Files in this item



application/pdfDongjing_He.pdf (576kB)
(no description provided)PDF


Title:Security threats to Android apps
Author(s):He, Dongjing
Advisor(s):Gunter, Carl A.; Nahrstedt, Klara
Department / Program:Computer Science
Discipline:Computer Science
Degree Granting Institution:University of Illinois at Urbana-Champaign
Subject(s):Mobile Security
Mobile Health
Information Leaks
Abstract:Smartphones have become ubiquitous and smartphone users are increasingly relying on the mobile applications (app for short) to store and handle private information. The fluidity of mobile apps and mobile app markets has complicated mobile app security. Many new threats emerged are either because of the deficiency of mobile app development or the design ambiguities of the Android operating system. In order to seek a better understanding of mobile app security, we present a systematic study on security threats to Android apps in two dimensions. First, we study Android apps from mobile health (mHealth for short) sector, in order to understand the prevalence of mobile app threats to that sector. In particular, we present a three-stage study of the mHealth apps to show that mHealth apps make widespread use of unsecured Internet communications and third party servers. Assuming that mobile apps are well protected by their developers, we ask a second question: are there any limitations in fundamental Android security design that can be used by malicious parties to disclose users' sensitive information? We study a newly discovered threat, side-channel information leaks on Android devices, in detail. Particularly, we discover an unexpected channel of information leaks from per-app data usage statistics and demonstrate that a malicious app can infer users' identity or investment information with zero-permission by monitoring the channel. To mitigate these threats, we propose defense strategies for both widespread threats on mHealth apps and the side-channel information leaks on Android devices.
Issue Date:2014-05-30
Rights Information:Copyright 2014 Dongjing He
Date Available in IDEALS:2014-05-30
Date Deposited:2014-05

This item appears in the following Collection(s)

Item Statistics