SmartDroid Conference Paper uri icon

abstract

  • User interface UIinteractions are essential to Android applications, as many Activities require UI interactions to be triggered. This kind of UI interactions could also help malicious apps to hide their sensitive behaviors e.g., sending SMS or getting the user's device IDfrom being detected by dynamic analysis tools such as TaintDroid, because simply running the app, but without proper UI interactions, will not lead to the exposure of sensitive behaviors. In this paper we focus on the challenging task of triggering a certain behavior through automated UI interactions. In particular, we propose a hybrid static and dynamic analysis method to reveal UI-based trigger conditions in Android applications. Our method first uses static analysis to extract expected activity switch paths by analyzing both Activity and Function Call Graphs, and then uses dynamic analysis to traverse each UI elements and explore the UI interaction paths towards the sensitive APIs. We implement a prototype system SmartDroid and show that it can automatically and efficiently detect the UI-based trigger conditions required to expose the sensitive behavior of several Android malwares, which otherwise cannot be detected with existing techniques such as TaintDroid.

name of conference

  • the second ACM workshop

published proceedings

  • Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices - SPSM '12

author list (cited authors)

  • Zheng, C., Zhu, S., Dai, S., Gu, G., Gong, X., Han, X., & Zou, W.

citation count

  • 156

complete list of authors

  • Zheng, Cong||Zhu, Shixiong||Dai, Shuaifu||Gu, Guofei||Gong, Xiaorui||Han, Xinhui||Zou, Wei

publication date

  • January 2012