1. VIDE - Vault App Identification and Extraction System for iOS Devices
- Author
-
Sudhir Aggarwal, Charisa Powell, Neet Patel, and Gokila Dorai
- Subjects
Focus (computing) ,Class (computer programming) ,GeneralLiterature_INTRODUCTORYANDSURVEY ,Computer science ,App store ,GeneralLiterature_MISCELLANEOUS ,Computer Science Applications ,Pathology and Forensic Medicine ,World Wide Web ,Medical Laboratory Technology ,Identification (information) ,Hidden data ,Fully automated ,Data extraction ,mental disorders ,Law ,Vault (organelle) ,Information Systems - Abstract
Content hiding (or vault) apps are a class of applications that allow users to hide photos, videos, documents and other content securely. A subclass of these applications called decoy apps further supports secret hiding by having a mode which mimics standard apps such as calculators but can turn into a vault app through entering a specific input. In this work we focus on iOS devices and first describe how to identify content hiding applications from the App Store. We consider not only the US Store but also give results for App Stores in Russia, India and China. We show an effective and very fast identification of content hiding apps through a two-phase process: initial categorization using keywords followed by more precise binary classification. We next turn to understanding the behavior and features of these vault apps and how to extract the hidden information from artifacts of the app's stored data. Based on this work, we have designed and built a fully automated vault app identification and extraction system that first identifies and then extracts the hidden data from the apps on an iOS smartphone. Using our vault identification and data extraction system (VIDE), law enforcement investigators can more easily identify and extract data from such apps as needed. Although vault apps are removed regularly from the App Store, VIDE can still identify removed apps as our system continues to maintain information on such apps in our vault database.
- Published
- 2020
- Full Text
- View/download PDF