When program analysis meets mobile security: An industrial study of misusing android internet sockets

Wenqi Bu, Minhui Xue, Lihua Xu, Yajin Zhou, Zhushou Tang, Tao Xie

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Despite recent progress in program analysis techniques to identify vulnerabilities in Android apps, significant challenges still remain for applying these techniques to large-scale industrial environments. Modern software-security providers, such as Qihoo 360 and Pwnzen (two leading companies in China), are often required to process more than 10 million mobile apps at each run. In this work, we focus on effectively and efficiently identifying vulnerable usage of Internet sockets in an industrial setting. To achieve this goal, we propose a practical hybrid approach that enables lightweight yet precise detection in the industrial setting. In particular, we integrate the process of categorizing potential vulnerable apps with analysis techniques, to reduce the inevitable human inspection effort. We categorize potential vulnerable apps based on characteristics of vulnerability signatures, to reduce the burden on static analysis. We flexibly integrate static and dynamic analyses for apps in each identified family, to refine the family signatures and hence target on precise detection.We implement our approach in a practical system and deploy the system on the Pwnzen platform. By using the system, we identify and report potential vulnerabilities of 24 vulnerable apps (falling into 3 vulnerability families) to their developers, and some of these reported vulnerabilities are previously unknown. The apps of each vulnerability family in total have over 50 million downloads. We also propose countermeasures and highlight promising directions for technology transfer.

Original languageEnglish (US)
Title of host publicationESEC/FSE 2017 - Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering
EditorsAndrea Zisman, Eric Bodden, Wilhelm Schafer, Arie van Deursen
PublisherAssociation for Computing Machinery
Pages842-847
Number of pages6
ISBN (Electronic)9781450351058
DOIs
StatePublished - Aug 21 2017
Event11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE 2017 - Paderborn, Germany
Duration: Sep 4 2017Sep 8 2017

Publication series

NameProceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering
VolumePart F130154

Other

Other11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE 2017
Country/TerritoryGermany
CityPaderborn
Period9/4/179/8/17

Keywords

  • Android security
  • Internet sockets
  • Vulnerability analysis

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'When program analysis meets mobile security: An industrial study of misusing android internet sockets'. Together they form a unique fingerprint.

Cite this