Deakin University
Browse

File(s) under permanent embargo

Security analysis of modern mission critical android mobile applications

Version 2 2024-06-04, 02:38
Version 1 2017-03-24, 08:02
conference contribution
posted on 2024-06-04, 02:38 authored by X zheng, Lei PanLei Pan, E Yilmaz
Mobile devices have become an indispensable component of our daily life. New applications published by developers help users to do their daily activities easier and faster. As the market leader of mobile OS, Android provides numerous applications in official and other application markets. However the simplified access model to mobile applications makes malicious applications more accessible to sensitive data that users store on their mobile devices. For instance, mobile banking applications are lucrative targets of the hackers to access user data without authorization. Current security structure of the Android OS makes trivial for hackers to acquire source codes of legitimate applications and republish them after injecting malicious codes into the original source codes. This process of acquiring legitimate application codes, modifying them with malicious intents and then republishing on available application stores is often known as Repackaging attack. The main focus of this study is to ana- lyze popular security attacks to mobile applications, conduct preliminary experiments to evaluate the feasibility and difficulty in implementing security attacks to a mission critical mobile application, identify existing solutions and research gaps, and propose research directions. We successfully conduct three repackaging attacks to access victim's data by by using different hacking tools and techniques. By analyzing these scenarios, we evaluate their level of risks and propose technical mitigation.

History

Pagination

1-9

Location

Geelong, Victoria

Start date

2017-01-30

End date

2017-02-03

ISBN-13

9781450347686

Language

eng

Notes

Best Paper Award

Publication classification

E Conference publication, E1 Full written paper - refereed

Copyright notice

2017, ACM

Editor/Contributor(s)

[Unknown]

Title of proceedings

ACSW 2017 : Proceedings of the Australasian Computer Science Week Multiconference

Event

Australasian Computer Science Week. Multiconference (2017 : Geelong, Victoria)

Publisher

Association for Computing Machinery

Place of publication

New York, N.Y.