Read on here for an extensive interview with Steven Arzt in the Süddeutsche Zeitung about the recent malware threat we discovered and about Android malware in general. Spiegel Online also has an article that draws information from the interview.
Cross-posted from SEEBlog
Our micro-benchmark suite DroidBench (published with FlowDroid at PLDI’14) aims at testing the precision and recall of static taint tracking tools for Android. It provides categorized, tested, and well-documented test cases for the various hard challenges in program analysis. The ground truth is provides makes it easy to check and compare the results of the various information-flow analysis tools proposed both in research and available commercially.
The suite has been used by various research groups all over the world and we have seen tools greatly improve on the precision and recall they achieve on DroidBench. With many tools now achieving very good results, it is time for new challenges.
We are thus happy to announce that DroidBench 2.0 is now available from Github. It features 120 test cases in 13 categories including aliasing, implicit data flows, Android lifecycle handling, inter-component communication, and reflective method calls. We would like to thank all the researchers world wide that have contributed to DroidBench and would like to extend this call: Feel free to propose and/or submit new test cases to extend the suite even further so that it can continue to serve as a standardized benchmark suite for research in the field of static taint tracking.
All kinds of contributions are welcome. We have started to also add test cases challenging dynamic analysis tools, for instance emulator-detection mechanisms. In the future, we also plan to add test cases that leverage native code to hide data flows.
Cross-posted from SEEBlog
We are happy to announce that our paper “DroidSearch: A Tool for Scaling Android App Triage to Real-World App Stores” has been accepted for publication at the IEEE Technically Co-Sponsored “Science and Information Conference 2015″ (SAI) in London, UK.
While many precise analysis tools for detecting malware and finding vulnerabilities in Android applications exist, they usually do not scale to the large number of applications in today’s real-world markets such as Google Play. We therefore present DroidSearch, a search engine that aids a multi-staged analysis in which fast pre-filtering techniques allow security experts to quickly retrieve candidate applications that should be subjected to further automated and/or manual analysis. DROIDSEARCH is supported by DROIDBASE, a middleware and back-end database which associates apps with metadata and the results of lightweight analyses on bytecode and configuration files that DROIDBASE automatically manages and executes.
Experiments on more than 235,000 applications from six different application stores including Google Play reveal many interesting findings. For instance, DROIDSEARCH identifies 40 known malware applications in Google Play and detects over 35,000 applications that use both http and https connections for accessing the same resources, effectively rendering the https protection ineffective. It also reveals 11,995 applications providing access to potentially sensitive data through unprotected content providers.
Cross-posted from SEEBlog
