Paper Info
Title
Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting
Abstract
The Android packaging model offers ample opportunities for malware writers to piggyback malicious code in popular apps, which can then be easily spread to a large user base. Although recent research has produced approaches and tools to identify piggybacked apps, the literature lacks a comprehensive investigation into such phenomenon. We fill this gap by: 1) systematically building a large set of piggybacked and benign apps pairs, which we release to the community; 2) empirically studying the characteristics of malicious piggybacked apps in comparison with their benign counterparts; and 3) providing insights on piggybacking processes. Among several findings providing insights analysis techniques should build upon to improve the overall detection and classification accuracy of piggybacked apps, we show that piggybacking operations not only concern app code, but also extensively manipulates app resource files, largely contradicting common beliefs. We also find that piggybacking is done with little sophistication, in many cases automatically, and often via library code.
Year
DOI
Venue
2017
10.1109/TIFS.2017.2656460
IEEE Trans. Information Forensics and Security
Keywords
Field
DocType
Malware,Androids,Humanoid robots,Payloads,Security,Feature extraction,Terminology
Android security,Piggybacking (Internet access),Android app,World Wide Web,Android (operating system),Terminology,Computer security,Computer science,Malware,Sophistication,Payload
Journal
Volume
Issue
ISSN
12
6
1556-6013
Citations 
PageRank 
References 
38
1.00
37
Authors
7
Name
Order
Citations
PageRank
Li Li124714.41
daoyuan li2745.71
Tegawendé F. Bissyandé386363.90
Jacques Klein42498112.20
Yves Le Traon515514.08
David Lo65346259.67
Lorenzo Cavallaro788652.85