Your search keyword '"Nguyen, Trung-Tin"' showing total 2 results

1. The hidden scene: predicting android application behavior's based on its user interface

Author

Nguyen Trung Tin and Nguyen Trung Tin

Abstract

The Android platform employs permission mechanisms to protect the security and pri- vacy of its users by providing them the option to allow or deny third-party application’s access requests to their private information (i.e., permission requests). However, once the permissions have been granted, users have from very little to no knowledge on how Android apps access their sensitive information. Especially, in the aspect of app’s user interface (UI), where app’s behaviours are advertised. This thesis presents the first empirical study on Android app’s permission accesses ad- vertised on their user interface versus their actual behaviour. To this end, I develop GUIBAT to detect mismatched behaviours in Android apps, i.e., whether advertised permission related UI matches its actual behaviour. GUIBAT employs image process- ing and supervised machine learning techniques to identify permission related images that are associated with app’s UI elements (P1), and static program analysis to de- tect permission-protected APIs (P2) triggered by the corresponding UI elements. Any mismatches between P1 and P2 indicate potential misbehaviour. On a data set of 100,000 Android apps, GUIBAT identified 207,746 UI elements that trigger permission-protected APIs, where 56.3% of them are represented by images. It then successfully identified 20,118 permission related images and found mismatched behaviours in 5,372 (27%) images. Our results show that there is a non-negligible amount of mismatched behaviours in Android apps, and it is a fundamental problem that needs to be solved to improve the security of privacy of the end users. Further, it shows the necessity and importance for security analysis of UI elements that associate with images, which was not considered by any existing works. This thesis’ results make a call for action to make app behaviours more explicit and more informative in accessing users’sensitive information with regarding app’s user interface since this is the main int

Published

2018

2. The hidden scene: predicting android application behavior's based on its user interface

Author

Nguyen Trung Tin and Nguyen Trung Tin

Abstract

The Android platform employs permission mechanisms to protect the security and pri- vacy of its users by providing them the option to allow or deny third-party application’s access requests to their private information (i.e., permission requests). However, once the permissions have been granted, users have from very little to no knowledge on how Android apps access their sensitive information. Especially, in the aspect of app’s user interface (UI), where app’s behaviours are advertised. This thesis presents the first empirical study on Android app’s permission accesses ad- vertised on their user interface versus their actual behaviour. To this end, I develop GUIBAT to detect mismatched behaviours in Android apps, i.e., whether advertised permission related UI matches its actual behaviour. GUIBAT employs image process- ing and supervised machine learning techniques to identify permission related images that are associated with app’s UI elements (P1), and static program analysis to de- tect permission-protected APIs (P2) triggered by the corresponding UI elements. Any mismatches between P1 and P2 indicate potential misbehaviour. On a data set of 100,000 Android apps, GUIBAT identified 207,746 UI elements that trigger permission-protected APIs, where 56.3% of them are represented by images. It then successfully identified 20,118 permission related images and found mismatched behaviours in 5,372 (27%) images. Our results show that there is a non-negligible amount of mismatched behaviours in Android apps, and it is a fundamental problem that needs to be solved to improve the security of privacy of the end users. Further, it shows the necessity and importance for security analysis of UI elements that associate with images, which was not considered by any existing works. This thesis’ results make a call for action to make app behaviours more explicit and more informative in accessing users’sensitive information with regarding app’s user interface since this is the main int

Published

2018