When program analysis meets mobile security: An industrial study of misusing android internet sockets

Wenqi Bu; Minhui Xue; Lihua Xu; Yajin Zhou; Zhushou Tang; Tao Xie

doi:10.1145/3106237.3117764

When program analysis meets mobile security: An industrial study of misusing android internet sockets

Wenqi Bu, Minhui Xue, Lihua Xu, Yajin Zhou, Zhushou Tang, Tao Xie

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Despite recent progress in program analysis techniques to identify vulnerabilities in Android apps, significant challenges still remain for applying these techniques to large-scale industrial environments. Modern software-security providers, such as Qihoo 360 and Pwnzen (two leading companies in China), are often required to process more than 10 million mobile apps at each run. In this work, we focus on effectively and efficiently identifying vulnerable usage of Internet sockets in an industrial setting. To achieve this goal, we propose a practical hybrid approach that enables lightweight yet precise detection in the industrial setting. In particular, we integrate the process of categorizing potential vulnerable apps with analysis techniques, to reduce the inevitable human inspection effort. We categorize potential vulnerable apps based on characteristics of vulnerability signatures, to reduce the burden on static analysis. We flexibly integrate static and dynamic analyses for apps in each identified family, to refine the family signatures and hence target on precise detection.We implement our approach in a practical system and deploy the system on the Pwnzen platform. By using the system, we identify and report potential vulnerabilities of 24 vulnerable apps (falling into 3 vulnerability families) to their developers, and some of these reported vulnerabilities are previously unknown. The apps of each vulnerability family in total have over 50 million downloads. We also propose countermeasures and highlight promising directions for technology transfer.

Original language	English (US)
Title of host publication	ESEC/FSE 2017 - Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering
Editors	Andrea Zisman, Eric Bodden, Wilhelm Schafer, Arie van Deursen
Publisher	Association for Computing Machinery
Pages	842-847
Number of pages	6
ISBN (Electronic)	9781450351058
DOIs	https://doi.org/10.1145/3106237.3117764
State	Published - Aug 21 2017
Event	11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE 2017 - Paderborn, Germany Duration: Sep 4 2017 → Sep 8 2017

Publication series

Name	Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering
Volume	Part F130154

Other

Other	11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE 2017
Country/Territory	Germany
City	Paderborn
Period	9/4/17 → 9/8/17

Keywords

Android security
Internet sockets
Vulnerability analysis

ASJC Scopus subject areas

Software

Online availability

10.1145/3106237.3117764

Library availability

Discover UIUC Full Text

Cite this

Bu, W., Xue, M., Xu, L., Zhou, Y., Tang, Z., & Xie, T. (2017). When program analysis meets mobile security: An industrial study of misusing android internet sockets. In A. Zisman, E. Bodden, W. Schafer, & A. van Deursen (Eds.), ESEC/FSE 2017 - Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (pp. 842-847). (Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering; Vol. Part F130154). Association for Computing Machinery. https://doi.org/10.1145/3106237.3117764

When program analysis meets mobile security: An industrial study of misusing android internet sockets. / Bu, Wenqi; Xue, Minhui; Xu, Lihua et al.
ESEC/FSE 2017 - Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. ed. / Andrea Zisman; Eric Bodden; Wilhelm Schafer; Arie van Deursen. Association for Computing Machinery, 2017. p. 842-847 (Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering; Vol. Part F130154).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Bu, W, Xue, M, Xu, L, Zhou, Y, Tang, Z & Xie, T 2017, When program analysis meets mobile security: An industrial study of misusing android internet sockets. in A Zisman, E Bodden, W Schafer & A van Deursen (eds), ESEC/FSE 2017 - Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering, vol. Part F130154, Association for Computing Machinery, pp. 842-847, 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE 2017, Paderborn, Germany, 9/4/17. https://doi.org/10.1145/3106237.3117764

Bu W, Xue M, Xu L, Zhou Y, Tang Z, Xie T. When program analysis meets mobile security: An industrial study of misusing android internet sockets. In Zisman A, Bodden E, Schafer W, van Deursen A, editors, ESEC/FSE 2017 - Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. Association for Computing Machinery. 2017. p. 842-847. (Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering). doi: 10.1145/3106237.3117764

Bu, Wenqi ; Xue, Minhui ; Xu, Lihua et al. / When program analysis meets mobile security : An industrial study of misusing android internet sockets. ESEC/FSE 2017 - Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. editor / Andrea Zisman ; Eric Bodden ; Wilhelm Schafer ; Arie van Deursen. Association for Computing Machinery, 2017. pp. 842-847 (Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering).

@inproceedings{d1fe728d73f84909926b59f83c08ad4d,

title = "When program analysis meets mobile security: An industrial study of misusing android internet sockets",

abstract = "Despite recent progress in program analysis techniques to identify vulnerabilities in Android apps, significant challenges still remain for applying these techniques to large-scale industrial environments. Modern software-security providers, such as Qihoo 360 and Pwnzen (two leading companies in China), are often required to process more than 10 million mobile apps at each run. In this work, we focus on effectively and efficiently identifying vulnerable usage of Internet sockets in an industrial setting. To achieve this goal, we propose a practical hybrid approach that enables lightweight yet precise detection in the industrial setting. In particular, we integrate the process of categorizing potential vulnerable apps with analysis techniques, to reduce the inevitable human inspection effort. We categorize potential vulnerable apps based on characteristics of vulnerability signatures, to reduce the burden on static analysis. We flexibly integrate static and dynamic analyses for apps in each identified family, to refine the family signatures and hence target on precise detection.We implement our approach in a practical system and deploy the system on the Pwnzen platform. By using the system, we identify and report potential vulnerabilities of 24 vulnerable apps (falling into 3 vulnerability families) to their developers, and some of these reported vulnerabilities are previously unknown. The apps of each vulnerability family in total have over 50 million downloads. We also propose countermeasures and highlight promising directions for technology transfer.",

keywords = "Android security, Internet sockets, Vulnerability analysis",

author = "Wenqi Bu and Minhui Xue and Lihua Xu and Yajin Zhou and Zhushou Tang and Tao Xie",

note = "Funding Information: This work was supported in part by the National Natural Science Foundation of China, under Grants 61502170 and 61673180, in part by the East China Normal University travel grant, and in part by the Shanghai Pujiang Program, under Grant 16PJ1430800. The work was also supported in part by NSF under grants no. CCF-1409423, CNS-1434582, CNS-1513939, CNS-1564274.; 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE 2017 ; Conference date: 04-09-2017 Through 08-09-2017",

year = "2017",

month = aug,

day = "21",

doi = "10.1145/3106237.3117764",

language = "English (US)",

series = "Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering",

publisher = "Association for Computing Machinery",

pages = "842--847",

editor = "Andrea Zisman and Eric Bodden and Wilhelm Schafer and {van Deursen}, Arie",

booktitle = "ESEC/FSE 2017 - Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering",

address = "United States",

}

TY - GEN

T1 - When program analysis meets mobile security

T2 - 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE 2017

AU - Bu, Wenqi

AU - Xue, Minhui

AU - Xu, Lihua

AU - Zhou, Yajin

AU - Tang, Zhushou

AU - Xie, Tao

N1 - Funding Information: This work was supported in part by the National Natural Science Foundation of China, under Grants 61502170 and 61673180, in part by the East China Normal University travel grant, and in part by the Shanghai Pujiang Program, under Grant 16PJ1430800. The work was also supported in part by NSF under grants no. CCF-1409423, CNS-1434582, CNS-1513939, CNS-1564274.

PY - 2017/8/21

Y1 - 2017/8/21

N2 - Despite recent progress in program analysis techniques to identify vulnerabilities in Android apps, significant challenges still remain for applying these techniques to large-scale industrial environments. Modern software-security providers, such as Qihoo 360 and Pwnzen (two leading companies in China), are often required to process more than 10 million mobile apps at each run. In this work, we focus on effectively and efficiently identifying vulnerable usage of Internet sockets in an industrial setting. To achieve this goal, we propose a practical hybrid approach that enables lightweight yet precise detection in the industrial setting. In particular, we integrate the process of categorizing potential vulnerable apps with analysis techniques, to reduce the inevitable human inspection effort. We categorize potential vulnerable apps based on characteristics of vulnerability signatures, to reduce the burden on static analysis. We flexibly integrate static and dynamic analyses for apps in each identified family, to refine the family signatures and hence target on precise detection.We implement our approach in a practical system and deploy the system on the Pwnzen platform. By using the system, we identify and report potential vulnerabilities of 24 vulnerable apps (falling into 3 vulnerability families) to their developers, and some of these reported vulnerabilities are previously unknown. The apps of each vulnerability family in total have over 50 million downloads. We also propose countermeasures and highlight promising directions for technology transfer.

AB - Despite recent progress in program analysis techniques to identify vulnerabilities in Android apps, significant challenges still remain for applying these techniques to large-scale industrial environments. Modern software-security providers, such as Qihoo 360 and Pwnzen (two leading companies in China), are often required to process more than 10 million mobile apps at each run. In this work, we focus on effectively and efficiently identifying vulnerable usage of Internet sockets in an industrial setting. To achieve this goal, we propose a practical hybrid approach that enables lightweight yet precise detection in the industrial setting. In particular, we integrate the process of categorizing potential vulnerable apps with analysis techniques, to reduce the inevitable human inspection effort. We categorize potential vulnerable apps based on characteristics of vulnerability signatures, to reduce the burden on static analysis. We flexibly integrate static and dynamic analyses for apps in each identified family, to refine the family signatures and hence target on precise detection.We implement our approach in a practical system and deploy the system on the Pwnzen platform. By using the system, we identify and report potential vulnerabilities of 24 vulnerable apps (falling into 3 vulnerability families) to their developers, and some of these reported vulnerabilities are previously unknown. The apps of each vulnerability family in total have over 50 million downloads. We also propose countermeasures and highlight promising directions for technology transfer.

KW - Android security

KW - Internet sockets

KW - Vulnerability analysis

UR - http://www.scopus.com/inward/record.url?scp=85030760502&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85030760502&partnerID=8YFLogxK

U2 - 10.1145/3106237.3117764

DO - 10.1145/3106237.3117764

M3 - Conference contribution

AN - SCOPUS:85030760502

T3 - Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering

SP - 842

EP - 847

BT - ESEC/FSE 2017 - Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering

A2 - Zisman, Andrea

A2 - Bodden, Eric

A2 - Schafer, Wilhelm

A2 - van Deursen, Arie

PB - Association for Computing Machinery

Y2 - 4 September 2017 through 8 September 2017

ER -

When program analysis meets mobile security: An industrial study of misusing android internet sockets

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this