CoSINcheck to protect users from installing potentially harmful Android applications

摘要

Android inherited its core security from the Linux operating system where applications run with different unique system identities. Another level of security based on “permission” model is present in Android, for controlling the accessibility of resources and operations that a given process can execute. Applications with no explicit permission request should not be able to influence the user experience or make use of any data on the device. The permissions are divided into normal and dangerous categories. Normal permission only needs to be statically declared in the manifest file and will be granted to the application during installation whereas dangerous permission requires further validation from the user when the application process is requesting it. Nevertheless, after the application installation, identifying whether personal data are used for the expected functionality or a malicious purpose is yet an unsolved problem. In brief, the user has no other choice than judging and trusting the application based on the developers' reputation. However, an application package used for installing an Android application can easily be refactored by a third party, which might damage the notoriety of the developers and put the users at risk. To address this problem, we present CoSINcheck, a client and server analysis framework for flagging potential refactored applications prior and after its installation on a device. Code, Signatures, Icons and Names are used as features in our detection system.