Extension of the PingER Project onto Mobile Devices using Android Applications

Building Standardized and Secure Mobile Health Services Based on Social Media

Electronics ◽

10.3390/electronics9122208 ◽

2020 ◽

Vol 9 (12) ◽

pp. 2208

Author(s):

Jesús D. Trigo ◽

Óscar J. Rubio ◽

Miguel Martínez-Espronceda ◽

Álvaro Alesanco ◽

José García ◽

...

Keyword(s):

Social Media ◽

Mobile Devices ◽

Mobile Health ◽

Healthcare Services ◽

Small Scale ◽

Proof Of Concept ◽

Privacy And Security ◽

Health Level 7 ◽

Information Embedding ◽

Android Applications

Mobile devices and social media have been used to create empowering healthcare services. However, privacy and security concerns remain. Furthermore, the integration of interoperability biomedical standards is a strategic feature. Thus, the objective of this paper is to build enhanced healthcare services by merging all these components. Methodologically, the current mobile health telemonitoring architectures and their limitations are described, leading to the identification of new potentialities for a novel architecture. As a result, a standardized, secure/private, social-media-based mobile health architecture has been proposed and discussed. Additionally, a technical proof-of-concept (two Android applications) has been developed by selecting a social media (Twitter), a security envelope (open Pretty Good Privacy (openPGP)), a standard (Health Level 7 (HL7)) and an information-embedding algorithm (modifying the transparency channel, with two versions). The tests performed included a small-scale and a boundary scenario. For the former, two sizes of images were tested; for the latter, the two versions of the embedding algorithm were tested. The results show that the system is fast enough (less than 1 s) for most mHealth telemonitoring services. The architecture provides users with friendly (images shared via social media), straightforward (fast and inexpensive), secure/private and interoperable mHealth services.

Download Full-text

Detecting Colluding Inter-App Communication in Mobile Environment

Applied Sciences ◽

10.3390/app10238351 ◽

2020 ◽

Vol 10 (23) ◽

pp. 8351

Author(s):

Rosangela Casolare ◽

Fabio Martinelli ◽

Francesco Mercaldo ◽

Antonella Santone

Keyword(s):

Model Checking ◽

Mobile Devices ◽

Private Information ◽

End Users ◽

Home Automation ◽

Mobile Environment ◽

Data Support ◽

Bank Transfer ◽

Android Applications

The increase in computing capabilities of mobile devices has, in the last few years, made possible a plethora of complex operations performed from smartphones and tablets end users, for instance, from a bank transfer to the full management of home automation. Clearly, in this context, the detection of malicious applications is a critical and challenging task, especially considering that the user is often totally unaware of the behavior of the applications installed on their device. In this paper, we propose a method to detect inter-app communication i.e., a colluding communication between different applications with data support to silently exfiltrate sensitive and private information. We based the proposed method on model checking, by representing Android applications in terms of automata and by proposing a set of logic properties to reduce the number of comparisons and a set of logic properties automatically generated for detecting colluding applications. We evaluated the proposed method on a set of 1092 Android applications, including different colluding attacks, by obtaining an accuracy of 1, showing the effectiveness of the proposed method.

Download Full-text

Vulnerability Evaluation Method through Correlation Analysis of Android Applications

Sustainability ◽

10.3390/su11236637 ◽

2019 ◽

Vol 11 (23) ◽

pp. 6637

Author(s):

Cheolmin Yeom ◽

Yoojae Won

Keyword(s):

Correlation Analysis ◽

Mobile Devices ◽

Mobile Device ◽

Diagnostic Tool ◽

Evaluation Method ◽

Data Use ◽

Single Application ◽

Vulnerability Evaluation ◽

Android Applications

Due to people in companies use mobile devices to access corporate data, attackers targeting corporate data use vulnerabilities in mobile devices. Most vulnerabilities in applications are caused by the carelessness of developers, and confused deputy attacks and data leak attacks using inter-application vulnerabilities are possible. These vulnerabilities are difficult to find through the single-application diagnostic tool that is currently being studied. This paper proposes a process to automate the decompilation of all the applications on a user’s mobile device and a mechanism to find inter-application vulnerabilities. The mechanism generates a list and matrix, detailing the vulnerabilities in the mobile device. The proposed mechanism is validated through an experiment on an actual mobile device with four installed applications, and the results show that the mechanism can accurately capture all application risks as well as inter-application risks. Through this mechanism, users can expect to find the risks in their mobile devices in advance and prevent damage.

Download Full-text

Authenticator Rebinding Attack of the UAF Protocol on Mobile Devices

Wireless Communications and Mobile Computing ◽

10.1155/2020/8819790 ◽

2020 ◽

Vol 2020 ◽

pp. 1-14

Author(s):

Hui Li ◽

Xuesong Pan ◽

Xinluo Wang ◽

Haonan Feng ◽

Chengjie Shi

Keyword(s):

Mobile Devices ◽

Actual System ◽

Authentication Mechanism ◽

Android Platform ◽

Android Applications

We present a novel attack named “Authenticator Rebinding Attack,” which aims at the Fast IDentity Online (FIDO) Universal Authentication Framework (UAF) protocol implemented on mobile devices. The presented Authenticator Rebinding Attack rebinds the victim’s identity to the attacker’s authenticator rather than the victim’s authenticator being verified by the service in the UAF protocol, allowing the attacker to bypass the UAF protocol local authentication mechanism by imitating the victim to perform sensitive operations such as transfer and payment. The lack of effective authentication between entities in the implementations of the UAF protocol used in the actual system causes the vulnerability to the Authenticator Rebinding Attack. In this paper, we implement this attack on the Android platform and evaluate its implementability, where results show that the proposed attack is implementable in the actual system and Android applications using the UAF protocol are prone to such attack. We also discuss the possible countermeasures against the threats posed by Authenticator Rebinding Attack for different stakeholders implementing UAF on the Android platform.

Download Full-text

The Dangers of Rooting: Data Leakage Detection in Android Applications

Mobile Information Systems ◽

10.1155/2018/6020461 ◽

2018 ◽

Vol 2018 ◽

pp. 1-9 ◽

Cited By ~ 2

Author(s):

Luca Casati ◽

Andrea Visconti

Keyword(s):

Mobile Devices ◽

Sensitive Information ◽

Leakage Detection ◽

Improve Performance ◽

Security Issues ◽

Man In The Middle ◽

The World ◽

Unrestricted Access ◽

User Access ◽

Android Applications

Mobile devices are widely spread all over the world, and Android is the most popular operative system in use. According to Kaspersky Lab’s threat statistic (June 2017), many users are tempted to root their mobile devices to get an unrestricted access to the file system, to install different versions of the operating system, to improve performance, and so on. The result is that unintended data leakage flaws may exist. In this paper, we (i) analyze the security issues of several applications considered relevant in terms of handling user sensitive information, for example, financial, social, and communication applications, showing that 51.6% of the tested applications suffer at least of an issue and (ii) show how an attacker might retrieve a user access token stored inside the device thus exposing users to a possible identity violation. Notice that such a token, and a number of other sensitive information, can be stolen by malicious users through a man-in-the-middle (MITM) attack.

Download Full-text

SafeCandy: System for security, analysis and validation in Android

Sistemas y Telemática ◽

10.18046/syt.v13i35.2154 ◽

2015 ◽

Vol 13 (35) ◽

pp. 89-102 ◽

Cited By ~ 2

Author(s):

Sebastián Londoño ◽

Christian Urcuqui ◽

Manuel Fuentes Amaya ◽

Johan Gómez ◽

Andrés Navarro Cadavid

Keyword(s):

Operating System ◽

Mobile Devices ◽

Security Analysis ◽

Threat Detection ◽

Malicious Software ◽

Static And Dynamic Analysis ◽

Security Controls ◽

Android Applications ◽

Google Play ◽

New System

Android is an operating system which currently has over one billion active users for all their mobile devices, a market impact that is influencing an increase in the amount of information that can be obtained from different users, facts that have motivated the development of malicious software by cybercriminals. To solve the problems caused by malware, Android implements a different architecture and security controls, such as a unique user ID (UID) for each application, while an API permits its distribution platform, Google Play applications. It has been shown that there are ways to violate that protection, so the developer community has been developing alternatives aimed at improving the level of safety. This paper presents: the latest information on the various trends and security solutions for Android, and SafeCandy, an app proposed as a new system for analysis, validation and configuration of Android applications that implements static and dynamic analysis with improved ASEF. Finally, a study is included to evaluate the effectiveness in threat detection of different malware antivirus software for Android.

Download Full-text

Android for Enterprise Automated Systems

Advances in Business Information Systems and Analytics - Automated Enterprise Systems for Maximizing Business Performance ◽

10.4018/978-1-4666-8841-4.ch002 ◽

2016 ◽

pp. 19-42

Author(s):

Fahmi Ncibi ◽

Habib Hamam ◽

Ezzedine Ben Braiek

Keyword(s):

Operating System ◽

Mobile Devices ◽

Operating Systems ◽

Enterprise Management ◽

Automated Systems ◽

Industrial Control ◽

Daily Lives ◽

Android Os ◽

Android Applications

In this chapter, various aspects pertaining to the open operating system Android OS such as its history, architecture, features, and utility for business purposes will be introduced, following which the role of Android in enterprise management will be explained. The chapter will be concluded by a detailed report of the BYOD approach that uses Android for industrial control and automation. Since mobile devices have become progressively more powerful and accessible, mobile computing has greatly changed our daily lives. As one of the most popular mobile operating systems, Android provides the tools and API for Android developers to develop Android applications. Android is an open source operating system for mobile devices. Today its primary use is lodged in the mobile phone industry. During the recent past years, many projects have been created, with the objective to elevate Android to other platforms, such as sub-notebooks or embedded systems.

Download Full-text

Android Collusion: Detecting Malicious Applications Inter-Communication through SharedPreferences

Information ◽

10.3390/info11060304 ◽

2020 ◽

Vol 11 (6) ◽

pp. 304 ◽

Cited By ~ 2

Author(s):

Rosangela Casolare ◽

Fabio Martinelli ◽

Francesco Mercaldo ◽

Antonella Santone

Keyword(s):

Model Checking ◽

Mobile Devices ◽

Temporal Logic ◽

Private Information ◽

Recent Trend ◽

Experimental Results ◽

Single Application ◽

Collusion Attack ◽

Android Applications ◽

Inter Communication

The Android platform is currently targeted by malicious writers, continuously focused on the development of new types of attacks to extract sensitive and private information from our mobile devices. In this landscape, one recent trend is represented by the collusion attack. In a nutshell this attack requires that two or more applications are installed to perpetrate the malicious behaviour that is split in more than one single application: for this reason anti-malware are not able to detect this attack, considering that they analyze just one application at a time and that the single colluding application does not exhibit any malicious action. In this paper an approach exploiting model checking is proposed to automatically detect whether two applications exhibit the ability to perform a collusion through the SharedPreferences communication mechanism. We formulate a series of temporal logic formulae to detect the collusion attack from a model obtained by automatically selecting the classes candidate for the collusion, obtained by two heuristics we propose. Experimental results demonstrate that the proposed approach is promising in collusion application detection: as a matter of fact an accuracy equal to 0.99 is obtained by evaluating 993 Android applications.

Download Full-text

MCAF: Developing an Annotation-Based Offloading Framework for Mobile Cloud Computing

Scientific Programming ◽

10.1155/2020/5304612 ◽

2020 ◽

Vol 2020 ◽

pp. 1-9

Author(s):

Yilian Zhou ◽

Ligang He ◽

Bin Wang ◽

Yi Su ◽

Hao Chen

Keyword(s):

Mobile Devices ◽

Mobile Applications ◽

Mobile Cloud Computing ◽

Source Code ◽

Cloud Infrastructure ◽

Original Source ◽

Automatic Integration ◽

Android Applications ◽

Reduce Energy Consumption ◽

Cloud Servers

Offloading computation from mobile to remote cloud servers is a promising way to reduce energy consumption and improve the performance of mobile applications. However, a great challenge arises as automatic integration of powerful computing resources in remote cloud infrastructure and the portability of mobile devices. In this paper, we develop a Java annotation-based offloading framework, called MCAF, for android mobile devices. This framework is designed and committed to simplifying the development of android applications enabled with the offload capability. All the developers need to do is to import the SDK library of our MCAF and annotate the computation-intensive methods. MCAF can automatically extract the annotated source code and generate the code that will be run in the Cloud. Moreover, the codes of making the offloading decisions are automatically inserted into the original source code. We also conducted the real experiments to show the applicability of our MCAF.

Download Full-text

Comparative analysis of approches in developing Android applications using Xamarin technology

Journal of Computer Sciences Institute ◽

10.35784/jcsi.703 ◽

2018 ◽

Vol 9 ◽

pp. 318-323

Author(s):

Michał Bartkiewicz ◽

Adrian Dziedzic

Keyword(s):

Comparative Analysis ◽

Mobile Devices ◽

Efficient Approach ◽

Code Performance ◽

Android System ◽

Android Applications

Article shows analysis of Xamarin technology in two modes: Xamarin Forms and Xamarin Native, used for developing applications for mobile devices with Android system. Comparison concerns the number of generated lines of code, performance of each part and size of installed application and size of apk installation file. Analysis was based on two identical applications created using both approaches. As a result of the analysis the more efficient approach for given purpose has been indicated.

Download Full-text