DroidCC: A Scalable Clone Detection Approach for Android Applications to Detect Similarity at Source Code Level

2018 ◽  
Author(s):  
Junaid Akram ◽  
Zhendong Shi ◽  
Majid Mumtaz ◽  
Ping Luo
Keyword(s):  
Source Code ◽  
Clone Detection ◽  
Detection Approach ◽  
Android Applications

scholarly journals An Android Inline Hooking Framework for the Securing Transmitted Data

Sensors ◽  
2020 ◽  
Vol 20 (15) ◽  
pp. 4201
Author(s):  
Yu-an Tan ◽  
Shuo Feng ◽  
Xiaochun Cheng ◽  
Yuanzhang Li ◽  
Jun Zheng
Keyword(s):  
Source Code ◽  
Control Flow ◽  
Security Policies ◽  
Unauthorized Access ◽  
Shared Objects ◽  
Android Applications ◽  
Runtime Performance ◽  
And Control

Information leaks can occur through many Android applications, including unauthorized access to sensors data. Hooking is an important technique for protecting Android applications and add security features to them even without its source code. Various hooking frameworks are developed to intercept events and process their own specific events. The hooking tools for Java methods are varied, however, the native hook has few methods. Besides, the commonly used Android hook frameworks cannot meet the requirement of hooking the native methods in shared libraries on non-root devices. Even though some approaches are able to hook these methods, they have limitations or are complicated to implement. In the paper, a feasible hooking approach for Android native methods is proposed and implemented, which does not need any modifications to both the Android framework and app’s code. In this approach, the method’s reference address is modified and control flow is redirected. Beyond that, this study combines this approach with VirtualXposed which aims to run it without root privileges. This hooking framework can be used to enforce security policies and monitor sensitive methods in shared objects. The evaluation of the scheme demonstrates its capability to perform hook operation without a significant runtime performance overhead on real devices and it is compatible and functional for the native hook.

scholarly journals Semi-Automatically Extracting Features from Source Code of Android Applications

2013 ◽  
Vol E96.D (12) ◽  
pp. 2857-2859 ◽  
Author(s):  
Tetsuya KANDA ◽  
Yuki MANABE ◽  
Takashi ISHIO ◽  
Makoto MATSUSHITA ◽  
Katsuro INOUE
Keyword(s):  
Source Code ◽  
Android Applications

scholarly journals Security Source Code Analysis of Applications in Android OS

2018 ◽  
Vol 7 (4.15) ◽  
pp. 30
Author(s):  
Sami Azam ◽  
Rajvinder Singh Sumra ◽  
Bharanidharan Shanmugam ◽  
Kheng Cher Yeo ◽  
Mirjam Jonokman ◽  
...  
Keyword(s):  
Operating System ◽  
Mobile Phones ◽  
Source Code ◽  
Security Risk ◽  
Great Flexibility ◽  
Code Analysis ◽  
Malicious Behavior ◽  
Android Os ◽  
Android Applications ◽  
Google Play

It is a known fact that Android mobile phones’ security has room for improvement. Many malicious app developers have targeted     android mobile phones, mainly because android as an open operating system provides great flexibility to developers and there are many android phones which do not have the latest security updates. With the update of marshmallow in android, applications request           permission only during runtime, but not all users have this update. This is important because user permission is required to perform    certain actions. The permissions may be irrelevant to the features provided by an application. The purpose of this research is to          investigate the use and security risk of seeming irrelevant permissions in applications available from Google store. Two different        applications which seem to ask irrelevant permissions during installation were selected from Google store. To test these applications, static analysis, dynamic analysis and reverse engineering tools were used. Findings show potentially malicious behavior, demonstrating that downloading apps from Google play store do not guarantee security.  

scholarly journals How are functionally similar code clones syntactically different? An empirical study and a benchmark

2016 ◽  
Vol 2 ◽  
pp. e49 ◽  
Author(s):  
Stefan Wagner ◽  
Asim Abdulkhaleq ◽  
Ivan Bogicevic ◽  
Jan-Peter Ostberg ◽  
Jasmin Ramadani
Keyword(s):  
Data Structure ◽  
Empirical Study ◽  
Random Sample ◽  
Source Code ◽  
Clone Detection ◽  
Code Clones ◽  
Syntactic Similarity ◽  
Similar Code

Background. Today, redundancy in source code, so-called “clones” caused by copy&paste can be found reliably using clone detection tools. Redundancy can arise also independently, however, not caused by copy&paste. At present, it is not clear how onlyfunctionally similar clones(FSC) differ from clones created by copy&paste. Our aim is to understand and categorise the syntactical differences in FSCs that distinguish them from copy&paste clones in a way that helps clone detection research.Methods. We conducted an experiment using known functionally similar programs in Java and C from coding contests. We analysed syntactic similarity with traditional detection tools and explored whether concolic clone detection can go beyond syntax. We ran all tools on 2,800 programs and manually categorised the differences in a random sample of 70 program pairs.Results. We found no FSCs where complete files were syntactically similar. We could detect a syntactic similarity in a part of the files in <16% of the program pairs. Concolic detection found 1 of the FSCs. The differences between program pairs were in the categories algorithm, data structure, OO design, I/O and libraries. We selected 58 pairs for an openly accessible benchmark representing these categories.Discussion. The majority of differences between functionally similar clones are beyond the capabilities of current clone detection approaches. Yet, our benchmark can help to drive further clone detection research.

Sign in / Sign up

Export Citation Format

Share Document