Wisec mobile phone session

CICC:

Permission manager: revoke permissions from apps

the permission manager cannot remove permissions effectively.

component instance based call chain: a framework-level approach 

four major modules:

1. Blcoked permission list module

2 ICC invokes Call chain management: 

..

==========================================

https://www.privmetrics.org/publications

 

=============

Day 2. Pre1 EagleDroid

instruction sequences: fuzzy hashing; sensitive to instruction sequence obfuscation

semantic info: call reference graph; hacking tools to bypass existing disassembling tools

repackaged apps should have similar appearance as original one.

determine potential repackaged malware by comparing visual similarity

DroidEagle: based on visual characteristics to detect similar apps.

Android GUI:

View: object on the screen which can interact with users and display objects.

ViewGroup: define the layout arrangement

 extract the layout of an app as a layout tree.

certificate info  to determine which one is the original one. 

RepoEagle: layout edit distance (LED): measure the similarity between two layout trees.

HostEagle: host-based detection. 资源有限，因此用layout hashing； 

 cloud storage：attacker 经常将攻击app放在此instead of the third party market

Q: 存在动态监测 run time behaviour 来看是否是repackaged apps? 

============

Day 2 2nd presentation:

buy app reviews to gain a high rating

============

Day 2 3rd presentation:

nearly 70% of the network traffic is invisible

不知道app的流量用来做什么, do not know where their applications are connected to, and the connection is secure or insecure. 

/proc/net/tcp(6), /proc/net/udp(6)

app: Securacy

make use of AwareFrame to collect users’ network usage. 

在rate app之后询问rate的原因：如何做到的？their own rating, not the one on the app store.

secure connections and insecure connections. 

https://comag.oulu.fi/tools

http://comag.oulu.fi/we-are-hiring/

aware framework : http://www.awareframework.com/