and Jio4GVoice  voice-over-IP (VoIP) use a short list of 1 to 3 cipher suites in TCP- based TLS connections to some of their servers, none of which provide forward-secret key exchange algorithms. Such ciphers al- low a passive observer that records encrypted communications of these connections and has the ability to access the private keys of these servers to be able to decrypt all encrypted communica- tions offline, provided that there are no other encryptions used on top of TLS. 4 While this might be impractical for most in-path attackers, it is a feasible attack vector for nation-state adversaries capable of both passively collecting large amounts of encrypted traffic and gaining access to private keys using legal means and court subpoenas.
Most of the apps initially released with some bugs into the app store. The developers sometimes unknowingly and sometimes due to their carelessness release the apps with bugs. The bugs were identified with bugs the developers release the patches in the form of updates to the app. Most of the smartphone users for saving the mobile data close their automatic updates and such type of users have to manually update their apps. In the process of manual of such kind of apps users use their older versions till the performance of app seems to be slow. This usage of outdated apps giving a provision for the attackers to introduce DOS attacks through apps which makes the app run slower and sometimes may stop the app service. McAfee standard reports in 2016 has suggested that constant needed for all the apps to prevent the apps from the following Stealing the user sensitive information from the mobiles, Protection from reading your personal or work emails, other file, to stop sending fake text messages on your behalf, loading viruses into your phone without your knowledge etc.
methods are used day-by-day. Compression is the art of representing the information in a compact form rather than its original or uncompressed form. In other words, size of a file can be reduced using compression methods.  Image compression addresses the problem of reducing the amount of data required to represent a digital image. It is a process intended to yield a compact representation of an image, thereby reducing the image storage/transmission requirements.