With the increasing popularity of mobile operating systems in general and the Android operating system specifically, new threats developed targeting mobile devices and said operating systems. Android has become one of the most important mobile operating systems within the last years and, hence, an often targeted system. In this thesis, the Android permission system is analyzed with regard to th...

Ensuring the reliability and security of Android apps is important considering the large Android market and the critical usage of Android apps. To analyze and test Android apps, we need to know program paths, i.e., the control flow of callbacks implemented in the apps. One of the challenges to identify such information is the extensive use of the Android API methods in the apps. These methods c...

Android security has been a hot spot recently in both academic research and public concerns due to numerous instances of security attacks and privacy leakage on Android platform. Android security has been built upon a permission based mechanism which restricts accesses of third-party Android applications to critical resources on an Android device. Such permission based mechanism is widely criti...

Smartphone applications’ quality is vital. However, many smartphone applications on market suffer from various bugs. One major reason is that developers lack viable techniques to help expose potential bugs in their applications. This paper presents a practical dynamic analysis tool, CheckerDroid, to help developers automatically detect both functional and non-functional bugs in their Android ap...

Android applications have been tested without any knowledge about them using a variety of tools such as Monkey [2], Monkey Runner [3] etc. In this paper, we evaluate existing Android testing techniques by comparing each of these tools and evaluate their efficiency based on a number of factors. Next, we propose requirements of an ideal input generator and present an automated input generator usi...

Many phone vendors use Android as their underlying OS, but often extend it to add new functionality and to make it compatible with their specific phones. When a new version of Android is released, phone vendors need to merge or re-apply their customizations and changes to the new release. This is a difficult and time-consuming process, which often leads to late adoption of new versions. In this...

The Android framework utilizes a permission-based security model, which is essentially a variation of the ACL-based access control mechanism. This security model provides controlled access to various system resources. Access control systems are known to be vulnerable to anomalies in security policies, such as inconsistency. In this work, we focus on inconsistent security enforcement within the ...

Most existing malicious Android app detection approaches rely on manually selected detection heuristics, features, and models. In this paper, we describe a new, complementary system, called DroidMiner, which uses static analysis to automatically mine malicious program logic from known Android malware, abstracts this logic into a sequence of threat modalities, and then seeks out these threat mod...

We present previously unknown high severity vulnerabilities in Android. The first is in the Android Platform and Google Play Services. The Platform instance affects Android 4.3-5.1, M (Preview 1) or 55% of Android devices at the time of writing1. This vulnerability allows for arbitrary code execution in the context of many apps and services and results in elevation of privileges. In this paper ...

This paper focuses on describing the necessary background to begin working with Binder: Android’s Interprocess Communication (IPC) mechanism, and Linux/Android system call (“syscall”) fuzzing tools. The objective was to study Android and Binder along with system call fuzzing in order to learn more about Android, Binder IPC, and vulnerability detection and analysis. Our study was further concent...