A machine learning-based approach was recently proposed that uses Extra-Trees, a machine learning algorithm to detect malicious apps regardless of code obfuscation. Yet another static approach based on a control flow graph (CFG) detects user privacy leaks through inter-component communication (ICC). Another approach uses the ‘AndroidManifest.xml’ file to obtain privileged information to determine whether a given app is malicious. Code analysis-based approaches determine the possibility of data leaks by decompiling and analyzing the ‘.dex’ files of the suspected app. Some well-known static approaches are those based on ‘signature’ and ‘code analysis.’ Signature-based approaches detect malware by using pattern matching with a signature database built beforehand by analyzing known malicious apps. Static analysis-based approaches determine whether apps are malicious or benign, and consider the possibility of leakage of private data by analyzing the package files of apps without running them.
We describe the overall structure of the proposed system and each core component in detail in Section 3, and report tests on our approach through intensive experiments in Section 4.
The remainder of this paper is organized as follows: In Section 2, we briefly review related work on Android security. Although our approach is similar to virtualization-based solutions, it has many advantages that are not achievable by these methods, such as small storage requirement and fast access. It can also detect private data leaks and accurately identify the guilty app.
Our approach also provides a solution for safely running untrusted apps without having to worry about leaks of private data even when apps require access to the data. By doing so, private data leaks can be avoided. It extends the original contacts of a user on an Android device to hide private data from untrusted apps or share virtual fake data with them instead of real data. In this paper, we propose a new approach to protect private user data from malicious apps. The only viable solution is to prevent the leaking of private data in the first place. Hence, it cannot effectively handle unknown attacks. However, it is well known that its effect is limited because it relies on pattern matching based on a pre-built database containing information about known spammers. Some cellphone carriers have lately begun providing a service called ‘intelligent spam filtering’ to customers to help them avoid spam.
E-mail spam has significantly increased in volume over the years, and is a serious problem as it is costly for users, companies, and even governments. Leaked private data are used mostly for e-mail spam and voice phishing. Many malicious apps nowadays seek to access and use private data on smartphones without this being noticed by users.
However, open-source software can be more vulnerable to malicious users and apps than closed proprietary platforms, and Android has accordingly suffered from various security threats in recent years, such as private data leaks. This feature enables Android to be used anywhere and on any device. Since it is open source, anyone can use and modify the source code. The system requires less storage and provides faster access to user contacts than prevalent solutions to similar problems.Īndroid is the most popular operating system for smartphones worldwide with a market share of approximately 86.1%. By using virtual data, it can even detect malicious apps that leak private data. By hiding data related to the contacts, the proposed system can protect them from malicious apps. In this paper, we propose a system for hiding data related to a user’s contacts or providing virtual data according to preconfigured policies when an Android app requests access to them. A system is hence needed to accurately identify malicious apps and protect private data from them. However, it is difficult to identify malicious apps based solely on the requested permissions. As a result, many malicious apps can obtain and leak private user data by requesting more permissions than are needed. In particular, Android devices use permission-based security, which allows users to directly approve permissions requested by an app when installing it. However, these devices are prone to data leaks because of security vulnerabilities. Due to recent developments in technologies associated with the Internet of Things (IoT), a large number of people now regularly use smart devices, such as smartwatches and smartphones.