![]() ![]() The relationship between phone and TV has not been the subject of research works. Despite the extensive studies on mobile app analysis, its TV equivalents receive far too little attention. Many app developers and service providers have designed TV versions for their smartphone applications. In general, authors of malicious apps tend to favor generic names and reuse them between samples, and being the most popularĬontext: Smart TVs have become one of the most popular television types. By far the most often shared package name, shared by 1,735 malicious apps with a single legitimate Google Play app, is, however, more likely due to careless naming on the legitimate app's developers side. Among the most frequently repackaged apps are Armor for Android Antivirus (, 387 samples), Steamy Window (, 93 samples), Opera (, 68 samples), and Flappy Bird (, 23 samples) – besides the paid Armor Antivirus all apps exceed 5 million downloads on the Google Play Store. A total of 8.50% of malware samples share their package name with legitimate apps from our goodware set – in total 4,059 distinct package names, half of which are currently available in the Google Play Store. Note, this number is likely to be slightly biased by submissions from AndRadar that explicitly locates apps in markets based on their package name to model and analyze how they spread. Consequently, malware samples are far more likely to reuse package names than goodware samples: while 73.78% of goodware package names are unique, the same holds true for only 25.72% of malware's package names. For malware authors reusing the package name of a legitimate app is also a way to masquerade as a benign app. Some markets, such as Google Play, also use it as a unique reference, but developers are not restricted from creating an app with an already existing package name. 2) Application Names: The package name is the official identifier of an app, i.e., no two apps on a given device can share the same package name. One explanation, besides a simple oversight, is developers mistyping the intended permission in some cases, for example as andorid.permission. During our evaluation of dynamic analysis features (see Section IV-B), we observed samples attempting to send SMS, connect to the Internet or accessing the SD card, without having the appropriate permissions – actions that will be prohibited by the Android OS. This is common practice amongst malware, with 10.88% of malware samples requesting both permissions, while only 0.20% of goodware samples do so. of the normal READ_SETTINGS and WRITE_SETTINGS permissions. Goodware (GW) and malware (MW) apps request an increasing number of permissions (overall as well as from the subset of permissions we statically extract), but permission usage stays constant – a side effect of the increasing use of dynamic code loading and obfuscation. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |