Featured Research

from universities, journals, and other organizations

Software analyzes apps for malicious behavior

Date:
March 7, 2014
Source:
University Saarland
Summary:
Apps on web-enabled mobile devices can be used to spy on their users. Computer scientists have developed software that shows whether an app has accessed private data. To accomplish this, the program examines the “bytecode” of the app in question.

Apps on web-enabled mobile devices can be used to spy on their users. Computer scientists at the Center for Security, Privacy and Accountability (CISPA) developed software that shows whether an app has accessed private data. To accomplish this, the program examines the "bytecode" of the app in question. The researchers show their program at the upcoming computer expo Cebit in Hannover.

Last year at the end of July the Russian software company "Doctor Web" detected several malicious apps in the app store "Google Play." Downloaded on a smartphone, the malware installed -- without the permission of the user -- additional programs which sent expensive text messages to premium services. Although Doctor Web, according to its own statement, informed Google immediately, the malicious apps were still available for download for several days. Doctor Web estimates that in this way up to 25,000 smartphones were used fraudulently.

Computer scientists from the German Saarland University have now developed software which can discover such malicious apps already in the app store. The software detects pieces of code where the app accesses sensitive data and where data is sent from the mobile device. If the software detects a connection between such a "source" and such a "sink," it reports that as suspect behavior. To give an example of such a malicious source-sink combination, Erik Derr explains: "Your address book is read; hundreds of instructions later and without your permission an SMS is sent or a website is visited." Derr is a PhD candidate at the Graduate School of Computer Science and does research at the Center for IT-Security, Privacy and Accountability (CISPA), only a few yards away.

To identify a functional relation between source and sink, the computer scientists from Saarbrόcken use new methods of information flow analysis. As input they provide suspicious combinations of accesses on the application programming interface. As the software needs a lot of computational power and storage, it runs on a separate server. "So far we have tested up to 3000 apps with it. The software analyzes them fast enough that the approach can also be used in practice," Derr says.


Story Source:

The above story is based on materials provided by University Saarland. Note: Materials may be edited for content and length.


Cite This Page:

University Saarland. "Software analyzes apps for malicious behavior." ScienceDaily. ScienceDaily, 7 March 2014. <www.sciencedaily.com/releases/2014/03/140307084013.htm>.
University Saarland. (2014, March 7). Software analyzes apps for malicious behavior. ScienceDaily. Retrieved September 16, 2014 from www.sciencedaily.com/releases/2014/03/140307084013.htm
University Saarland. "Software analyzes apps for malicious behavior." ScienceDaily. www.sciencedaily.com/releases/2014/03/140307084013.htm (accessed September 16, 2014).

Share This



More Computers & Math News

Tuesday, September 16, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

FBI Finishes $1 Billion Facial Recognition System

FBI Finishes $1 Billion Facial Recognition System

Newsy (Sep. 15, 2014) — The FBI announced it plans to make its Next Generation Identification System available to law enforcement, but some privacy advocates are worried. Video provided by Newsy
Powered by NewsLook.com
A+ for Apple iPhone Pre-Sales

A+ for Apple iPhone Pre-Sales

Reuters - Business Video Online (Sep. 15, 2014) — Apple says it received a record 4 million first-day pre-orders for its new iPhone 6 and iPhone 6 Plus, pushing delivery dates into October. Bobbi Rebell reports. Video provided by Reuters
Powered by NewsLook.com
Microsoft to Buy 'Minecraft' Maker for $2.5B

Microsoft to Buy 'Minecraft' Maker for $2.5B

AP (Sep. 15, 2014) — Microsoft will acquire the maker of the long-running hit game Minecraft for $2.5 billion as the company continues to invest in its Xbox gaming platform and looks to grab attention on mobile phones. (Sept. 15) Video provided by AP
Powered by NewsLook.com
Manufacturer Prints 3-D Car In Record Time

Manufacturer Prints 3-D Car In Record Time

Newsy (Sep. 15, 2014) — Automobile manufacturer Local Motors created a drivable electric car using a 3-D printer. Printing the body only took 44 hours. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
 
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:  

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

    Environment News

      Technology News



      Save/Print:
      Share:  

      Free Subscriptions


      Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

      Get Social & Mobile


      Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

      Have Feedback?


      Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
      Mobile iPhone Android Web
      Follow Facebook Twitter Google+
      Subscribe RSS Feeds Email Newsletters
      Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins