Security analysis of modern mission critical android mobile applications
Version 2 2024-06-04, 02:38Version 2 2024-06-04, 02:38
Version 1 2017-03-24, 08:02Version 1 2017-03-24, 08:02
conference contribution
posted on 2024-06-04, 02:38authored byX zheng, Lei PanLei Pan, E Yilmaz
Mobile devices have become an indispensable component of our daily life. New applications published by developers help users to do their daily activities easier and faster. As the market leader of mobile OS, Android provides numerous applications in official and other application markets. However the simplified access model to mobile applications makes
malicious applications more accessible to sensitive data that users store on their mobile devices. For instance, mobile banking applications are lucrative targets of the hackers to access user data without authorization. Current security structure of the Android OS makes trivial for hackers to
acquire source codes of legitimate applications and republish them after injecting malicious codes into the original source codes. This process of acquiring legitimate application codes, modifying them with malicious intents and then republishing on available application stores is often known as Repackaging attack. The main focus of this study is to ana-
lyze popular security attacks to mobile applications, conduct preliminary experiments to evaluate the feasibility and difficulty in implementing security attacks to a mission critical mobile application, identify existing solutions and research gaps, and propose research directions. We successfully conduct three repackaging attacks to access victim's data by by using different hacking tools and techniques. By analyzing these scenarios, we evaluate their level of risks and propose technical mitigation.