It is pretty well known that insecure code updating procedures for Android allow remote code injection attack. However, other than codes, there are many resources in Android that have to be updated, such as temporary files, images, databases, and configurations (XML and JSON). Security of update procedures for these resources is largely unknown. This paper investigates general conditions for remote code injection attacks on these resources. Using this, we design and implement a static detection tool that automatically identifies apps that meet these conditions. We apply the detection tool to a large dataset comprising 9,054 apps, from three different types of datasets: official market, third-party market, and preinstalled apps. As a result,...
An enormous number of apps have been developed for Android in recent years, making it one of the mos...
An enormous number of apps have been developed for Android in recent years, making it one of the mos...
Native code is now commonplace within Android app packages where it co-exists and interacts with Dex...
Abstract—The design of the Android system allows applica-tions to load additional code from external...
Injection attacks are the top two causes of software errors and vulnerabilities, according to the MI...
A paper co-authored by William Glisson published in the Proceedings of the 50th Hawaii International...
The increasing number of repeated malware penetrations into official mobile app markets poses a high...
Malicious reverse engineering is a prominent activity conducted by attackers to plan their code tamp...
First we report on a new threat campaign, underway in Korea, which infected around 20,000 Android us...
Android has dominated the mobile market for a few years now, and continues to increase its market sh...
Expecting the shipment of 1 billion Android devices in 2017, cyber criminals have naturally extended...
Part 4: Challenges of Security and ReliabilityInternational audienceFirst we report on a new threat ...
The ubiquity of smartphones, and their very broad capabilities and usage, make the security of these...
Android has provided dynamic code loading (DCL) since API level one. DCL allows an app developer to ...
Exfiltrating sensitive information from smartphones has become one of the most significant security ...
An enormous number of apps have been developed for Android in recent years, making it one of the mos...
An enormous number of apps have been developed for Android in recent years, making it one of the mos...
Native code is now commonplace within Android app packages where it co-exists and interacts with Dex...
Abstract—The design of the Android system allows applica-tions to load additional code from external...
Injection attacks are the top two causes of software errors and vulnerabilities, according to the MI...
A paper co-authored by William Glisson published in the Proceedings of the 50th Hawaii International...
The increasing number of repeated malware penetrations into official mobile app markets poses a high...
Malicious reverse engineering is a prominent activity conducted by attackers to plan their code tamp...
First we report on a new threat campaign, underway in Korea, which infected around 20,000 Android us...
Android has dominated the mobile market for a few years now, and continues to increase its market sh...
Expecting the shipment of 1 billion Android devices in 2017, cyber criminals have naturally extended...
Part 4: Challenges of Security and ReliabilityInternational audienceFirst we report on a new threat ...
The ubiquity of smartphones, and their very broad capabilities and usage, make the security of these...
Android has provided dynamic code loading (DCL) since API level one. DCL allows an app developer to ...
Exfiltrating sensitive information from smartphones has become one of the most significant security ...
An enormous number of apps have been developed for Android in recent years, making it one of the mos...
An enormous number of apps have been developed for Android in recent years, making it one of the mos...
Native code is now commonplace within Android app packages where it co-exists and interacts with Dex...