CloudAppSec : Cloud Based Application Security for Android Applications Animesh Nandanwar Kshitij Desai Mayuresh Randive
CloudAppSec Cloud based service to analyze privileges required for an android mobile application Protects and notifies mobile device user from malicious application that do not conform to security privileges
Motivation Widespread adoption of android devices Large number of mobile applications and application developers Open Source : Useful for attackers and defenders But.. no way to verify authenticity of application In past, many application like iCalendar compromised user security Hence, design goal is to provide user security from applications
Malware Analysis of android application Applications use Manifest.xml to request permissions All Android apps must declare the permissions they want to have Maps directly to what’s displayed on-screen when you install the application Nobody actually pays attention when they install them Some permission applications just don’t require e.g. iCalendar requires SEND_SMS permission
Static vs. Dynamic Malware Analysis Two options when analyzing any given program: static or dynamic analysis Static analysis = examining code, do analysis on android.Apk file, analyze APIs used in application Dynamic analysis = running application and observing code paths, logging system calls
CloudAppSec Design Static analysis on app.APK file Extract.apk and run static analysis to determine application permissions Perform API search in extracted files, map searched APIs to permissions using API mapper Notify user application permissions in users understandable manner and let users decide if they want to keep or uninstall application iCalendar application analysis will return “Application is using SEND_SMS API” to user User learns this and decides to uninstall application
CloudApp Architecture Cloud Storage 1. User selects.APK file 6. User analyzes permission 2. Upload.APK 3. Access API mapping 4. Return API mappings 5. Return APIs accessed by App and corresponding permissions
Placeholder for screenshots and Results
Thank you for your interest in our Project !!! ANY QUESTIONS??