Mobile Malware

Attacks

Permission Circumvention

• Upgrading Your Android, Elevating My Malware: Privilege Escalation through Mobile OS Updating
  • Luyi Xing, Xiaorui Pan, Rui Wang, Kan Yuan, XiaoFeng Wang; 2014.

Sensor Based

• Stalking Beijing from Timbuktu: A Generic measurement Approach for Exploiting Location-Based Social Discovery
  • Yuan Ding, Sai Teja Pedinti, Keith W. Ross; 2014
• Your Voice Asistant is Mine: How to Abuse Speakers to Steal Information and Control Your Phone
  • Wenrui Diao, Xiangyu Liu, Zhe Zhou, Kehuan Zhang; 2014.
• PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices
  • Raphael Spreitzer; 2014.
• QR Inception: Barcode-in-Barcode Attacks
  • Adrian Dabrowski, Katharina Krombholz, Johanna Ullrich, Edgar R. Weippl
• Gyrophone: Recognizing Speech from Gyroscope Signals
  • Yan Michalevsky Dan Boneh, Gabi Nakibly; 2014.

GUI Based

• What the App is That? Deception and Coutermeasures in the Android User Interface
  • A. Bianchi, j. Corbetta, L. Invernizzi, Y. Fratantonio, C. Kruegel, G. Vigna; 2015.
• Screenmilker: How to Milk Your Android Screen for Secrets
  • Chia-Chi Lin, Hongyang Li, Xiao-yong Zhou, XiaoFeng Wang; 2014.
• Peeking into Your App without Actually Seeing it: UI State Inference and Novel Android Attacks
  • Qi Alfred Chen, Zhiyun Qian, Zhuoqing Morley Mao; 2014.

System Based

• From Zygote to Morula: Fortifying Weakend ASLR on Android
  • Byoungyoung Lee, Long Lu, Tielei Wang, Taesoo Kim, Wenke Lee; 2014.

Misc

• Denial of App Attack: Inhibiting the Installation of Android Apps on Stock Phones
  • Steven Arzt, Stephan Huber, Siegfried Rasthofer, Eric Bodden; 2014.

Prevention

System Security

• From Zygote to Morula: Fortifying Weakend ASLR on Android
  • Byoungyoung Lee, Long Lu, Tielei Wang, Taesoo Kim, Wenke Lee; 2014.
• ASM: A Programmable Interface for Extending Android Security
  • Stephan Heuser, Adwait Nadkarni, William Enck, Ahmad-Reza Saeghi; 2014.
• AirBag: Boosting Smartphone Resistance to Malware Infection
  • Chiachih Wu, Yajin Zhou, Kunal Patel, Zhenkai Liang, Xuxian Jiang; 2014.

App-level Security

• Cassandra: Towards a Certifying App Store for Android
  • Steffen Lortz, Heiko Mantel, Artem Starostin, Timo Bahr, David Schneider, Alexandra Weber; 2014.
• Leave me Alone: App-Level Protection against Runtime information Gathering on Android
  • Nan Zhang, Kan Yuan, M Naveed, Xiaoyong Zhou, Xiaofeng Wang; 2015.
• AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking Attacks in Android Applications.
  • Mu Zhang, Heng Yin; 2014.

Detection

Static Analysis - Malware

• What the App is That? Deception and Coutermeasures in the Android User Interface
  • A. Bianchi, j. Corbetta, L. Invernizzi, Y. Fratantonio, C. Kruegel, G. Vigna; 2015.
• DREBIN: Effective and explainable detection of Android Malware in Your Pocket.
  • Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon, Konrad Rieck; 2014.
• Information Flow Analysis of Android Applications in DroidSafe
  • Michael I. Gordon, Deokhwan kim, Jeff H. Perkins, Limei Gilham, Nguyen Nguyen, Martin C. Rinard; 2015.

Static Analysis - Vulnerability

• Bramastra: Driving Apps to Test the Security of Third-Party Components
  • Ravi Bhoraskar, Seungyeop Han, Jinseong Jeon, Tanzirul Azim, Shuo Chen, Jaeyeon Jung, Suman Nath, Rui Wang, David Wetherall; 2014

Static + Dynamic Analysis - Vulnerability

• Effective Real-Time Android Application Auditing
  • Mingyuan Xia, Lu Gong, Yuanhao Lyu, Zhengqei Qi, Xue Liu; 2015.
• SMV-Hunter: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps.
  • David Sounthiraraj, Justin Sahs, Garret Greenwood, Zhiqiang Lin, Latifur Khan; 2014.

Static + Dynamic Analysis - Malware

• A5: Automated Analysis of Adversarial Android Applications
  • Timothy Vidas, Jiaqi Tan, Jay Nahata, Chaur Lih Tan, Nicolas Christin, Patrick Tague

Dynamic Analysis - Malware

• The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations
  • Xiaoyong Zhou, Yeonjoon Lee, Nan Zhang, M. Naveed, XiaoFeng Wang; 2014.

Dynamic Analysis - Vulnerability

Empirical Study

• Analysis of Secure Key Storage Solutions on Android
  • Tim Cooijmans, Joeri de Ruiter, Erik Poll; 2014.
• The company you keep: mobile malware infection rates and inexpensive risk indicators
  • Hien Thi Thu Truong, Eemil Lagerspetz, Petteri Nurmi, Adam J. Oliner, Sasu Tarkoma, No. Asokan, Sourav Bhattacharya; 2015.
• Inside Job; Understanding and Mitigating the Threat of External Device Mis-Binding on Android
  • Muhammad Naveed, Xiao-yong Zhou, Soteris Demetriou, XiaoFeng Wang, Carl A. Gunter; 2014.
• Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks.
  • Martin Georgiev, Suman Jana, Vitaly Shmatikov; 2014.
• AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable
  • Sanorita Dey, Nirupam roy, Wenyuan Xu, Romit Roy Choudhury, Srihari Nelakuditi; 2014.

Need Categorization

• LazyTainter: Memory-Efficient Taint Tracking in Managed Runtime
  • Zheng Wei, David Lie; 2014. ???
  • What's in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources. ???
    • Soteris Demetriou, Xiao-yong Zhou, Muhammad Naveed, Yeonjoon Lee, Kan Yuan, XiaoFeng Wang, Carl A. Gunter; 2015.
  • EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework ???
    • Yinzhi Cao, Yanick Fratantonio, Antonio Bianchi, Manuel Egele, Christopher Kruegel, Giovanni Vigna, Yan Chen; 2015.
  • CopperDroid: Automatic Reconstruction of Android Malware Behaviors ???
    • Kimberly Tam, Salahuddin J. Khan, Aristide Fattori, Lorenzo Cavallaro; 2015.
  • DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices ???
    • Xueqiang Wang, Kun Sun, Yuewu Wang, Jiwu Jing; 2015.
  • A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks ???
    • Siegfried Rasthofer, Steven Arzt, Eric Bodden; 2014.
  • Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications ???
    • Sebastian Poeplau, Yanick Fratantonio, Antonio Bianchi, Christoper Kruegel, Giovani Vigna; 2014
  • Early Detection of Spam Mobile Apps ???
    • Suranga Seneviratne, Aruna Seneviratne, Mohamed Ali kaafar, Anirban Mahanti, Prasant Mohapatra; 2015.