日本語フィールド
著者:Naoya Kajiwara, Shinichi Matsumoto, Yuuki Nishimoto, Yoshiaki Hori, Kouichi Sakurai題名:Detection of Privacy Sensitive Information Retrieval Using API Call Logging Mechanism within Android Framework発表情報:Journal of Networks 巻: 9 号: 11 ページ: 2905-2913キーワード:Android, Malware, Privacy Protection, Dynamic Analysis概要:In recent years, Android based smartphones have become popular. As a feature of a smart phone, much information for identifying a user and information linked to user’s privacy is saved in a terminal. For this feature, many malwares targeting privacy information are developed. Many security mechanisms are provided in Android for such malwares. However, it is difficult for users to judge the availability of application by understanding the potential threats in the application. In this paper, we focus on acquisition of information by using a remote procedure call when we invoke the API to acquire phone ID. We design a methodology to record invocation of the API by inserting Log.v methods. Proposal method is implemented within Android framework layer. For this reason, malicious application developers cannot circumvent log output by their malwares. We examined our method, and confirmed empirically the record of the invocation behavior of the API to acquire phone ID.抄録:In recent years, Android based smartphones have become popular. As a feature of a smart phone, much information for identifying a user and information linked to user’s privacy is saved in a terminal. For this feature, many malwares targeting privacy information are developed. Many security mechanisms are provided in Android for such malwares. However, it is difficult for users to judge the availability of application by understanding the potential threats in the application. In this paper, we focus on acquisition of information by using a remote procedure call when we invoke the API to acquire phone ID. We design a methodology to record invocation of the API by inserting Log.v methods. Proposal method is implemented within Android framework layer. For this reason, malicious application developers cannot circumvent log output by their malwares. We examined our method, and confirmed empirically the record of the invocation behavior of the API to acquire phone ID.英語フィールド
Author:Naoya Kajiwara, Shinichi Matsumoto, Yuuki Nishimoto, Yoshiaki Hori, Kouichi SakuraiTitle:Detection of Privacy Sensitive Information Retrieval Using API Call Logging Mechanism within Android FrameworkAnnouncement information:Journal of Networks Vol: 9 Issue: 11 Page: 2905-2913Keyword:Android, Malware, Privacy Protection, Dynamic AnalysisAn abstract:In recent years, Android based smartphones have become popular. As a feature of a smart phone, much information for identifying a user and information linked to user’s privacy is saved in a terminal. For this feature, many malwares targeting privacy information are developed. Many security mechanisms are provided in Android for such malwares. However, it is difficult for users to judge the availability of application by understanding the potential threats in the application. In this paper, we focus on acquisition of information by using a remote procedure call when we invoke the API to acquire phone ID. We design a methodology to record invocation of the API by inserting Log.v methods. Proposal method is implemented within Android framework layer. For this reason, malicious application developers cannot circumvent log output by their malwares. We examined our method, and confirmed empirically the record of the invocation behavior of the API to acquire phone ID.An abstract:In recent years, Android based smartphones have become popular. As a feature of a smart phone, much information for identifying a user and information linked to user’s privacy is saved in a terminal. For this feature, many malwares targeting privacy information are developed. Many security mechanisms are provided in Android for such malwares. However, it is difficult for users to judge the availability of application by understanding the potential threats in the application. In this paper, we focus on acquisition of information by using a remote procedure call when we invoke the API to acquire phone ID. We design a methodology to record invocation of the API by inserting Log.v methods. Proposal method is implemented within Android framework layer. For this reason, malicious application developers cannot circumvent log output by their malwares. We examined our method, and confirmed empirically the record of the invocation behavior of the API to acquire phone ID.