Related papers: You Shall not Repackage! Demystifying Anti-Repacka…
Android introduces a new permission model that allows apps to request permissions at runtime rather than at the installation time since 6.0 (Marshmallow, API level 23). While this runtime permission model provides users with greater…
Android's filesystem access control is a crucial aspect of its system integrity. It utilizes a combination of mandatory access controls, such as SELinux, and discretionary access controls, like Unix permissions, along with specialized…
Android virtualization enables an app to create a virtual environment, in which other apps can run. Originally designed to overcome the limitations of mobile apps dimensions, malicious developers soon started exploiting this technique to…
Due to the continuous improvement of performance and functions, Android remains the most popular operating system on mobile phone today. However, various malicious applications bring great threats to the system. Over the past few years,…
The proper use of Android app permissions is crucial to the success and security of these apps. Users must agree to permission requests when installing or running their apps. Despite official Android platform documentation on proper…
The Android ecosystem faces a notable challenge known as fragmentation, which denotes the extensive diversity within the system. This issue is mainly related to differences in system versions, device hardware specifications, and…
IoT repackaging refers to an attack devoted to tampering with a legitimate firmware package by modifying its content (e.g., injecting some malicious code) and re-distributing it in the wild. In such a scenario, the firmware delivery and…
Android Notifications can be considered as essential parts in Human-Smartphone interaction and inextricable modules of modern mobile applications that can facilitate User Interaction and improve User Experience. This paper presents how this…
A common security architecture, called the permission-based security model (used e.g. in Android and Blackberry), entails intrinsic risks. For instance, applications can be granted more permissions than they actually need, what we call a…
Mobile apps are predominantly integrated with cloud services to benefit from enhanced functionalities. Adopting authentication using secrets such as API keys is crucial to ensure secure mobile-cloud interactions. However, developers often…
Since Android has become a popular software platform for mobile devices recently; they offer almost the same functionality as personal computers. Malwares have also become a big concern. As the number of new Android applications tends to be…
With the popularity of smartphones, users are heavily dependent on mobile applications for daily work and entertainments. However, mobile apps are becoming more and more complicated with more features and increasing size, part of which may…
The Android operating system runs on the majority of smartphones nowadays. Its success is driven by its availability to a variety of smartphone hardware vendors on the one hand, and the customization possibilities given to its users on the…
Privacy concerns have long been expressed around smart devices, and the concerns around Android apps have been studied by many past works. Over the past 10 years, we have crawled and scraped data for almost 1.9 million apps, and also stored…
Many phone vendors use Android as their underlying OS, but often extend it to add new functionality and to make it compatible with their specific phones. When a new version of Android is released, phone vendors need to merge or re-apply…
The liberalization of software licensing has led to unprecedented re-use of software. Alongside drastically increasing productivity and arguably quality of derivative works, it has also introduced multiple attack vectors. The management of…
Mobile devices often distribute measurements from physical sensors to multiple applications using software multiplexing. On Android devices, the highest requested sampling frequency is returned to all applications, even if others request…
Redundant transfer of resources is a critical issue for compromising the performance of mobile Web applications (a.k.a., apps) in terms of data traffic, load time, and even energy consumption. Evidence shows that the current cache…
The open-source nature of the Android OS makes it possible for manufacturers to ship custom versions of the OS along with a set of pre-installed apps, often for product differentiation. Some device vendors have recently come under scrutiny…
As part of the process of resolving issues submitted by users via bug reports, Android developers attempt to reproduce and observe the failures described by the bug report. Due to the low-quality of bug reports and the complexity of modern…