Whom does your android app talk to?

Xuetao Wei, Iulian Neamtiu, Michalis Faloutsos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Scopus citations

Abstract

Smartphone privacy and security work has focused mostly on malicious apps. We take a different angle by questioning whether good apps suffer from a lack of judgment and interact with »bad» websites. We use the term bad websites to refer to entities that engage in dangerous or annoying activities that range from distributing malware, to phishing and overly aggressive ad spamming. The focus of our work is this relatively neglected aspect of security: »Whom does an app talk to?» In this paper, we design and implement AURA, a framework for identifying the hosts that an app talks to and evaluating the risks this communication entails. AURA makes use of both static and dynamic analysis. We studied 13,500 popular free Android apps that connect to 254,022 URLs and 1,260 malicious Android apps that connect to 19,510 URLs. Our main contribution is showing that good apps pose security risks as they contact at least one website that: (a) distributes malware (8.8% of apps), (b) are in a blacklist (15% of apps) based on the classification by VirusTotal and Web of Trust. Our work can raise awareness that even good apps need to be carefully evaluated, especially as people become more concerned about smartphone security and privacy.

Original languageEnglish (US)
Title of host publication2015 IEEE Global Communications Conference, GLOBECOM 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781479959525
DOIs
StatePublished - 2015
Externally publishedYes
Event58th IEEE Global Communications Conference, GLOBECOM 2015 - San Diego, United States
Duration: Dec 6 2015Dec 10 2015

Publication series

Name2015 IEEE Global Communications Conference, GLOBECOM 2015

Other

Other58th IEEE Global Communications Conference, GLOBECOM 2015
CountryUnited States
CitySan Diego
Period12/6/1512/10/15

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Electrical and Electronic Engineering
  • Communication

Fingerprint Dive into the research topics of 'Whom does your android app talk to?'. Together they form a unique fingerprint.

Cite this