University of Illinois Urbana-Champaign

Security threats to Android apps

He, Dongjing

Permalink

https://hdl.handle.net/2142/49659

Description

Title
Security threats to Android apps
Author(s)
He, Dongjing
Issue Date
2014-05-30T17:03:23Z
Director of Research (if dissertation) or Advisor (if thesis)
  • Gunter, Carl A.
  • Nahrstedt, Klara
Department of Study
Computer Science
Discipline
Computer Science
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
M.S.
Degree Level
Thesis
Keyword(s)
  • Mobile Security
  • Mobile Health
  • Information Leaks
Abstract
Smartphones have become ubiquitous and smartphone users are increasingly relying on the mobile applications (app for short) to store and handle private information. The fluidity of mobile apps and mobile app markets has complicated mobile app security. Many new threats emerged are either because of the deficiency of mobile app development or the design ambiguities of the Android operating system. In order to seek a better understanding of mobile app security, we present a systematic study on security threats to Android apps in two dimensions. First, we study Android apps from mobile health (mHealth for short) sector, in order to understand the prevalence of mobile app threats to that sector. In particular, we present a three-stage study of the mHealth apps to show that mHealth apps make widespread use of unsecured Internet communications and third party servers. Assuming that mobile apps are well protected by their developers, we ask a second question: are there any limitations in fundamental Android security design that can be used by malicious parties to disclose users' sensitive information? We study a newly discovered threat, side-channel information leaks on Android devices, in detail. Particularly, we discover an unexpected channel of information leaks from per-app data usage statistics and demonstrate that a malicious app can infer users' identity or investment information with zero-permission by monitoring the channel. To mitigate these threats, we propose defense strategies for both widespread threats on mHealth apps and the side-channel information leaks on Android devices.
Graduation Semester
2014-05
Permalink
http://hdl.handle.net/2142/49659
Copyright and License Information
Copyright 2014 Dongjing He

Owning Collections

Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at Illinois
Dissertations and Theses - Computer Science
Dissertations and Theses from the Dept. of Computer Science