Understanding android app piggybacking

Li Li, Daoyuan Li, Tegawende F. Bissyande, Jacques Klein, Yves Le Traon, David Lo, Lorenzo Cavallaro

Research output: Chapter in Book/Report/Conference proceedingConference PaperOther

5 Citations (Scopus)

Abstract

The Android packaging model offers adequate opportunities for attackers to inject malicious code into popular benign apps, attempting to develop new malicious apps that can then be easily spread to a large user base. Despite the fact that the literature has already presented a number of tools to detect piggybacked apps, there is still lacking a comprehensive investigation on the piggybacking processes. To fill this gap, in this work, we collect a large set of benign/piggybacked app pairs that can be taken as benchmark apps for further investigation. We manually look into these benchmark pairs for understanding the characteristics of piggybacking apps and eventually we report 20 interesting findings. We expect these findings to initiate new research directions such as practical and scalable piggybacked app detection, explainable malware detection, and malicious code location.

Original languageEnglish
Title of host publicationProceedings
Subtitle of host publication2017 IEEE/ACM 39th International Conference on Software Engineering Companion - ICSE-C 2017
EditorsAlessandro Orso, Martin Robillard
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages359-361
Number of pages3
ISBN (Print)9781538615898
DOIs
Publication statusPublished - 30 Jun 2017
Externally publishedYes
EventInternational Conference on Software Engineering 2017 - Buenos Aires, Argentina
Duration: 20 May 201728 May 2017
Conference number: 39th
http://icse2017.gatech.edu/

Conference

ConferenceInternational Conference on Software Engineering 2017
Abbreviated titleICSE-C 2017
CountryArgentina
CityBuenos Aires
Period20/05/1728/05/17
OtherIEEE/ACM International Conference on Software Engineering Companion (ICSE-C 2017)
Internet address

Cite this

Li, L., Li, D., Bissyande, T. F., Klein, J., Le Traon, Y., Lo, D., & Cavallaro, L. (2017). Understanding android app piggybacking. In A. Orso, & M. Robillard (Eds.), Proceedings: 2017 IEEE/ACM 39th International Conference on Software Engineering Companion - ICSE-C 2017 (pp. 359-361). [7965358] Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/ICSE-C.2017.109
Li, Li ; Li, Daoyuan ; Bissyande, Tegawende F. ; Klein, Jacques ; Le Traon, Yves ; Lo, David ; Cavallaro, Lorenzo. / Understanding android app piggybacking. Proceedings: 2017 IEEE/ACM 39th International Conference on Software Engineering Companion - ICSE-C 2017. editor / Alessandro Orso ; Martin Robillard. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2017. pp. 359-361
@inproceedings{ddbc9e9cbb984ea8a6ffd274f098dc7a,
title = "Understanding android app piggybacking",
abstract = "The Android packaging model offers adequate opportunities for attackers to inject malicious code into popular benign apps, attempting to develop new malicious apps that can then be easily spread to a large user base. Despite the fact that the literature has already presented a number of tools to detect piggybacked apps, there is still lacking a comprehensive investigation on the piggybacking processes. To fill this gap, in this work, we collect a large set of benign/piggybacked app pairs that can be taken as benchmark apps for further investigation. We manually look into these benchmark pairs for understanding the characteristics of piggybacking apps and eventually we report 20 interesting findings. We expect these findings to initiate new research directions such as practical and scalable piggybacked app detection, explainable malware detection, and malicious code location.",
author = "Li Li and Daoyuan Li and Bissyande, {Tegawende F.} and Jacques Klein and {Le Traon}, Yves and David Lo and Lorenzo Cavallaro",
year = "2017",
month = "6",
day = "30",
doi = "10.1109/ICSE-C.2017.109",
language = "English",
isbn = "9781538615898",
pages = "359--361",
editor = "Alessandro Orso and Martin Robillard",
booktitle = "Proceedings",
publisher = "IEEE, Institute of Electrical and Electronics Engineers",
address = "United States of America",

}

Li, L, Li, D, Bissyande, TF, Klein, J, Le Traon, Y, Lo, D & Cavallaro, L 2017, Understanding android app piggybacking. in A Orso & M Robillard (eds), Proceedings: 2017 IEEE/ACM 39th International Conference on Software Engineering Companion - ICSE-C 2017., 7965358, IEEE, Institute of Electrical and Electronics Engineers, Piscataway NJ USA, pp. 359-361, International Conference on Software Engineering 2017, Buenos Aires, Argentina, 20/05/17. https://doi.org/10.1109/ICSE-C.2017.109

Understanding android app piggybacking. / Li, Li; Li, Daoyuan; Bissyande, Tegawende F.; Klein, Jacques; Le Traon, Yves; Lo, David; Cavallaro, Lorenzo.

Proceedings: 2017 IEEE/ACM 39th International Conference on Software Engineering Companion - ICSE-C 2017. ed. / Alessandro Orso; Martin Robillard. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2017. p. 359-361 7965358.

Research output: Chapter in Book/Report/Conference proceedingConference PaperOther

TY - GEN

T1 - Understanding android app piggybacking

AU - Li, Li

AU - Li, Daoyuan

AU - Bissyande, Tegawende F.

AU - Klein, Jacques

AU - Le Traon, Yves

AU - Lo, David

AU - Cavallaro, Lorenzo

PY - 2017/6/30

Y1 - 2017/6/30

N2 - The Android packaging model offers adequate opportunities for attackers to inject malicious code into popular benign apps, attempting to develop new malicious apps that can then be easily spread to a large user base. Despite the fact that the literature has already presented a number of tools to detect piggybacked apps, there is still lacking a comprehensive investigation on the piggybacking processes. To fill this gap, in this work, we collect a large set of benign/piggybacked app pairs that can be taken as benchmark apps for further investigation. We manually look into these benchmark pairs for understanding the characteristics of piggybacking apps and eventually we report 20 interesting findings. We expect these findings to initiate new research directions such as practical and scalable piggybacked app detection, explainable malware detection, and malicious code location.

AB - The Android packaging model offers adequate opportunities for attackers to inject malicious code into popular benign apps, attempting to develop new malicious apps that can then be easily spread to a large user base. Despite the fact that the literature has already presented a number of tools to detect piggybacked apps, there is still lacking a comprehensive investigation on the piggybacking processes. To fill this gap, in this work, we collect a large set of benign/piggybacked app pairs that can be taken as benchmark apps for further investigation. We manually look into these benchmark pairs for understanding the characteristics of piggybacking apps and eventually we report 20 interesting findings. We expect these findings to initiate new research directions such as practical and scalable piggybacked app detection, explainable malware detection, and malicious code location.

UR - http://www.scopus.com/inward/record.url?scp=85026776815&partnerID=8YFLogxK

U2 - 10.1109/ICSE-C.2017.109

DO - 10.1109/ICSE-C.2017.109

M3 - Conference Paper

SN - 9781538615898

SP - 359

EP - 361

BT - Proceedings

A2 - Orso, Alessandro

A2 - Robillard, Martin

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - Piscataway NJ USA

ER -

Li L, Li D, Bissyande TF, Klein J, Le Traon Y, Lo D et al. Understanding android app piggybacking. In Orso A, Robillard M, editors, Proceedings: 2017 IEEE/ACM 39th International Conference on Software Engineering Companion - ICSE-C 2017. Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers. 2017. p. 359-361. 7965358 https://doi.org/10.1109/ICSE-C.2017.109