Efficient Protection of Android Applications through User ... - MDPI

Download PDF
6 downloads 0 Views 11MB Size Report
Comment
Apr 22, 2018 - Abstract: Android applications store large amounts of sensitive information .... we describe the SIA and other similar types of attacks. ..... Android Open Source Project (AOSP) with the Android version UAPD implemented (UAPD) with ..... Free Android Emulator on PC and Mac- Download Nox App Player.
sustainability Article

Efficient Protection of Android Applications through User Authentication Using Peripheral Devices Jinseong Kim and Im Y. Jung * School of Electronics Engineering, Kyungpook National University, Daegu 41566, Korea; [email protected] or [email protected] * Correspondence: [email protected]; Tel.: +82-53-950-7237 Received: 22 March 2018; Accepted: 20 April 2018; Published: 22 April 2018

 

Abstract: Android applications store large amounts of sensitive information that may be exposed and exploited. To prevent this security risk, some applications such as Syrup and KakaoTalk use physical device values to authenticate or encrypt application data. However, by manipulating these physical device values, an attacker can circumvent the authentication by executing a Same Identifier Attack and obtain the same application privileges as the user. In our work, WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup were subjected to the Same Identifier Attack, and it was found that an attacker could gain the same privileges as the user, in all five applications. To solve such a problem, we propose a technical scheme—User Authentication using Peripheral Devices. We applied the proposed scheme to a Nexus 5X smartphone running Android version 7.1 and confirmed that the average execution time was 0.005 s, which does not affect the other applications’ execution significantly. We also describe the security aspects of the proposed scheme and its compatibility with the Android platform and other applications. The proposed scheme is practical and efficient in terms of resource usage; therefore, it will be useful for Android users to improve Android application security. Keywords: Android vulnerability; Android protection; Same Identifier Attack; User Authentication using Peripheral Devices; Android security

1. Introduction The number of Android application downloads is increasing every year [1]. Android applications, which are often called Android apps, offer various conveniences to users. However, they contain a number of security threats [2–9]. By inserting malicious code into an application and distributing it, it is possible to steal user information or recover messages, photographs, etc., sent and received by a user’s social network service (SNS). Moreover, if an attacker gains access to an account or account token, he/she can use the user’s account. In addition to the security threats listed in Table 1, information can be acquired from backup files on the Android system. The original purpose of the backup files is to help restore the user’s information. However, if an attacker misuses them, he/she can analyze the application data in the backup files to obtain personal information for applications such as WhatsApp or Facebook [10,11]. Another form of attack hacks a user’s Android application using backup technology. This method uses the Android Debug Bridge (ADB) to acquire backup data from an unrooted terminal, and then modifies the XML values of the application and restores the backup file [12]. Another method inserts a malicious application into the backup file and restores it [13]. Several methods have been studied to protect application data by enhancing the security of databases [9,14–16]; however, most of these techniques use the International Mobile Equipment Identity (IMEI) value to generate a key to the database file, which can be decrypted by an attacker [17].

Sustainability 2018, 10, 1290; doi:10.3390/su10041290

www.mdpi.com/journal/sustainability

Sustainability Sustainability2018, 2018,10, 8, 1290 x FOR PEER REVIEW

18 22ofof20

Table 1. Android vulnerabilities published in Common Vulnerabilities and Exposures (CVE) [18]. Table 1. Android vulnerabilities published in Common Vulnerabilities and Exposures (CVE) [18]. Code Memory SQL Gain Gain Year DoS Overflow Bypass Execution Corruption Injection Information Privileges Gain Gain Memory SQL Code Overflow Bypass Year DoS Execution Corruption 1Injection 2014 2 4 1 1 2Information 2Privileges 2014 56 2 70 4 1 1 1 2 2 2015 63 46 20 19 17 2015 56 70 63 46 20 19 17 2016 104 73 92 38 48 99 250 2016 104 73 92 38 48 99 250 2017 59 26 26 28 52 34 2017 44 44 139 139 59 28 52 34 Total 217 217294 294 102 176 309 Total 219 219 113 113 11 102 176 309 %All 20.9 28.3 21.1 10.9 0.1 9.8 17 29.8 %All 20.9 28.3 21.1 10.9 0.1 9.8 17 29.8

InInaddition Identifier Attack Attack(SIA) (SIA)[19,20] [19,20] additionto tosuch suchattacks, attacks, there there is is aa new new attack attack called called the the Same Same Identifier that can create a copy of an application with the same privileges, using the user’s backup file. that can create a copy of an application with the same privileges, using the user’s backup file. InInthis thethe SIA concept and its its method of attack, andand show thethe results for five thispaper, paper,we weintroduce introduce SIA concept and method of attack, show results for applications subjected to SIA: WhatsApp [21], which is used worldwide; KakaoTalk [22,23], which five applications subjected to SIA: WhatsApp [21], which is used worldwide; KakaoTalk [22,23],is widely in Korea; Facebook [22], a representative SNS application; Amazon, a typical global which used is widely used in Korea; Facebook [22], a representative SNS application; Amazon, a typical online application; and Syrup [24], Korea’s integrated membership management application. globalshopping online shopping application; and Syrup [24], Korea’s integrated membership management Inapplication. addition, weIndiscuss what an attacker can do, such as initiating real-time conversations, sending and addition, we discuss what an attacker can do, such as initiating real-time receiving files, gaining activity logs, logging into other linked accounts, conducting order inquiries, conversations, sending and receiving files, gaining activity logs, logging into other linked accounts, and obtainingorder details regarding card information. To preventcard these, we propose scheme, conducting inquiries, anddebit/credit obtaining details regarding debit/credit information. Toaprevent User Authentication Peripheral (UAPD), using which Peripheral authenticates the smartphone from a these, we propose using a scheme, User Devices Authentication Devices (UAPD), which user’s other devices such as those paired by Bluetooth or configured WiFi, to against authenticates the smartphone from a user’s other devices such asthrough those paired bydefend Bluetooth or SIA. This is outlined in Figure 1. Weagainst use nonrooted the target of use attack and for configured through WiFi, to defend SIA. Thissmartphones is outlined inasFigure 1. We nonrooted implementing UAPD of is part of the FrameworkUAPD. and is compatible withofallthe applications. smartphones UAPD. as the target attack andAndroid for implementing UAPD is part Android and is authenticates compatible with applications. In addition, UAPD authenticates the user InFramework addition, UAPD the all user from preconfigured peripheral devices; therefore, thefrom time peripheral devices; therefore, the time ofless. execution required forwe user authentication is ofpreconfigured execution required for user authentication is much Through testing, confirmed that the much less. Through testing, we confirmed that the average execution time is 0.005 s. average execution time is 0.005 s.

Figure UserAuthentication Authenticationusing using Peripheral Peripheral Devices applications Figure 1. 1. User Devices (UAPD) (UAPD)protecting protectingAndroid Android applications against Same Identifier Attack (SIA). against Same Identifier Attack (SIA).

The contributions of this paper are as follows. The contributions of this paper are as follows.  Introduce an application duplication attack that can use the same user privileges • Introduce an application duplication attack that can use the same user privileges The creation of a same-user application without the user’s knowledge can be exploited in a The creation of a same-user application without the user’s knowledge can be exploited in a variety variety of ways. In particular, the attack target is an unrooted device. We also present the risk to of ways. In particular, the attack target is an unrooted device. We also present the risk to Android, Android, at present, because it is possible to create a copy of an application with the same user at present, because it is possible to create a copy of an application with the same user privileges privileges by modifying the physical device values to duplicate the user’s application. by modifying the physical device values to duplicate the user’s application.

Sustainability 2018, 10, 1290

3 of 18



Propose an improved defense of Android applications, which does not depend on the smartphone manufacturer In this paper, a new scheme, UAPD, is proposed to defend Android applications, which does not depend on the smartphone manufacturer. UAPD authenticates the smartphone from a user’s other devices such as paired Bluetooth or configured WiFi devices.



Avoid exposure to data replication attacks Our proposed framework ensures that UAPD protects the user’s application even if the attacker modifies the physical device values, because it does not use the IMEI, International Mobile Subscriber Identity (IMSI), or phone numbers, which can be modified.



Optimize performance for real applications UAPD authenticates the user from a device that is preconnected to the smartphone. Therefore, it does not spend much time scanning for peripheral devices; the user authentication time is 0.005 s, on average.



Compatible with all Android applications All Android applications go through the same processes for execution. We have developed UAPD to be compatible with all Android applications, by adding a user authentication process during its runtime setup.

The remainder of this paper is organized as follows. First, in the Related Works Section, we describe the SIA and other similar types of attacks. We also describe the studies that have been conducted to protect the information of users, for comparison with the method proposed in this paper. The SIA Section presents some background information to understand SIA and its attack methods. It also presents experimental results demonstrating the privileges acquired by executing SIA on WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup, and discusses the risks of this attack. The next section describes the UAPD that can prevent SIA, the structure of UAPD, and its execution steps. The Evaluation Section presents the performance and overhead of UAPD application. We also present a scenario for UAPD, demonstrate that it can defend Android applications against SIA in this situation, and discuss its security stability. Finally, the Conclusion summarizes the previous sections and provides a description of the future work. 2. Related Works Android stores the information used by applications. Application data are mainly stored in an SQLite database. In communication applications, information such as the conversation history and user’s ID are stored. In addition, the information necessary for games, such as the account and cache, are also saved. Therefore, if the application data can be analyzed, the information about its user can be obtained. Dai et al. [17] explained the string decryption algorithm used in WeChat and WhatsApp and the decryption key formula for the encrypted database file structure, and showed that the key generated could be decrypted because it used only the IMEI value. Jain et al. [25] used the SQLite database vulnerability of Android to classify the risks of applications such as WeChat and WhatsApp, and showed that it was possible to modify the database values. While these attacks require rooting an Android device, attacks that can manipulate an application without rooting have also been developed. Hacking Android applications using backup techniques [12] is a method for restoring the XML values of a specific application and analyzing the backup data using Android’s ADB without acquiring root privileges after acquisition. It has been shown that an attacker can change features in an application by using the modified XML. In addition, there exists an Android ADB backup Android Package (APK) injection vulnerability [13], wherein the data stream is not filtered when using the Android backup manager. If a malicious APK is injected into the backup file and the user restores the data from the backup file, the malicious APK will be installed. The passive content leaks and pollution in Android applications [26] can be used to gain access to information in applications, by using the default setting

Sustainability 2018, 10, 1290

4 of 18

of Android: exported = “true”. In [27], it was shown that the vulnerabilities of the database could lead to communication between malicious and normal applications. These attacks are possible without rooting only if some application information can be obtained or modified. SIA can be considered to be more critical than the existing attacks because an attacker can use the behavior of all applications available, similar to the original user. Therefore, if an attacker attacks a user using SIA, he/she can obtain application information and impersonate the original user through the application. This attack utilizes the user’s backup file; even if the user’s phone is not rooted, it is possible to copy the target application completely. Therefore, the amount of information or authority ultimately obtained by the attacker is much higher than that of the other existing attacks. The existing methods used for the protection of application data mainly encrypt the SQLite database. Mutti et al. [14] proposed SeSQLite, which integrated SELinux access control functions with SQLite, to manage the granular access policy for database objects. As a result, the database security of Android was enhanced. In a similar fashion, Paraboaschi et al. [15] added AppPolicyModules to SeSQLite, allowing application developers to specify system-level protection for the resources from specific applications. They also suggested interprocess communication with SELinux to prevent other applications from accessing specific applications’ databases and viewing information. However, this method is vulnerable to SIA because it is limited to protecting application data from unauthorized or suspicious applications. If the attacker changes to the same physical value as the user’s smartphone, as in SIA, and runs the application, the device will be recognized as authorized and this method will be disabled. Ardiansa [16] suggested a method for encryption and decryption when writing or reading an Android database. This method has been added to the Android Software Development Kit (SDK), so that developers can easily protect the applications’ data. In addition, because of the encryption/decryption, if the key is not exposed, it will be strong enough to protect the data. However, we uncovered three problems with this method. First, not all developers use this method, as it is costly and hassling to establish a separate setup, and there may be no need to worry about security for a particular application. Therefore, many applications are still vulnerable to the attacks using application data, such as SIA. The second issue is key management. Most of the methods including the Ardiansa proposal are developed for unrooted smartphones. Therefore, if you manage the keys for encryption/decryption in the system area or lower-level areas, the keys may be secure in unrooted smart phones; however, when you back up Android, the backup file will contain all the data needed to run the application. Therefore, if the attacker uses the backup file to perform SIA, the data encrypted by the SQLCipher will be decrypted automatically. This ultimately leads to the SQLCipher being disabled by SIA. The Same Identifier Attack Defensor (SIAD) was proposed to solve these problems comprehensively [19,20]. SIAD is an automated process for protecting against SIA. It identifies the user’s device before the application starts, and it encrypts and decrypts the application data before and after the application runs. It also prevents data exposure during backup. Instead of using the information on the device, new elements are added to each application and are used to validate and defend against SIA. It also encrypts the database for each application to improve the security of the application. However, this proposal will take a long time to run and exit the application if the database size of the application is large. In addition, as it is designed to be compatible with all applications, it results in unnecessary encryption/decryption. Therefore, we improved this approach to defend against the existing SIA and focused on reducing the time overhead that could occur when applying the proposal. We propose a solution, UAPD, to solve the aforementioned problems. The proposed scheme can protect Android applications against SIA even if an attacker sets up a physical value that is the same as that of the user’s smartphone or acquires the application backup data. In addition, unlike SIAD, UAPD does not encrypt/decrypt the application data. Therefore, it is much faster than SIAD and can prevent SIA effectively.

Sustainability 2018, 10, 1290 Sustainability 2018, 8, x FOR PEER REVIEW

5 of 18 5 of 20

This section introduces the SIA. We describe the attack procedure of SIA briefly, and show the 3. Same Identifier Attack results for five representative applications subjected to SIA. This sectionbecause introduces theverification SIA. We describe the attack procedure of SIA briefly, and show the SIA occurs of the processes required by applications and the structure of results for five representative applications subjected to SIA. backup data. SIA occurs because of the verification processes requiredshould by applications thethat structure of Applications using sensitive information on smartphones be able toand verify the users backup data. are correct in their execution. However, many applications do not carry out this verification process. information on smartphones should able to verify the SomeApplications applicationsusing such sensitive as Syrup, WeChat, and KakaoTalk use ShortbeMessage Servicethat (SMS) users are correct execution. However, many applications not carry out this verification authentication orin thetheir IMEI or Universal Subscriber Identity Moduledo (USIM) information. Performing process. Some applications such as Syrup, WeChat, and KakaoTalk use Short Message Service identity verification using SMS each time is burdensome, and it is ambiguous to define certain(SMS) steps authentication or only the IMEI or case Universal Subscriber Identity Module (USIM) information. Performing to be performed in the of suspicion. In the case of verification procedures using physical identity verification using is information, burdensome, these and itvalues is ambiguous define certain stepsthe to device values such as the SMS IMEIeach and time USIM may be to exposed along with be performed only in the case of suspicion. In the case of verification procedures using physical device values of the stored data, as many applications use the right to obtain them. Alternatively, this values such as the IMEI and USIM information, these identifiers values maycan be exposed along with the values verification process is vulnerable to attack because be changed directly using an of the stored data, as many applications use the right to obtain them. Alternatively, this verification Android emulator. process vulnerable to attack becausecan identifiers can be changedto directly usingmethod an Android emulator. Theisbackup method in Android be changed according the backup supported by The backup method in Android can beusing changed according the backup supported by the the manufacturer, the backup method ADB, and thetomethod by method the backup application. manufacturer, the backup method ADB, the method by passwords. the backup application. Nowadays, Nowadays, there is an option to using protect the and backup file using However, this is not a there is an option to protect the backup file using passwords. However, this is not a compulsory option. compulsory option. If implemented, it will be necessary to remember the password. Moreover, If implemented, it willwithout be necessary to remember the because password. decryption possible decryption is possible knowing the password the Moreover, file can be copied, and is there is no without knowing the password because the file can be copied, and there is no limit to the number of limit to the number of attempts at decryption. Therefore, if the backup file is not safe and can be attempts decryption. Therefore, if the backup file is not safe and can be acquired, SIA is possible. acquired,atSIA is possible. In to understand understandan anSIA, SIA,the the Android application data structure is described below. In order to Android application data structure is described below. The The Android file system is divided into six partitions, as shown in Figure 2. Among them, the data area Android file system is divided into six partitions, as shown in Figure 2. Among them, the area located calledthe theapplication applicationdirectory, directory, contains contains information related to the Android located in in ‘/data/data’, ‘/data/data’, called applications. applications. Permission to access the data area is configured by an Android policy policy [28]. [28]. Table Table 22 lists lists the the subdirectories subdirectories of of the the application application directory. directory. Depending Depending on the type type of of application, application, a person person can can obtain obtain information information such such as as the the application application usage usage signs, signs, login login information, information, and and user usertraces traces[8]. [8].

Figure 2. 2. Android Android partitions. partitions. Figure Table 2. 2. Application Application data data subdirectories subdirectories [29]. [29]. Table

Sub Directory Sub Directory shared_prefs shared_prefs lib lib filesfiles cache cache databases databases

Description Description XML file of shared preferences XML file of shared preferences Custom library files required by application Custom library files required by application Developer-saved files Developer-saved files FilesFiles cached by by application cached application SQLite journal files SQLite andand journal files

Figure 33 illustrates illustrates the the attack attack procedure procedure of of SIA. SIA. As As aa precondition, precondition, the the attacker attacker must must obtain obtain the the Figure backup data that are not encrypted by the user. It is quite easy to copy the backup file of any backup data that are not encrypted by the user. It is quite easy to copy the backup file of any application application stored on a smartphone. There are ways for attacker retrieve backup file stored on a smartphone. There are three ways forthree an attacker to an retrieve the to backup filethe from a remote from a remote location. The first is to retrieve the backup files (“ad”, “bak”, “Tibkp”, etc.,) stored in location. The first is to retrieve the backup files (“ad”, “bak”, “Tibkp”, etc.,) stored in the cloud the cloud (such as Google, Baidu, or OneDrive) or on an individual server, through the Internet. In (such as Google, Baidu, or OneDrive) or on an individual server, through the Internet. In this case, thisattacker case, the attacker does have to do anything with phone the Android because the process the does not have to not do anything with the Android becausephone the process involves just a involves just a simple download. This means that the attacker need not acquire the root permissions simple download. This means that the attacker need not acquire the root permissions for the user’s for the user’sfor smartphone attack. The second is to install a on malicious appphone on theand user’s phone smartphone the attack. for Thethe second is to install a malicious app the user’s instruct it and instruct it to back app up. The backup appAndroid is built phone, into the Android phone, and therefore, are rooted to back up. The backup is built into the and therefore, rooted permissions not permissions not third The is a attacker physicalinstalls approach. The attacker installs malicious required. Theare third is arequired. physical The approach. a malicious application thata can search application that can search for the backup files and send them to him/her. Alternatively, the attacker

Sustainability 2018, 10, 1290

6 of 18

Sustainability 2018, 8, x FOR PEER REVIEW

6 of 20

for the backup files and send them to him/her. Alternatively, the attacker can physically connect a user’s smartphone to a PC to acquire the backup files. Of course, the method can physically connect a user’s smartphone to a PC to acquire the backup files.involving Of course,an theattacker’s method direct access to the device is not an effective attack method. However, since the consequences of the involving an attacker’s direct access to the device is not an effective attack method. However, since attacks can be critical, the effort to attack is intensified. the consequences of the attacks can be critical, the effort to attack is intensified.

3. Same Identifier [19]. International IMEI, International Equipment IMSI, FigureFigure 3. Same Identifier AttackAttack [19]. IMEI, MobileMobile Equipment Identity;Identity; IMSI, International International Mobile Subscriber Identity. Mobile Subscriber Identity.

After acquiring these data, the attack progresses through six stages. In the analysis step, the After acquiring these data, the attack progresses through six stages. In the analysis attacker selects a target application and parses information such as the IMEI, IMSI, and phone step, the attacker selects a target application and parses information such as the IMEI, IMSI, number in the backup file. Then, the attacker accesses the target application location and phone number in the backup file. Then, the attacker accesses the target application location (‘/data/data/(App_package_name)’) and checks the UserID and Group ID. Next, the target (‘/data/data/(App_package_name)’) and checks the UserID and Group ID. Next, the target application application data in the backup file are copied to the installed target application directory, the data in the backup file are copied to the installed target application directory, the permissions of the permissions of the copied folders and files are changed, and the IMEI, IMSI, and phone number are copied folders and files are changed, and the IMEI, IMSI, and phone number are set as backup set as backup file information. Once this process is complete, the attacker can run an application with file information. Once this process is complete, the attacker can run an application with the same the same permissions as the user. In other words, the attacker has a replicated application with the permissions as the user. In other words, the attacker has a replicated application with the same same privileges as the user, with the user being unaware of this situation. privileges as the user, with the user being unaware of this situation. Table 3 shows the skills, tools, and background knowledge required by an attacker to perform Table 3 shows the skills, tools, and background knowledge required by an attacker to perform the the SIA. It also shows the attack difficulty level. When an attacker attacks with the SIA, the affected SIA. It also shows attack level. When an attacker the files, SIA, the target target device doesthe not needdifficulty root privileges. Once the attackerattacks has thewith backup the affected attack can be device does not need root privileges. Once the attacker has the backup files, the attack can be carried carried out easily because not many tools or skills are needed. out easily because not many tools or skills are needed. Table 3. Same Identifier Attack requirements. Table 3. Same Identifier Attack requirements.

Acquiring Acquiring backupbackup files files

Required Skill Required Skill Web searching Web searching Malicious application Malicious application ADB ADB Abilityto toanalyze analyze Ability backup files backup files

Required Tool RequiredPC Tool PC cable USB USB cable Extract Extract tool tool

Background Background

Depends on Depends method on method

Difficulty Difficulty

Depends on Depends on method method

Analyzing Backup file Analyze tool tool Backup file structure Easy Analyze Easy backup files structure Creating copied PC Enter command — Easy Creating application Smartphone PC copied Enter command — Easy Smartphone application Table 4 lists the most popular applications in the Google Play Store across 103 countries. Table 5 lists the applications targeted for our attack. Messenger, in the communication category, and Instagram, Table 4 lists the most popular applications in the Google Play Store across 103 countries. Table 5 in the social category, are targeted via WhatsApp and Facebook because they are linked with Facebook lists the applications targeted for our attack. Messenger, in the communication category, and Instagram, in the social category, are targeted via WhatsApp and Facebook because they are linked with Facebook accounts. Moreover, Korea’s KakaoTalk and Syrup applications are considered targets Analyzing backup files

Sustainability 2018, 10, 1290

7 of 18

Sustainability 2018, 8,FOR FOR PEER REVIEW of7because 20 Sustainability 2018, 8, FOR PEER REVIEW of 20 Sustainability 2018, 8, FOR PEER REVIEW of 20 Sustainability 2018, xPEER FOR REVIEW of 20 7 ofthey Sustainability 2018, 8, x8, REVIEW 7 of 20 Sustainability 2018, 8, PEER x FOR PEER REVIEW 20 accounts. Moreover, Korea’s KakaoTalk and Syrup applications are considered targets Sustainability 2018, xxxx8, FOR PEER REVIEW 7777of 20 Sustainability 2018, 8, x FOR PEER REVIEW Sustainability 2018, 8, 8, x8,FOR PEER REVIEW 7 7of 20 Sustainability 2018, FOR PEER REVIEW of 20 Sustainability 2018, xxdamage, FOR PEER REVIEW 77of of 20 can cause more if exploited, than the previously mentioned applications. KakaoTalk is20 an

because they can cause more damage, if exploited, than the previously mentioned applications. because they can cause more damage, if exploited, than the previously mentioned applications. because they can cause more damage, ifexploited, exploited, than the previously mentioned applications. because they can cause more damage, ifdamage, exploited, than the previously mentioned applications. because they can cause more if exploited, than theitpreviously mentioned because they can cause more damage, if the previously mentioned applications. instant messaging (IM) application, similar tothan WhatsApp, but supports various other applications. functions such KakaoTalk is an instant messaging (IM) application, similar to WhatsApp, but it supports various because they can cause more damage, if exploited, than the previously mentioned applications. KakaoTalk is an instant messaging (IM) application, similar to WhatsApp, but it supports various because they can cause more damage, if exploited, than the previously mentioned applications. because they can cause more damage, if exploited, than the previously mentioned applications. because they can cause more damage, if exploited, than the previously mentioned applications. KakaoTalk is an instant messaging (IM) application, similar to WhatsApp, but it supports various KakaoTalk is an instant messaging (IM) application, similar to WhatsApp, but it supports various KakaoTalk is an instant messaging (IM) application, similar to WhatsApp, but it supports various KakaoTalk is an instant messaging (IM) application, similar to WhatsApp, but it supports various KakaoTalkasisemoticons, an instant gift messaging (IM) application, similar to WhatsApp, it supports various cards, account transfer, and shopping. Syrup is abut customized application in Korea other functions such as emoticons, gift cards, account transfer, and shopping. Syrup is a customized KakaoTalk is an instant messaging (IM) application, similar to WhatsApp, but it supports various KakaoTalk is an instant messaging (IM) application, similar to WhatsApp, but it supports various other functions such as emoticons, gift cards, account transfer, and shopping. Syrup is a customized KakaoTalk is an instant messaging (IM) application, similar to WhatsApp, but it supports various KakaoTalk is an instant messaging (IM) application, similar to WhatsApp, but it supports various other functions such as emoticons, gift cards, account transfer, and shopping. Syrup is a customized other functions such as emoticons, gift cards, account transfer, and shopping. Syrup is a customized other functions asyou emoticons, gift cards, account transfer, and shopping. Syrup is a customized other functions such as and emoticons, gift cards, account transfer, and shopping. Syrup is top a customized other functions such as emoticons, gift cards, account transfer, and shopping. Syrup is a customized thatsuch helps to use manage your memberships. Finally, Amazon, which is the application application in Korea that helps you touse use and manage your memberships. Finally, Amazon, which other functions such as emoticons, gift cards, account transfer, and shopping. Syrup is aacustomized customized application in Korea that helps you to use and manage your memberships. Finally, Amazon, which other functions such as emoticons, gift cards, account transfer, and shopping. Syrup is ais other functions such as emoticons, gift cards, account transfer, and shopping. Syrup awhich customized other functions such as emoticons, gift cards, account transfer, and shopping. Syrup iswhich customized application in Korea that helps you use and manage your memberships. Finally, Amazon, application in Korea that helps you to use and manage your memberships. Finally, Amazon, which application in Korea that helps you to use and manage your memberships. Finally, Amazon, which application Korea that helps you to and manage your memberships. Finally, Amazon, inin the shopping category, is to targeted for representing applications in categories that could lead to isthe the top application in the shopping category, is targeted for representing applications in categories application in Korea that helps you to use and manage your memberships. Finally, Amazon, which application in Korea that helps you to use and manage your memberships. Finally, Amazon, which is the top application in the shopping category, is targeted for representing applications in categories application in Korea that helps you to use and manage your memberships. Finally, Amazon, which application in Korea that helps you to use and manage your memberships. Finally, Amazon, which is the top application in the shopping category, is targeted for representing applications in categories is the top application in the shopping category, is targeted for representing applications in categories is is the top application in the shopping category, is targeted for representing applications in categories the top application inabused. the shopping is targeted for representing applications in categories topisapplication in the shopping category,category, is targeted for representing applications in categories secondary damage if that could lead to secondary damage abused. is top application in the category, for representing applications categories that could lead to secondary damage ifififabused. abused. is the top application in the shopping category, isis targeted for representing applications inin categories isthe the top application in the shopping category, istargeted targeted for representing applications in categories is the top application in the shopping category, is targeted for representing applications in categories that could lead to secondary damage abused. that could lead to secondary damage if abused. that could lead to secondary damage ifshopping abused. that could lead to secondary damage if abused. that could lead to secondary damage if that could lead secondary damage abused. that could lead toto secondary damage ifififabused. that could lead to secondary damage if abused. that could lead to secondary damage abused. Table 4. Play Store Ranks [30]. Name Name

Table 4.Play Play Store Ranks [30]. Table 4. Play Store Ranks [30]. Table 4. Play Store Ranks [30]. Table 4. Play Ranks [30]. [30]. Table 4. 4. Play Store Ranks [30]. Table 4.Store Play Store Ranks Table Store Ranks [30]. Table Play Store Ranks [30]. Table 4.4. Play Store Ranks [30]. Table 4.Number Play Store Ranks [30]. Table 4. Play Store Ranks [30]. of Countries

Category Number ofCountries Countries Category Name Number of Countries Category Name Number of Countries Category NameName Number of Countries Category Name Number ofNumber Countries Category of Countries Category Name Number of Category 88 Communication Messenger Name Number of Countries Category Name Number Countries Category Messenger 8888 of Communication Name Number of Countries Category Messenger 88 Communication Name Number of Countries Category Messenger 88 Communication Messenger Communication Messenger 88 Communication Messenger 88 Communication Messenger 88 Communication 69 Communication WhatsApp WhatsApp 69 Communication Messenger 88 Communication WhatsApp 69 69 8869 Communication Messenger Communication Messenger 88 Communication Messenger 88 Communication WhatsApp Communication WhatsApp 6969 Communication WhatsApp Communication WhatsApp Communication 56 Social Facebook 56 Social WhatsApp 69 Communication WhatsApp 69 Communication Facebook 56 Social Facebook WhatsApp 69 Communication WhatsApp 69 Communication Facebook 56 Social Facebook 56 Social Facebook 56 Social 56 Social FacebookFacebook 56 Social 47 Social Instagram 47 Social Facebook 56 Social Instagram 47 Social Facebook 56 Social Facebook 56 Social Instagram Facebook 56 Social Instagram 47 Social Instagram SocialSocial Instagram 4747 47 Social Instagram 47 Instagram Social Fidget Spinner 4040 40 Arcade (game) Arcade (game) Instagram Social Instagram 4747 Social Fidget Spinner 40 Arcade (game) Instagram 47 Social Instagram 47 Social Fidget Spinner 40 Arcade (game) Fidget Spinner Fidget Spinner Arcade (game) Fidget Spinner 4040 Arcade (game) Fidget Spinner 40 Arcade (game) Fidget Spinner Arcade (game) Viber 17 Communication Fidget Spinner 40 Arcade (game) Viber 17 Communication Fidget Spinner 40 Arcade (game) 17 Communication Fidget Spinner 40 Arcade (game) Fidget Spinner 40 Arcade (game) Viber 17 Communication Viber 17 Communication Viber 17 Communication Viber 17 Communication Viber Viber 17 Communication Wish 16 Shopping Viber 17 Communication Wish 16 Shopping Viber 17 Communication Viber 17 Communication Shopping 17 Communication Wish Viber Shopping Wish 1616 16 1616 Shopping Wish Wish Shopping Wish Shopping Pokémon: Magikarp Jump 14 Simulation (game) Wish 16 Shopping Wish 16 Shopping Pokémon: Magikarp Jump 14 Simulation (game) Wish 16 Shopping Wish 16 Shopping Pokémon: Magikarp Jump 14 Simulation (game) Pokémon: Magikarp Jump 14 Simulation (game)(game) 14 Simulation (game) Pokémon: Magikarp Jump 14 Simulation (game) Pokémon: Magikarp Jump Pokémon: Magikarp Jump 14 Simulation Pokémon: Magikarp Jump 14 Simulation (game) Snapchat 8 Social Pokémon: Magikarp Jump 14 Simulation (game) Snapchat 8 Social Pokémon: Magikarp Jump 14 Simulation (game) Pokémon: Magikarp Jump 14 Simulation Pokémon: Magikarp Jump 14 Simulation (game) Snapchat 8 Social Snapchat 8 Social 8 8 Social(game) Snapchat 88 Social Snapchat Social Social Snapchat Snapchat Snapchat 8 Social Snapchat 8 88 Social Snapchat Social Snapchat Social

Table 5.Applications Applications targeted for SIA. Table 5. Applications targeted for SIA. Table 5. Applications targeted for SIA. Table 5. Applications targeted for SIA. Table 5. 5. Applications targeted forfor SIA. Table 5. 5. Applications targeted forfor SIA. Table targeted SIA. Table Applications targeted SIA. Table targeted for SIA. Table 5.5. Applications targeted for SIA. Table 5.Applications Applications targeted for SIA. Table 5. Applications targeted for SIA.

Name Install Range Category Influence Name Install Range Category Influence Name Install Range Category Influence NameNameInstall Install RangeRangeCategory Category Influence Name Range Install CategoryInfluence Influence Name Install Range Category Influence Name Install Range Category High Influence Name Install Range Category Influence WhatsApp 1 B–5 B Communication Name Install Range Category Influence Name Install Range Category Influence WhatsApp 1 B–5 B Communication High Name Install Range Category Influence WhatsApp 1 B–5 B Communication High WhatsApp 1BB–5 Communication High WhatsApp High WhatsApp1 B–5 Communication High WhatsApp 1 B–5 B 1B B–5 BCommunication Communication High 1 B–5 Communication High Facebook B–5 Social High WhatsApp Communication High WhatsApp B–5 BBB Communication Facebook B–5 BBB1 111B Social High WhatsApp 1B–5 B–5 Communication High WhatsApp1 B–5 WhatsApp B–5 BBB Social Communication High Facebook B–5 Social High Facebook 1BB–5 Social HighHigh Facebook Facebook B–5 Social High High Facebook 1111B–5 B Social High 1 B–5 BM Social High High KakaoTalk 100 M–500 M Communication High Facebook 1M B–5 Social High KakaoTalk 100 M–500 Communication High Facebook 1M BBBB Social Facebook 1M–500 B–5 Social High Facebook 1B–5 B–5 Social High Facebook KakaoTalk 100 M–500 M Communication High KakaoTalk 100 M–500 M Communication HighHigh KakaoTalk 100 M–500 M Communication KakaoTalk 100 Communication High KakaoTalk 100 M–500 Communication High Amazon 100 M–500 M Shopping Middle KakaoTalk 100 M–500 M Communication High 100 M–500 M Communication High KakaoTalk 100 M–500 M Communication High Amazon 100 M–500 M Shopping Middle KakaoTalk 100 M–500 M Communication High KakaoTalk 100 M–500 MShopping Communication High Amazon 100 M–500 M Shopping Middle KakaoTalk Amazon 100 M–500 MMM–500 Amazon 100 M Shopping Middle Middle Amazon 100 M–500 Shopping Middle 100 M–500 M Shopping Middle Syrup 10 M–50 M Life Style Middle Amazon Amazon 100 M–500 M Shopping Middle Syrup 10 M–50 M Life Style Middle Amazon 100 M–500 M Shopping Middle Amazon 100 M–500 M Shopping Middle Amazon 100 M–500 M Shopping Middle Syrup 10 M–50 M Life Style Middle Syrup 10 M–50 M Life Style Middle Syrup M–50 M Life Style Syrup1010 10 M–50 M Life Style Middle Middle Syrup M–50 M Life Style Middle 10 M–50 Life Style Middle Syrup M–50 Life Style Middle Syrup Syrup 1010 M–50 MM Life Style Middle Syrup 10 M–50 MM Life Style Middle Syrup 10 M–50 M Life Style Middle WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup were installed on Nexus 5X running WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup were installed on Nexus 5X running WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup were installed a Nexus 5X running WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup were installed a on Nexus running WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup wereon installed on5Xa5X Nexus 5X running WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup were installed on aaaNexus running Android versions 6.0 and 7.1, and were subjected to SIA that created a backup file. The backup file WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup were installed on a Nexus 5X running Android versions 6.0 and 7.1, and were subjected to SIA that created a backup file. The backup file WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup were installed on a Nexus 5X running WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup were installed on a Nexus 5X running WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup were installed on a Nexus 5X running Android versions 6.0 and 7.1, and were subjected to SIA that created a backup file. The backup file Android versions 6.0 and 7.1, and were subjected to SIA that created a backup file. The backup file Android versions 6.0 and 7.1, and were subjected to SIA that created a backup file. The backup file Android versions 6.0 and 7.1, and were subjected to SIA that created a backup file. The backup file Android versions 6.0 and 7.1, wereFacebook, subjected Amazon, to SIA thatand created backup file. The file WhatsApp, KakaoTalk, Syrupa were installed onbackup a Nexus 5X running was created using ADB backup. If ADB backup was not available, as in the case of Facebook and Android versions 6.0 and 7.1, and were subjected to SIA that created a backup file. The backup file Android versions 6.0 and 7.1, and were subjected to SIA that created a backup file. The backup file was created using ADB backup. If ADB backup was not available, as in the case of Facebook and Android versions 6.0 and 7.1, and were subjected to SIA that created a backup file. The backup file Android versions 6.0 and 7.1, and were subjected to SIA that created a backup file. The backup file was created using ADB backup. If ADB backup was not available, as in the case of Facebook and was created using ADB backup. If ADB backup was not available, as in the case of Facebook and was created using ADB backup. If backup. ADB backup was not available, as in the case Facebook was created using ADB If were ADB backup was notthat available, as inofthe case The of and Facebook and was created using ADB backup. If ADB backup was not available, as in the of Facebook and file Android versions 6.0 and 7.1, and subjected to SIA created acase backup file. backup was WhatsApp, Huawei backup was used. The Android emulator used Android version 4.4 of the Nox was created using ADB backup. If ADB backup was not available, as in the case of Facebook and WhatsApp, Huawei backup was used. The Android emulator used Android version 4.4 of the Nox was created using ADB backup. IfAndroid ADB backup was not available, asAndroid in the case ofof Facebook was created using ADB backup. IfAndroid ADB backup was not available, as in the case of Facebook and was created using ADB backup. If ADB backup was not available, as in the case Facebook and WhatsApp, Huawei backup was used. The Android emulator used Android version 4.4 the Nox WhatsApp, Huawei backup was used. The emulator used Android version 4.4 of the Nox WhatsApp, Huawei backup was used. The Android emulator used version 4.4 of theand Nox WhatsApp, Huawei backup was used. emulator used Android version 4.4 of the Nox created using ADB backup. If The ADB backup was not available, as in the case of Facebook and WhatsApp, App Player 3.8.1.2 [31]. Inaddition, addition, root privileges were used tochange change the IMEI, IMSI, and phone WhatsApp, Huawei backup was used. The Android emulator used Android version 4.4 of the Nox WhatsApp, Huawei backup was used. The Android emulator used Android version 4.4 of the Nox App Player 3.8.1.2 [31]. In addition, root privileges were used to change the IMEI, IMSI, and phone WhatsApp, Huawei backup was used. The Android emulator used Android version 4.4 of the Nox WhatsApp, Huawei backup was used. The Android emulator used Android version 4.4 of the Nox App Player 3.8.1.2 [31]. In addition, root privileges were used to change the IMEI, IMSI, and phone App Player 3.8.1.2 [31]. In addition, root privileges were used to change the IMEI, IMSI, and phone App Player 3.8.1.2 [31]. InIn addition, privileges were used to change the IMEI, IMSI, and phone App Player 3.8.1.2 [31]. Inroot addition, root privileges were used to change the IMEI, IMSI, and phone App Player 3.8.1.2 [31]. root privileges were used to the IMEI, IMSI, phone Huawei backup was used. The Android emulator used Android version 4.4 ofand the Nox App Player numbers. After changing these values, the root privileges were revoked, and the applications were App Player 3.8.1.2 [31]. In addition, root privileges were used to change the IMEI, IMSI, and phone numbers. After changing these values, the root revoked, and the applications were App Player 3.8.1.2 [31]. In addition, privileges were used to change the IMEI, IMSI, and phone App Player 3.8.1.2 [31]. In addition, root privileges were used to change the IMEI, IMSI, and phone App Player 3.8.1.2 [31]. In addition, root privileges were used to change the IMEI, IMSI, and phone numbers. After changing these values, the root privileges were revoked, and the applications were numbers. After changing these values, the root privileges revoked, and the applications were were numbers. After changing values, the root privileges were revoked, the applications were numbers. After changing these values, the root privileges were revoked, and the applications numbers. After changing these values, the root privileges were revoked, and the applications were 3.8.1.2 [31]. Inthese addition, root privileges were used to were change theand IMEI, IMSI, and phone numbers. After executed. numbers. After changing these values, the root privileges were revoked, and the applications were executed. numbers. After changing these values, the root privileges were revoked, and the applications were numbers. After changing these values, the root privileges were revoked, and the applications were numbers. After changing these values, the root privileges were revoked, and the applications were executed. executed. executed. executed. executed. changing these values, the root privileges were revoked, and the applications were executed. All five applications were attacked successfully. Table summarizes the possible information executed. executed. All five applications were attacked successfully. Table summarizes the possible information executed. executed. All five applications were attacked successfully. Table summarizes the possible information All five applications were attacked successfully. Table 6 Table summarizes the possible information All five applications were attacked successfully. Table 6 summarizes the possible information All five were attacked successfully. Table 6 6summarizes the possible information All five applications were attacked successfully. Table 6666summarizes the possible information All fiveapplications applications were attacked successfully. summarizes the possible information leaked by the SIA. WhatsApp, KakaoTalk, and Facebook could be used to impersonate others, which All five applications were attacked successfully. Table 6 summarizes the possible information leaked by the SIA. WhatsApp, KakaoTalk, and Facebook could be used to impersonate others, which All five applications were attacked successfully. Table 6 summarizes the possible information All five applications were attacked successfully. Table 6 summarizes the possible information All five applications wereKakaoTalk, attacked successfully. 6 summarizes the possible information leaked by the SIA. KakaoTalk, and Facebook could be used to impersonate others, which leaked byby the SIA. WhatsApp, KakaoTalk, and Facebook beTable used to impersonate others, which leaked by the SIA. andcould Facebook could beimpersonate used to impersonate others, which leaked the SIA. WhatsApp, KakaoTalk, and Facebook could be used to others, which leaked byWhatsApp, the WhatsApp, SIA. WhatsApp, KakaoTalk, and Facebook could be used to impersonate could lead to secondary damage due to the abuse of social-engineering hacking. In addition, leaked by the SIA. WhatsApp, KakaoTalk, and Facebook could be used to impersonate others, which leaked by the SIA. WhatsApp, KakaoTalk, and Facebook could be used to impersonate others, which could lead to secondary damage due to the abuse of social-engineering hacking. In addition, leaked by the SIA. WhatsApp, KakaoTalk, and Facebook could be used to impersonate others, which leaked by the SIA. WhatsApp, KakaoTalk, and Facebook could be used to impersonate others, which could lead to secondary damage due to the abuse of social-engineering hacking. In addition, could lead to secondary damage due to the abuse of social-engineering hacking. In addition, could lead to secondary damage due to the abuse of social-engineering hacking. In addition, could lead to secondary damage due to the abuse of social-engineering hacking. In addition, could leadothers, to secondary damage to the abuse of social-engineering In addition, hacking. which could leaddue to secondary damage due to the abusehacking. of social-engineering KakaoTalk and Facebook were linked with other applications or websites; therefore, SIA was more could lead to secondary damage due to the abuse of social-engineering hacking. In addition, KakaoTalk and Facebook were linked with other applications or websites; therefore, SIA was more could lead to secondary damage due to the abuse of social-engineering hacking. In addition, could lead to secondary damage due to the abuse of social-engineering hacking. In addition, could lead to secondary damage due to the abuse of social-engineering hacking. In addition, KakaoTalk and Facebook were linked with other applications or websites; therefore, SIA was more KakaoTalk and Facebook were linked with other applications or websites; therefore, SIA was more KakaoTalk and Facebook were linked with other applications oror websites; SIA was more KakaoTalk andKakaoTalk Facebook were linked with other applications ortherefore, websites; therefore, SIA was more KakaoTalk and Facebook were linked with other applications websites; therefore, SIA was more In addition, and Facebook were linked with other applications or websites; therefore, dangerous, asadditional additional information could be collected from linked websites orapplications. applications. Unlike KakaoTalk and Facebook were linked with other applications or websites; therefore, SIA was more KakaoTalk and Facebook were linked with other applications or websites; therefore, SIA was more dangerous, as additional information could be collected from linked websites or applications. Unlike KakaoTalk and Facebook were linked with other applications or websites; therefore, SIA was moreor KakaoTalk and Facebook were linked with other applications or websites; therefore, SIA was more dangerous, as additional information could be collected from linked websites or applications. Unlike dangerous, as additional information could bebe collected from linked websites or applications. Unlike dangerous, as additional information could be collected from linked websites or applications. Unlike dangerous, as information could collected from linked websites or Unlike SIA was more dangerous, as additional information could be collected from linked websites other applications, KakaoTalk allowed an attacker to use unused gift cards because the attacker had dangerous, as additional information could be collected from linked websites or applications. Unlike other applications, KakaoTalk allowed an attacker to use unused gift cards because the attacker had dangerous, as additional information could be collected from linked websites or applications. Unlike dangerous, as additional information could be collected from linked websites or applications. Unlike dangerous, as additional information could be collected from linked websites or applications. Unlike other applications, KakaoTalk allowed an attacker to use unused gift cards because the attacker had other applications, KakaoTalk allowed an attacker to use unused gift cards because the attacker had other applications, KakaoTalk allowed an attacker to use unused gift cards because the attacker had other applications, KakaoTalk allowed an to attacker to use unused gift cards the because the had attacker other applications, KakaoTalk allowed an attacker use unused gift cards because applications. Unlike other applications, KakaoTalk allowed an attacker to attacker use unused gift had cards the purchase details and numbers and could collect information such as the user’s address and other applications, KakaoTalk allowed an attacker use unused gift cards because the attacker had the purchase details and numbers and could collect information such as the user’s address and other applications, KakaoTalk allowed an attacker toto use unused cards because the attacker other applications, KakaoTalk allowed an attacker to use unused gift cards because the attacker had other applications, KakaoTalk allowed an attacker to use unused gift cards because the attacker had the purchase details and numbers and could collect information such as the user’s address and the purchase details and numbers and could collect information such as the user’s address and the purchase details and numbers could collect information such asgift the user’s address and the purchase details and numbers and could collect information such as the user’s address and the purchase details and numbers and could collect information such as the user’s address and because the attacker hadand the purchase details and numbers and could collect information suchhad as the private information by checking the user’s payment history. Because Amazon could store the the purchase details and numbers and could collect information such as the user’s address and the purchase details and numbers and could collect information such as the user’s address and private information by checking the user’s payment history. Because Amazon could store the the purchase details and numbers and could collect information such as the user’s address and the purchase details and numbers and could collect information such as the user’s address and private information by checking the user’s payment history. Because Amazon could store the private information by checking the user’s payment history. Because Amazon could store the private information by checking the user’s payment history. Because Amazon could store the private information by checking the user’s payment history. Because Amazon could store the private information by checking the user’s payment history. Because Amazon could store the user’s address and private information by checking the user’s payment history. Because Amazon could debit/credit card number used for payment, some card information could be leaked, and the attacker private information by checking the user’s payment history. Because Amazon could store the debit/credit card number used for payment, some card information could be leaked, and the attacker private information by checking user’s payment Because Amazon could store the private information by checking the user’s payment history. Because Amazon could store the private information by checking the user’s payment history. Because Amazon could store the debit/credit card number used for payment, some card information could be leaked, and the attacker debit/credit card number used for payment, some card information could be leaked, and the attacker debit/credit card number used for payment, some card information could be leaked, and the attacker debit/credit card number used forthe payment, some card history. information could be leaked, and the attacker debit/credit card number used for payment, some card information could be leaked, and the attacker store the debit/credit card number used for payment, some card information could be leaked, and the could change the shipping location or collect the user’s address through the order history, similar to debit/credit card number used for payment, some card information could be leaked, and the attacker debit/credit card number used for payment, some card information could be leaked, and the attacker could change the shipping location or collect the user’s address through the order history, similar to debit/credit card number used for payment, some card information could be leaked, and the attacker debit/credit card number used payment, some card information could be leaked, and attacker could change the shipping location orfor collect the user’s address through the order history, similar to history, could change the shipping or collect the user’s address through the order history, similar could change thelocation shipping location or collect the address through the order history, to could change the shipping location or collect the user’s address through the order history, similar tosimilar attacker could change the shipping location oruser’s collect the user’s address through thetothe order KakaoTalk. Finally, when Syrup used membership card, the store name was displayed; thus, the could change the shipping location or collect the user’s address through the order history, similar to KakaoTalk. Finally, when Syrup used membership card, the store name was displayed; thus, the could change the shipping location or collect the user’s address through the order history, similar to could change the shipping location or the user’s address through the order history, similar to could change the shipping location or collect the user’s address through the order history, similar to KakaoTalk. Finally, when Syrup used membership card, the store name was displayed; thus, the KakaoTalk. Finally, when Syrup used aused membership card, the store name was displayed; thus, the KakaoTalk. Finally, when Syrup used a membership card, the store name was displayed; thus, the KakaoTalk. Finally, when Syrup acollect membership card, the store name was displayed; thus, the KakaoTalk. Finally, when Syrup used aaaamembership card, store name was displayed; thus, the similar to KakaoTalk. Finally, when Syrup used athe membership card, the store name was displayed; radius of the user’s movement could be ascertained and the user’s location can be viewed any time. KakaoTalk. Finally, when Syrup used a membership card, the store name was displayed; thus, the KakaoTalk. Finally, when Syrup used a membership card, the store name was displayed; thus, the radius of the user’s movement could be ascertained and the user’s location can be viewed any time. KakaoTalk. Finally, when Syrup used a membership card, the store name was displayed; thus, the KakaoTalk. Finally, when Syrup used a membership card, the store name was displayed; thus, the radius of the user’s movement could be ascertained and the user’s location can be viewed any time. radius of the user’s movement could be ascertained and the user’s location can be viewed any time. radius ofof the user’s movement could bebe ascertained and the user’s can bebe viewed any time. radius of the user’sofmovement could be ascertained and location the user’s location canlocation be viewed time. radius the user’s movement could ascertained and the user’s location can viewed any time. thus, the radius the user’s movement could be ascertained and the user’s canany be viewed Inaddition, addition, because membership card numbers were disclosed, membership points were easy touse, use, radius of the user’s movement could be ascertained and the user’s location can be viewed any In addition, because membership card numbers were disclosed, membership points were easy to use, radius of the user’s movement could bewere ascertained and the user’s location can be viewed any time. radius of the user’s movement could be ascertained and the user’s location can be viewed any time. radius of the user’s movement could be ascertained and the user’s location can be viewed any time. In addition, because membership card numbers were disclosed, membership points were easy to use, InIn addition, because membership card numbers disclosed, membership points were easy to use, In addition, because membership card numbers were disclosed, membership points were easy totime. use, because membership card numbers were disclosed, membership points were easy to any time. In addition, because membership card numbers were disclosed, membership points were which could cause problems. In addition, because membership card numbers were disclosed, membership points were easy to use, which could cause problems. In addition, because membership card numbers were disclosed, membership points were easy to use, In addition, because membership card numbers were disclosed, membership points were easy to use, In addition, because membership card numbers were disclosed, membership points were easy to use, which could cause problems. which could cause problems. which could cause problems. which could cause which could cause problems. easy to use, whichproblems. could cause problems. which could cause problems. which could cause problems. which could cause problems. which could cause problems.

Sustainability2018, 2018,8,8,x xFOR FORPEER PEERREVIEW REVIEW Sustainability Sustainability 2018, 8, x FOR PEER REVIEW

Sustainability 2018, 10, 1290

Table6.6.Results Resultsofofthe theSIAs. SIAs. Sustainability 2018, 8, x FOR PEER REVIEW Table

8 8ofof2020 8 of 20 8 of 20

8 of 18

Table 6. Results of the SIAs. Sustainability 2018, 8, xChat FOR 8 of 20 ChatPEER REVIEW Account Account Payment Account Account Payment Application Others Version 6. Results of the SIAs. Application Others Version Chat Account TableAccount Payment History Information Information Links Information Links Information Application History Others Version Table of the SIAs. History Information Links 6. Results Information Receivingand and 6. Results of the SIAs. Receiving Chat AccountTable Account Payment 2.17.146 ㅇㅇ ㅇㅇ WhatsApp 2.17.146 Application Othersand Version WhatsApp Receiving sendingfiles files ㅇ ㅇ History Information Links Information sending 2.17.146 WhatsApp sending files Chat Account Account Payment Chat Account Account Payment Mobile voucher Mobile voucher Application Others Version Receiving and Others Version Application History Information LinksLinksInformation Mobile voucher ㅇ ㅇ 2.17.146 History Information Information WhatsApp inquiryfiles inquiry sending 6.2.0 ㅇㅇ ㅇㅇ ㅇㅇ ㅇㅇ KakaoTalk 6.2.0 KakaoTalk inquiry and Receiving Receiving and and sending 2.17.146 Receiving and ㅇ ㅇ ㅇ ㅇ 6.2.0 files ㅇㅇ ㅇ ㅇ MobileReceiving voucher KakaoTalk 2.17.146 WhatsApp WhatsApp Receiving and sending files sending files voucher inquiry sending files Mobile inquiry ㅇ Mobile 6.2.0 sending files ㅇㅇ ㅇ ㅇ ㅇ ㅇ ㅇ 6.2.0 voucher KakaoTalk KakaoTalk Receiving Security code Security code Receiving and and sending files 120.0.0.18.72 ㅇㅇ ㅇㅇ ㅇㅇ Facebook Facebook Security code 120.0.0.18.72 inquiry generation ㅇ ㅇ ㅇ Security code generation 120.0.0.18.72 generation ㅇ ㅇ ㅇ 120.0.0.18.72 ㅇ ㅇ ㅇ ㅇ sending files Facebook 6.2.0 KakaoTalk generation Receiving and 5.1.0 ㅇ Security code 5.1.0 ㅇㅇ ㅇ ㅇㅇ Amazon 5.1.0 Amazon ㅇ ㅇ ㅇ ㅇ ㅇ 120.0.0.18.72 sending files 5.1.0 Facebook Amazon ㅇUser’s User’s location 5.4.1 generation User’s location 5.4.1 ㅇㅇ Syrup location 5.4.1 Syrup Security code ㅇ User’s location 5.4.1 Syrup ㅇ ㅇinformation. 120.0.0.18.72 ㅇ ㅇ: ㅇ 5.1.0 Facebook Amazon ㅇ:Acquire Acquire information. ㅇ: Acquire information. generation ㅇ: Acquire information. ㅇ User’s location 5.4.1 Syrup ㅇ ㅇ 5.1.0 Amazon NewDefense Defense againstSIA SIA ㅇ: Acquire information. 4.4.New against ㅇ User’s location 5.4.1 Syrup 4. New Defense against SIA

4. New Defense against SIA

ㅇ: Acquire information. Thissection sectiondescribes describesthe theUser UserAuthentication Authentication usingPeripheral PeripheralDevices Devices(UAPD) (UAPD)scheme, scheme,asasaa This using 4. New SIA ThisDefense section against describes the User Authentication using Peripheral Devices (UAPD) scheme, as a defense against SIA.UAPD UAPDisisaamethod method thatauthenticates authenticates theuser’s user’s smartphone byusing usingDevices theuser’s user’s (UAPD) scheme, defense against SIA. that the smartphone by the This section describes the User Authentication using Peripheral defense against SIA. UAPD is a method that authenticates the user’s smartphone by using the user’s 4. New Defense against SIA This section describes the smart User Authentication using PeripheralWiFi Devices (UAPD) scheme, as a devices such as smart watches, smart bands, Bluetooth earphones, WiFi routers, etc., which are devices such as smart watches, bands, Bluetooth earphones, routers, etc., which are as adevices defense UAPD is bands, a method that earphones, authenticates the user’s by using the suchagainst as smartSIA. watches, smart Bluetooth WiFi routers, etc., smartphone which are defense against SIA. UAPD is a method that authenticates the user’s smartphone by using the user’s usually used by the original user. We added some routines to the Zygote process. We first describe usually used by the original user. We added some routines to the Zygote process. We first describe This section describes the User Authentication using Peripheral Devices (UAPD) scheme, as a etc., which are usually used by the original user. We added some routines to the Zygote process. We first describe user’s devices such as smart watches, smart bands, Bluetooth earphones, WiFi routers, devices such as smart watches, smart bands, Bluetooth earphones, WiFi routers, etc., which are the background for understanding UAPD, andauthenticates then wedescribe describe theoverall overall process UAPD. the background for understanding UAPD, and then we the process ofofusing UAPD. defense against SIA. UAPD is a method that the user’s smartphone by the user’s the background understanding UAPD, and thensome we describe the overall process ofprocess. UAPD. usually used byasfor the original user. added routines toWiFi theprocess. Zygote We first describe the usually the original user. WeWe added some routines to the Zygote first describe devices used such by smart watches, smart bands, Bluetooth earphones, routers,We etc., which are 4.1. Background the background for understanding UAPD, and then we describe the overall process of UAPD. 4.1. Background background for UAPD, we to describe theprocess. overall of UAPD. usually used byunderstanding the original user. We addedand somethen routines the Zygote Weprocess first describe 4.1. Background theThe background for understanding UAPD, and then we describe the overall process of UAPD. TheZygote Zygoteprocess process hasbeen beenused used fromthe theinitial initial version Android thepresent present [32].When When has from version ofofAndroid totothe [32]. 4.1. Background The Zygote process has been used from the initial version of Android to the present [32]. When 4.1. anBackground applicationisisrun runon onan anAndroid Androidsystem, system,Zygote Zygoteisiscalled. called.ItItisisaaneutral neutralprocess processthat thatisisforked forked an application an application is process run on an Android system, Zygote is version called. It a neutral that[32]. is forked 4.1. Background The Zygote hasapplications been used from the initial of is Android to process the present When ahead oftime time ordertotorun run applications quickly onAndroid Android systems. ahead of ininorder quickly on systems. ahead ofZygote time in order to run applications quickly on Android systems. process has been used from the initial version of Android to from the present [32]. When an anThe application is run on an Android system, Zygote is called. It is a neutral process that is forked InThe Android, if you click on an application to run it, startActivity function will be called from the In Android, if you click on an application to run it, startActivity function will be called the Zygote ifprocess hason been used from the initial version of Android to will the present [32]. When In Android, you click an application to run it, startActivity function be called from the ahead ofand time inisActivity order toManager run applications quickly Android systems. application is the run on on an Android system, Zygote isinincalled. ItThis is awill neutral process that is forked ahead Launcher, and the Activity Manager will becalled, called, shown Figure This will initialize theis Dalvik Launcher, will be asason shown Figure initialize the Dalvik an application run an Android system, Zygote is called. It is4.a4. neutral process that forked Launcher, and the Manager will be called, as shown in Figure 4. This will initialize the Dalvik In Android, ifActivity youstartVizZygote click on an application toload run it, startActivity function will becreate called the VM from Zygote using startVizZygote function, load the resources advance, and createafrom achild child from Zygote using function, the resources inin advance, and ofVM time in order to run applications quickly on Android systems. ahead of time in order to run applications quickly on Android systems. VM from Zygote using startVizZygote function, load the resources in advance, and create a child Launcher, and the Activity Manager will be called, as shown in Figure 4. This will initialize the Dalvik process using fork function. In order to run an application, the child application executes the process using fork function. In order to run an application, the child application executes the In Android, ififyou click on application it, startActivity function will be called fromthe the be called from In from Android, you click on anto application to resources runthe it, child startActivity function will process using fork function. Inan order run toanrun application, application executes VM Zygote startVizZygote function, load the in advance, and flow create aDalvik child application process bypassing passing thechild child process from theZygote theexecution execution flow the application process by the process the the ofof the Launcher, and the using Activity Manager will be called,from as shown inZygote Figuretoto 4. This will initialize the application process by passing the child process from the Zygote to the execution flow of the the Launcher, and the Activity Manager will be called, as shown in Figure 4. This process fork function. In order to executed, run anload application, the child executes thewill initialize the application class. When all applications are executed, the Zygote process performed. Therefore, application class. When all applications are the Zygote process isisapplication performed. Therefore, VM fromusing Zygote using startVizZygote function, the resources in advance, and create a child application class. When all applications areprocess executed, the Zygote process is performed. Therefore, application process by passing the child from the Zygote to the execution flow of the Dalvik VM from Zygote using startVizZygote function, load the resources in advance, and create when the Zygote process is modified, the running application will follow the operation of the when the Zygote process is modified, the running application will follow the operation of the process forkprocess function. In order the to run an application, application executes the when theusing Zygote is modified, running applicationthe willchild follow the operation of the application class. When all applications are executed, the Zygote process is performed. Therefore, modified Zygote process. UAPD defends against SIAs by modifying the Zygote and the application modified Zygote process. UAPD defends against SIAs by modifying the Zygote and the application a child process using function. In order to an application, executes application process by fork passing the child process from the Zygote toZygote the execution flow ofapplication the modified Zygote process. UAPD defends against SIAs by run modifying the andthe the child application when the of Zygote process isapplications modified, the running application follow the operation of the end routine ofclass. theAndroid Android runtime areashown shown Figure end routine the runtime area ininFigure 5.5. Zygote will application When all are executed, the process is performed. Therefore, the application process by passing the child process from the Zygote to the execution flow of the end routine of the Android runtime area shown in Figure 5. modified process. UAPD against SIAsapplication by modifying the Zygote and the application There are multiple ways terminate Android applications, e.g., finishAffinity function, There are multiple ways totodefends terminate Android applications, e.g., finishAffinity function, when theZygote Zygote process is modified, the running will follow the operation of the There are multiple ways to terminate Android applications, e.g., finishAffinity function, application class. When all applications are executed, the Zygote process is performed. Therefore, end routine of theprocess. Android runtime area shown in Figure 5. finishAndRemoveTask function, and killProcess function. Forall allapplication application termination methods finishAndRemoveTask function, and killProcess function. termination methods modified Zygote UAPD defends against SIAs byFor modifying the Zygote and the application finishAndRemoveTask function, and killProcess function. For all application termination methods There are multiple ways to terminate Android applications, e.g., finishAffinity function, when the Zygote process is modified, the running application will follow the operation excluding killProcess function, an application is terminated by the Destroy function function. For of the modified excluding killProcess function, an application is terminated by the Destroy function function. For end routine of the Android runtime area shownisin Figure 5. by the Destroy function function. excluding killProcess function, an application terminated For finishAndRemoveTask function, and killProcess function. For all application termination methods finishAffinity function, allparent parent activities canSIAs be closed inapplications, anyactivity, activity, and since there noneed need finishAffinity function, all activities can be closed in any and since there isisno toto Zygote process. UAPD defends against by modifying the Zygote and the application end routine There are multiple ways to terminate Android e.g., finishAffinity function, finishAffinity function, all parent activities can be closed in any activity, and since there is no need to excluding killProcess function, anand application is terminated byall the Destroy function function. For use finishfunction function root activity, thekillProcess currentactivity activity doesFor not have gototothe the rootactivity. activity. For finish ininaaroot activity, the current does not have totogo root For finishAndRemoveTask function, function. application termination methods ofuse the Android runtime area shown in Figure 5. use finish function in a root activity, the current activity does not have to go to the root activity. For finishAffinity function, all parent activities be in and since there is the no to finishAndRemoveTask function, the activitycan quit, andthe theany application isremoved removed from theneed Task finishAndRemoveTask function, the activity isisquit, and application is from Task excluding killProcess function, an is closed terminated byactivity, the Destroy function function. For finishAndRemoveTask function, theapplication activity is quit, and the application is removed from the Task There are multiple ways to terminate Android applications, e.g., finishAffinity function, use finish function in a all root activity, the current activity does not have to gosince to isthe root activity. For Manager. However, even though the application terminated, the process process is there not terminated. Manager. However, even though the application isis terminated, the not terminated. finishAffinity function, parent activities can be closed in any activity, and is no need to Manager. However, even thoughthe theactivity application isand terminated, the process is notfrom terminated. finishAndRemoveTask function, is quit, the application is removed the Task finishAndRemoveTask function, and killProcess function. For all application termination methods Therefore, it is possible to confirm that the application class’s onCreate function will not be executed Therefore, it is possible to confirm that the application class’s onCreate function will not be executed use finish it function in ato root activity, activity doesonCreate not havefunction to go to will the root activity. For Therefore, is possible confirm thatthe thecurrent application class’s not be executed Manager. However, even though the application terminated, the process isthen not terminated. theapplication application finishes termination by calling function and then runs again. ififthe finishes termination by calling finishAndRemoveTask function and runs again. excluding killProcess function, an application is by the Destroy function function. finishAndRemoveTask function, the activity isfinishAndRemoveTask quit, isand the terminated application is removed from the Task ifTherefore, the application finishes termination by calling finishAndRemoveTask function and then runs again. itkillProcess is possible to confirm that the application class’s onCreate function not be executed thecase caseofof killProcess function, the Destroy function should notbe becalled. called. Thiswill isaanot command for InInManager. the function, the Destroy function should not This isis command for However, even though the application iscan terminated, process terminated. For function, all parent activities be closed in any activity, and since InfinishAffinity the case of killProcess function, the Destroy function should not bethe called. This is a command for there is no need if the application finishes termination calling finishAndRemoveTask function and again. terminating one activity isthe running, completely terminated. However, ifseveral several terminating aitaprocess. IfIfto one activity isby running, ititisiscompletely terminated. However, ifruns Therefore, isprocess. possible confirm that application onCreate function will then not be terminating afunction process. Ifinfunction, one activity is running, itcurrent is class’s completely terminated. However, ifexecuted several toactivities use finish a root activity, the activity does not have to go for to the root activity. In the case of killProcess the Destroy function should not be called. This is a command activities are running, the process is terminated, and the previous activity is executed again. are running, the process is terminated, and the previous activity is executed again. if the application finishes by calling finishAndRemoveTask function and then runs again. activities are running, the termination process is terminated, and the previous activity is executed again. process. If function, one activity is running, it is completely However, if several Forterminating finishAndRemoveTask function, thefunction activity is quit, and theThis application is for removed from the In the case ofa killProcess the Destroy should not terminated. be called. is a command are arunning, the process isthough terminated, previousis activity is executed again. Taskactivities Manager. However, even theand application terminated, the process is not terminated. terminating process. If one activity is running, it the is completely terminated. However, if several

activitiesitare thetoprocess is terminated, and the previous activity is executed again. will not be executed if Therefore, isrunning, possible confirm that the application class’s onCreate function the application finishes termination by calling finishAndRemoveTask function and then runs again. In the case of killProcess function, the Destroy function should not be called. This is a command for terminating a process. If one activity is running, it is completely terminated. However, if several activities are running, the process is terminated, and the previous activity is executed again.

Sustainability 2018, 10, 1290 Sustainability 2018, 8, x FOR PEER REVIEW Sustainability 2018, 8, x FOR PEER REVIEW

9 of 18 9 of 20 9 of 20

Figure 4. 4. Android Android boot boot sequence sequence [33]. [33]. Figure Figure 4. Android boot sequence [33].

Figure 5. Android architecture. Figure Figure 5. 5. Android Android architecture. architecture.

4.2. User Authentication Using Peripheral Devices Architecture 4.2. User Architecture 4.2. User Authentication Authentication Using Using Peripheral Peripheral Devices Devices Architecture UAPD is an automated process to protect against the SIA presented in the previous section. It UAPD is an process totoprotect the in in thethe previous section. It UAPD an automated automated process protectagainst against theSIA SIApresented presented previous section. identifies theisuser’s device before the application is launched. identifies the user’s device before the application is launched. It identifies user’sthe device before the application is launched. Figure the 6 shows overall process of UAPD, which is a detailed description of Figure 1. UAPD Figure 6 shows the overall process of UAPD, which is a detailed description of Figure 1. UAPD is a solution that reinforces the verification part of application execution. To verify a user’s identity, is a solution that reinforces the verification part of application execution. To verify a user’s identity, each application is validated before its execution. This process relies on the Zygote, and the each application is validated before its execution. This process relies on the Zygote, and the

Sustainability 2018, 10, 1290

10 of 18

Figure 6 shows the overall process of UAPD, which is a detailed description of Figure 1. Sustainability 2018, 8, x FOR PEER REVIEW 10 of 20 UAPD is a solution that reinforces the verification part of application execution. To verify a user’s Sustainability 2018, 8, x FOR PEER REVIEW 10 of 20 identity, each application is validated before its execution. This process relies on the Zygote, and the authentication routine is applied to all applications except system applications. For validation, the authentication routine is is applied to applications except system applications. For validation, authentication to all applications except system applications. validation, UAPD collects theroutine necessaryapplied information once through the UAPD Initial SettingFor step in Figurethe 6. UAPDcollects collectsthe the necessary necessary information once through the UAPD InitialInitial Setting step instep Figure the UAPD information once through the UAPD Setting in 6. Figure 6.

Figure 6. UAPD process.

Figure 6. UAPD process. Figure 6. UAPD process. Figure 7 shows the UAPD Initial Setting process required to prepare the authentication process. In this phase, the smartphone collects the user peripheral information. Whenthe a user runs the backup Figure to prepare prepare authentication process. Figure7 7shows showsthe theUAPD UAPDInitial InitialSetting Setting process process required required to the authentication process. process on a new smartphone, the new smartphone requests the information forasmartphone InInthis phase, the smartphone collects the user peripheral information. When user runs the this phase, the smartphone collects the user peripheral information. When a user runs the backup authentication from the devices that were used by the user. The new smartphone for proceeds to backup process on a new smartphone, the new smartphone requests the information smartphone process on a new smartphone, the newinformation. smartphone requests the information for smartphone authenticate the user using the received If there is no device for authentication around authentication from the devices that were used by the user. The new smartphone proceeds to authentication deviceswill that the user, thefrom user’sthe application notwere run. used by the user. The new smartphone proceeds to

authenticate authentication around around authenticatethe theuser userusing usingthe thereceived receivedinformation. information. If If there there is is no no device device for for authentication the user, the user’s application will not run. the user, the user’s application will not run.

Figure 7. UAPD Initial Setting process.

Figure 8 shows the existing backup recovery method and backup recovery method using UAPD. The backup process involves creating the backup file, backup file movement, and application Figure7.7.UAPD UAPD Initial Initial Setting Setting process. process. Figure execution. Sometimes, some applications check the IMEI and IMSI values and initialize the data if the values differ from the values of the smartphone used by the user. However, as mentioned in the

Figure 8 shows the existing backup recovery method and backup recovery method using UAPD. The backup process involves creating the backup file, backup file movement, and application execution. Sometimes, some applications check the IMEI and IMSI values and initialize the data if the values differ from the values of the smartphone used by the user. However, as mentioned in the

Sustainability 2018, 10, 1290

11 of 18

Figure 8 shows the existing backup recovery method and backup recovery method using UAPD. The backup process involves creating the backup file, backup file movement, and application execution. Sometimes,2018, some check the IMEI and IMSI values and initialize the data if the values Sustainability 8, x applications FOR PEER REVIEW 11 of 20 differ from the values of the smartphone used by the user. However, as mentioned in the previous previous section, thecan attacker canthe change the information on the smartphone, such and as IMEI and IMSI, section, the attacker change information on the smartphone, such as IMEI IMSI, and the and the original backup process cannot be protected SIA.UAPD, In the UAPD, as the Initial UAPDSetting Initial original backup process cannot be protected against against SIA. In the as the UAPD Setting andOther Check Other States Devices States elements been added to the original backup and Check Devices elements have beenhave added to the original backup process, the process, attacker the attacker willtonot be ableSIA to because performthere SIA because there will be devices no peripheral devices forDevices Check will not be able perform will be no peripheral for Check Other Other States authentication, near the attacker. States Devices authentication, near the attacker.

Figure 8. Original backup vs UAPD backup. Figure 8. Original backup vs UAPD backup.

5. Evaluation 5. Evaluation 5.1. 5.1. UAPD UAPD Overhead Overhead There two ways ways to applications against against SIA: SIAD and and the There are are two to defend defend Android Android applications SIA: SIAD the UAPD UAPD proposed proposed in this paper. However, since SIAD goes through the encryption/decryption process, the execution in this paper. However, since SIAD goes through the encryption/decryption process, the execution time database size of of thethe application. Thus, in time overhead overhead is is large. large.SIAD’s SIAD’sperformance performancedepends dependsononthe the database size application. Thus, order to compare the performances of SIAD and UAPD, we used a test application provided by in order to compare the performances of SIAD and UAPD, we used a test application provided by Android Studioon onaaNexus Nexus5X 5Xsmartphone smartphone whose hardware specification is Snapdragon 808 CPU Android Studio whose hardware specification is Snapdragon 808 CPU and and 2 GB RAM. 2 GB RAM. Experiments wereconducted conducted measure execution overhead, resource usage, and Experiments were to to measure the the execution time time overhead, resource usage, and current current consumption. Since theSIAD entireprocess SIAD process encrypted and decrypted the databases existing consumption. Since the entire encrypted and decrypted the databases existing in the in the application directory database folder, the execution time differed according to the size of the application directory database folder, the execution time differed according to the size of the database database of the Android application. Therefore, for aprecise more precise measurement, the execution of the Android application. Therefore, for a more measurement, the execution time time was was measured in the following manner, after increasing the size of the database by 1 MB. measured in the following manner, after increasing the size of the database by 1 MB. 1. Place the database file in the application directory. 1. Placethe theapplication database file in the application directory. 2. Run to generate key values. 2. Quit Run the the application application and to generate 3. encryptkey the values. database files in the application directory. 3. Quit the application and encrypt thedatabase databasefiles filesin inthe theapplication application directory. directory. 4. Run the application and decrypt the 4. Delete Run the application the database filesapplication in the application directory. 5. the key valuesand anddecrypt application data of the for a new test. 5. The Delete the key values and application data of the application for a new test. the additional time blue line superimposed on the horizontal axis in Figure 9 indicates required when running the application with UAPD. It requires an average of 0.005 s. When the application database is small, UAPD is approximately 30 times faster than SIAD. While the time consumed by SIAD increases with the increase in the size of the application’s database, the UAPD consumes constant time. Eventually, it is shown that the UAPD is time-efficient over all time intervals, compared to SIAD.

Sustainability 2018, 10, 1290

12 of 18

The blue line superimposed on the horizontal axis in Figure 9 indicates the additional time required when running the application with UAPD. It requires an average of 0.005 s. When the Sustainability 2018, 8, x FOR PEER REVIEW 12 of 20 application database is small, UAPD is approximately 30 times faster than SIAD. While the time consumed by SIAD increases with the increase in the size of the application’s database, the UAPD UAPD SIAD consumes constant time. Eventually, it is shown that the UAPD is time-efficient over all time intervals, Sustainability 2018, 8, x FOR PEER REVIEW 12 of 20 compared to 8SIAD. Time (s) Time (s)

6

UAPD

SIAD

84 62

2

1 7 13 19 25 31 37 43 49 55 61 67 73 79 85 91 97 103 109 115 121 127 133 139 145 151 157 163 169 175 181 187 193

40

Database Size of Running Application (MB) 1 7 13 19 25 31 37 43 49 55 61 67 73 79 85 91 97 103 109 115 121 127 133 139 145 151 157 163 169 175 181 187 193

0 Figure 9. Time required for an application to run with UAPD.

1600 1400

1200 1600 1000 1400 800 1200 600 1000 400 800 200 600 0 400

1 8 15 22 29 36 43 50 57 64 71 78 85 92 99 106 113 120 127 134 141 148 155 162 169 176 183 190

(SIAD/UAPD) Time Efficiency (SIAD/UAPD) Time Efficiency

Database Size of Running Application (MB) Figure 10 shows the time-consumption ratio of UAPD and SIAD. As the size of the application’s Figure 9. Time required for anvary application to run with UAPD. database increases, the efficiency be seen dramatically. For example, UAPD is 30 times Figure 9. Timecan required for to an application to run with UAPD. faster than SIAD for a database size of 1 MB. Moreover, UAPD is 600 times faster than SIAD for a Figure 10shows shows thetime-consumption time-consumption ratioratio ofUAPD UAPD andSIAD. SIAD. Asthe thesize size theapplication’s application’s database size of 100 MB. The time-consumption increases as theAs database size increases. Figure 10 the ratio of and ofofthe database increases, the efficiency can be seen to vary dramatically. For example, UAPD 30times times database increases, the efficiency can be seen to vary dramatically. For example, UAPD isis30 faster than SIAD for a database size of 1 MB. Moreover, UAPD is 600 times faster than SIAD foraa faster than SIAD for a database size of 1 MB. Moreover, UAPD is 600 times faster than SIAD for databasesize sizeof of100 100MB. MB.The Thetime-consumption time-consumptionratio ratioincreases increasesas asthe thedatabase database size size increases. increases. database

200

Database Size (MB) 1 8 15 22 29 36 43 50 57 64 71 78 85 92 99 106 113 120 127 134 141 148 155 162 169 176 183 190

0 Figure 10. Time-efficiency comparison between SIAD and UAPD.

Figure 10. Time-efficiencyDatabase comparison Sizebetween (MB) SIAD and UAPD. Figure 11 shows the test results illustrating the effects of the number of installed applications, especially, of application packages, and other running applications Android platform. Figurethat 11 shows the test results illustrating the effects of the number of on installed applications, By default, that the number of 10. installed packages isother 79. We installed 41 additional that were especially, of application packages, and running on applications Android platform. By Figure Time-efficiency comparison betweenapplications SIAD and UAPD. in the topthe ranks of the market, is such Map, Dropbox, and that so on. Next, default, number ofapplication installed packages 79. as WeYouTube, installedGmail, 41 additional applications were in we tested the applications that had database sizes of 100 MB. As the numbers of installed and executed the top ranks the application market, such as YouTube, Dropbox, and soapplications, on. Next, we Figure 11 of shows the test results illustrating the effectsGmail, of theMap, number of installed applications increased, therehad were no significant thenumbers time overhead. Therefore, even tested the that applications that database sizes ofdifferences 100 MB. Asin the installed and executed especially, of application packages, and other running applications onofAndroid platform. Byif the number of packages increases, the efficiency of UAPD remains better than that of SIAD. applications increased, there were no significant differences in the time overhead. Therefore, even default, the number of installed packages is 79. We installed 41 additional applications that were inif thetop number increases, the efficiency of UAPDGmail, remains better than that the ranks of of packages the application market, such as YouTube, Map, Dropbox, andofsoSIAD. on. Next, we

tested the applications that had database sizes of 100 MB. As the numbers of installed and executed applications increased, there were no significant differences in the time overhead. Therefore, even if the number of packages increases, the efficiency of UAPD remains better than that of SIAD.

Sustainability 2018, 8, x FOR PEER REVIEW Sustainability 2018, 10, 1290 Sustainability 2018, 8, x FOR PEER REVIEW

13 of 20 13 of 18 13 of 20

(s)(s) Time Time

UAPD UAPD 4 4 3 3 2 2 1 1 0 0

SIAD SIAD 3.14 3.14

2.93 2.93

0.0057 0.0057 79 79

0.0057 0.0057 120 120 Number of packages Number of packages

Figure 11. Time according to to the the number number of of application application packages. packages. Figure 11. Time according to the number of application packages.

In Figure 12, we compared the CPU consumption of the original Android version (AOSP) from In 12, we the consumption of the original Android Android version version (AOSP) (AOSP) from In Figure Figure we compared compared the CPU CPU consumption of the original Android Open12, Source Project (AOSP) with the Android version UAPD implemented (UAPD) from with Android Open Source Project (AOSP) with the Android version UAPD implemented (UAPD) with Android Open Source Project (AOSP) with the Android version UAPD implemented (UAPD) with Amazon applications using the top command. We repeated this process 100 times and averaged the Amazon applications using the the top top command. We We repeated this this process process 100 100 times and averaged averaged the Amazon applications using times and the results. UAPD (the Android UAPDcommand. implemented)repeated and AOSP (the original Android) did not show results. UAPD (the Android UAPD implemented) and AOSP (the original Android) did not show show results. UAPD (the Android UAPD implemented) and AOSP (the original Android) did not significant differences in terms of CPU usage and memory consumption. In Figure 12, the CPU significant differences in in terms of CPU and consumption. In Figure Figure 12, the the CPU significant differences CPU usage usage and memory memory consumption. consumptions from zero terms to twoofseconds are similar, but there is a slight In difference12, in the CPU CPU consumptions from zero to two seconds are similar, but there is a slight difference in the CPU consumptions from two zerototo two seconds are similar, butapplications there is a slight difference in theby CPU consumptions from four seconds. Because Android are sometimes affected the consumptions from two to seconds. Because Because Android Android applications applications are sometimes sometimes affected affected by by the consumptions to four four seconds. Android OS orfrom othertwo applications, the CPU consumption may increase are in some time. For example,the in Android OS or or other other applications, applications,the theCPU CPUconsumption consumptionmay mayincrease increase in some time. For example, Android OS in some time. For example, in a very rare case, the CPU consumption is 7% at one second, but 35% at two seconds. However, these in a very rare case, CPU consumption isat 7% at second, one second, but at 35% two seconds. However, avalues very rare case, the the CPU is 7% one but 35% twoatseconds. these are not enough to consumption affect the overall performance because the holding times ofHowever, the values are these values are not enough to affect the overall performance because the holding times of the values values are not enough to affect the overall performance because the holding times of the values are very short. Therefore, applying UAPD incurs little CPU overhead. are short. Therefore, applying UAPD incurs CPU overhead. veryvery short. Therefore, applying UAPD incurs littlelittle CPU overhead.

(%) Consumption CPU (%) Consumption CPU

UAPD UAPD 35 35 30 30 25 25 20 20 15 15 10 10 5 5 0 0

0 0

1 1

AOSP AOSP

2 2 Time (s) Time (s)

3 3

4 4

Figure 12. UAPD vs. AOSP (Android Open Source Project) for CPU usage. Figure 12. UAPD vs. AOSP (Android Open Source Project) for CPU usage. Figure 12. UAPD vs. AOSP (Android Open Source Project) for CPU usage.

Figures 13 and and 14 14show showthe themeasured measuredvalues values Virtual (VSS) Resident Set Figures 13 of of thethe Virtual SetSet SizeSize (VSS) andand Resident Set Size Figures 13 and 14 show the measured values of the Virtual Set Size (VSS) and Resident Set Size Size (RSS) for the Amazon application. The values of VSS and RSS in UAPD and AOSP are similar; (RSS) for the Amazon application. The values of VSS and RSS in UAPD and AOSP are similar; UAPD (RSS) for the Amazon application. The values of VSS and RSS in UAPD and AOSP are similar; UAPD UAPD has little overhead. has little overhead. has little overhead.

(MB) (MB) (MB) SizeSize Size

Sustainability 2018, 8, x FOR PEER REVIEW Sustainability 2018, 8, x FOR PEER REVIEW Sustainability 2018, 10, 1290 Sustainability 2018, 8, x FOR PEER REVIEW

1760 1740 1760 1720 1740 1760 1700 1720 1740 1680 1700 1720 1660 1680 1700 1640 1660 1680 1620 1640 1660 1600 1620 1640 1600 1620 1600

0 0 0

UAPD UAPD UAPD

1 1 1

14 of 20 14 of 20 14 of 18 14 of 20

AOSP AOSP AOSP

2 2 Time (s) 2 (s) Time Time (s)

3 3 3

4 4 4

(MB) (MB) (MB) SizeSize Size

Figure 13. UAPD vs. AOSP for VSS (Virtual Set Size) usage. Figure 13. UAPD vs. AOSP for VSS (Virtual Set Size) usage. Figure 13. UAPD vs. AOSP for VSS (Virtual Set Size) usage. Figure 13. UAPD vs. AOSP for VSS (Virtual Set Size) usage.

100 100 80 100 80 60 80 60 40 60 40 20 40 20 0 20 0 0

UAPD UAPD UAPD

0 0 0

1 1 1

AOSP AOSP AOSP

2 2 Time (s) 2 (s) Time Time (s)

3 3 3

4 4 4

Figure Figure 14. 14. UAPD UAPD vs. vs. AOSP AOSP for for RSS RSS (Resident (Resident Set Set Size) Size) usage. usage. Figure 14. UAPD vs. AOSP for RSS (Resident Set Size) usage.

(MB) (MB) (MB) SizeSize Size

Figure 15 shows Figure the memory usages for several applications in UAPD 14. UAPD vs. AOSP for RSS (Resident Set Size) usage. and AOSP. All three Figure 15 15 shows shows the the memory memory usages usages for for several several applications applicationsin inUAPD UAPDand andAOSP. AOSP. All All three three Figure applications such as Amazon, Kakaotalk, and Facebook, running in the UAPD environment, have applications such as Amazon, Kakaotalk, and Facebook, running in the UAPD environment, have total applications such as Amazon, Kakaotalk, and Facebook, running in the UAPD environment, have Figure 15 shows the memory usages for several applications in UAPD and AOSP. All three total memory sizes similar to those running in the AOSP environment; the application memory is memory sizes similar to those running in and theinAOSP environment; the application memory is often total memory sizes to those the AOSP environment; the application memory is applications such assimilar Amazon, Kakaotalk, Facebook, running in the UAPD environment, have often changed by external factors or running application behaviors. changed by external factors or application behaviors. often changed by external or application total memory sizes similarfactors to those running in behaviors. the AOSP environment; the application memory is often changed by external factors or application behaviors. UAPD AOSP UAPD AOSP 25 UAPD AOSP 25 25 20 20 20 15 15 15 10 10 10 5 5 50 amazon kakaotalk facebook 0 amazon kakaotalk facebook 0 Figure 15. UAPD UAPD vs. vs. AOSP AOSP in terms terms of of memory memory usage. usage. Figure 15. in amazon kakaotalk facebook Figure 15. UAPD vs. AOSP in terms of memory usage. Figure 15. UAPD vs. AOSP in terms of memory usage.

Sustainability 2018, 10, 1290

15 of 18

5.2. UAPD Compatibility Both the CipherSQL and SIAD mentioned earlier in the Related Works section have some compatibility with Android. CipherSQL is compatible with the versions 4 and 8 of Android. However, this is true only for the applications developed using CipherSQL. That is, as not all applications use CipherSQL, CipherSQL is not applied to all applications. SIAD modifies the Android Framework part, and therefore, can be applied to all applications. On the other hand, there are different ways to terminate applications on Android, which rely on the developers creating the Android applications. A typical smartphone uses a custom OS of the original Android OS, which is provided by its manufacturer. Therefore, it is not possible to ensure that a routine added at the end of an application is applicable to all Android smartphones. The UAPD proposed in this paper modifies only the behavior of the application when it runs. Therefore, it can be applied to any Android OS. Moreover, the UAPD does not control all applications. Sensitive data such as card information, chat history, etc., of the applications we use are stored in the actual running application data area. As a result, it is possible to minimize the impact on traditional usage behavior by applying UAPD to commonly used applications other than system rights applications. The execution flow in the UAPD proceeds as follows: Start- > startViaZygote- > Check Other Devices Status- > zygoteSendArgsAndGetResult. Start calls startViaZygote. If an error occurs during execution, it is treated as a runtime exception. 5.3. UAPD Security UAPD’s goal is to defend against SIA. The previously proposed CipherSQL encrypted the database of the Android application so that, even if the attacker obtained the backup data, it was difficult to acquire the information of the application. However, the attacker could use the backup data to acquire and apply information such as the IMEI and IMSI from other applications that did not apply CipherSQL. In this case, even if the attacker did not know the key to decrypt the application data with CipherSQL applied, he/she could execute the application using the SIA method. On the other hand, UAPD defends against SIA through application execution via user authentication without additional encryption/decryption processes. With this approach, an attacker can acquire some application information from the backup data. However, the UAPD prevents the attacker from impersonating a user, by preventing the application from running. Applying this proposal has the disadvantage that an attacker can obtain some application information from the backup data. However, it does not allow the attacker to run applications. It also prevents the attacker from pretending to be a user. There are two major security issues to consider when applying UAPD. The first is when the user is authenticated via UAPD by verifying the peripheral connection. The information required for authentication must not be visible to the outside. The UAPD checks the configured WiFi or paired Bluetooth device on the smartphone. This will not require any input from outside the smartphone during UAPD. It also does not require a data transfer from the smartphone to the peripheral device. Therefore, UAPD does not involve data exchange for authentication, and is thus resistant to attacks on networks such as Man In the Middle attacks (MIMT) or packet modulation. The second is related to an attacker circumventing the authentication process of UAPD using duplicated or modified information of the configured WiFi devices or paired Bluetooth devices. Information about WiFi configured on Android will be saved to the /data/misc/wifi/wpa_supplicant.conf file on the user’s smartphone. The stored information includes the Service Set Identifier (SSID), Pre-Shared Key (PSK), Priority, and connection methods. To get these values, the attacker accesses the wpa_supplicant.conf file directly from the rooted device, or uses the application from an unrooted device. However, we do not consider rooted devices because rooted devices do not guarantee security and is an unusual situation. Moreover, the WiFi information will not be displayed using an application on an unrooted device, as the Android KitKat version displays the password of the WiFi as an encrypted hash value instead of in a plain text format. As a result,

Sustainability 2018, 10, 1290

16 of 18

the attacker cannot set the key value of WiFi and configure a WiFi environment similar to that of the user. On the other hand, regular users can synchronize and recover WiFi information that is configured on the Google Server by Google. Therefore, ordinary users can check the authentication of UAPD even if they backup, but an attacker cannot pass the authentication of UAPD using only the backup file. When the smartphone is paired with another Bluetooth device, a gatt profile is created in/data/misc/Bluetooth/(gatt_cache_number). However, as in the case of WiFi, only a rooted device can obtain information such as the key of a paired Bluetooth device, directly. Additionally, the information on paired Bluetooth devices are not backed up. Therefore, an attacker cannot arbitrarily create a Bluetooth device for authentication using only the backup file. In Check Other Devices States, UAPD checks the connections to the devices configured or paired with the smartphone. The function that performs the connection checks uses the function that is used by the Android framework. Therefore, it has the same security as the connections made with WiFi and Bluetooth in the existing Android framework. Moreover, because they only check connections and do not perform any data exchange, they do not receive any data from external devices during the application execution. This ensures that you can prevent attacks that insert random codes. 6. Conclusions In this paper, we showed that a copy of an application could be created by an attacker via SIA, which could subsequently be used to compromise security and obtain personal information. In particular, copies of WhatsApp, KakaoTalk, Facebook, Amazon, and Syrup were created with the same privileges as the user, and it was confirmed that they could cause secondary and tertiary damage. We proposed UAPD to protect Android applications. As an improved defense of Android applications, which does not depend on the smartphone manufacturer, UAPD prevents data-replication attacks using IMEI, IMSI, or phone number, effectively. It was applied to and tested on a Nexus 5X smartphone to check its practicality. From the results, it was observed that the proposed UAPD was practical and useful, in terms of its performance, overhead, and compatibility. UAPD is a proposal for companies that develop Android OSs, such as smartphone companies or Google. In the future, we plan to study the server communication protocol for UAPD use. Such a study will provide new user authentication methods. Acknowledgments: This research was supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Korea (2017R1D1A1B03034950) and by the BK21 Plus project funded by the Ministry of Education, Korea (21A20131600011). Author Contributions: All the authors contributed equally to this work. All authors read and approved the final manuscript. Conflicts of Interest: The authors declare no conflicts of interest.

References 1.

2.

3. 4. 5.

All Products Require an Annual Contract Prices Do Not Include Sales. Google Play: Number of Downloads 2010–2016. Available online: https://www.statista.com/statistics/281106/number-of-androidapp-downloads-from-google-play/ (accessed on 13 April 2018). Armando, A.; Merlo, A.; Migliardi, M.; Verderame, L. Would You Mind Forking This Process? A Denial of Service Attack on Android (and Some Countermeasures). In IFIP International Information Security Conference; Springer: Berlin/Heidelberg, Germany, 2012; pp. 13–24. Lee, H.-T.; Kim, D.; Park, M.; Cho, S. Protecting Data on Android Platform against Privilege Escalation Attack. Int. J. Comput. Math. 2016, 93, 401–414. [CrossRef] Sabt, M.; Traoré, J. Breaking into the Keystore: A Practical Forgery Attack against Android Keystore. In European Symposium on Research in Computer Security; Springer: Heraklion, Greece, 2016; pp. 531–548. Davi, L.; Dmitrienko, A.; Sadeghi, A.-R.; Winandy, M. Privilege Escalation Attacks on Android. In International Conference on Information Security; Springer: Berlin/Heidelberg, Germany, 2010; pp. 346–360.

Sustainability 2018, 10, 1290

6. 7. 8.

9.

10. 11. 12. 13. 14.

15. 16. 17. 18. 19. 20. 21.

22. 23. 24. 25. 26.

27.

28.

29.

17 of 18

Jung, J.-H.; Kim, J.Y.; Lee, H.-C.; Yi, J.H. Repackaging Attack on Android Banking Applications and Its Countermeasures. Wirel. Pers. Commun. 2013, 73, 1421–1437. [CrossRef] Tam, K.; Feizollah, A.; Anuar, N.B.; Salleh, R.; Cavallaro, L. The Evolution of Android Malware and Android Analysis Techniques. ACM Comput. Surv. (CSUR) 2017, 49, 76. [CrossRef] Wei, X.; Gomez, L.; Neamtiu, I.; Faloutsos, M. Malicious Android Applications in the Enterprise: What Do They Do and How Do We Fix It? In Proceedings of the 2012 IEEE 28th International Conference on Data Engineering Workshops (ICDEW), Arlington, VA, USA, 1–5 April 2012; pp. 251–254. Joshi, J.; Parekh, C. Android Smartphone Vulnerabilities: A Survey. In Proceedings of the IEEE International Conference on Advances in Computing, Communication, & Automation (ICACCA), Dehradun, India, 8–9 April 2016; pp. 1–5. Anglano, C. Forensic Analysis of WhatsApp Messenger on Android Smartphones. Digit. Investig. 2014, 11, 201–213. [CrossRef] Al Mutawa, N.; Baggili, I.; Marrington, A. Forensic Analysis of Social Networking Applications on Mobile Devices. Digit. Investig. 2012, 9, S24–S33. [CrossRef] Hacking Android Apps Using Backup Techniques. Available online: http://resources.infosecinstitute.com/ android-hacking-security-part-15-hacking-android-apps-using-backup-techniques/ (accessed on 13 April 2018). GitHub-Irsl/ADB-Backup-APK-Injection: Android ADB Backup APK Injection POC. Available online: https://github.com/irsl/ADB-Backup-APK-Injection/ (accessed on 13 April 2018). Mutti, S.; Bacis, E.; Paraboschi, S. Sesqlite: Security Enhanced Sqlite: Mandatory Access Control for Android Databases. In Proceedings of the 31st Annual Computer Security Applications Conference, Los Angeles, CA, USA, 7–11 December 2015; pp. 411–420. Paraboschi, S.; Bacis, E.; Mutti, S. Extending Mandatory Access Control Policies in Android. In International Conference on Information Systems Security; Springer: Cham, Switzerland, 2015; pp. 21–35. Rachmawan, A. Developing Secure Android Application with Encrypted Database File Using Sqlcipher. Ph.D. Thesis, Universiti Teknikal Malaysia Melaka, Durian Tunggal, Malaysia, 2014. Dai, Z.; Chua, T.-W.; Balakrishnan, D.K.; Thing, V.L. Chat-App Decryption Key Extraction through Information Flow Analysis. In Systems Approach to Cyber Security; IOP Press: Singapore, 2017. Google Android: CVE Security Vulnerabilities, Versions and Detailed Reports. Available online: https: //www.cvedetails.com/product/19997/GoogleAndroid.html?vendor_id=1224 (accessed on 13 April 2018). Kim, J.; Jung, I.Y. Android App Protection Using Same Identifier Attack Defensor. In Proceedings of the IEEE International Conference on Intelligence and Security Informatics (ISI), Beijing, China, 22–24 July 2017; p. 201. Kim, J.; Jung, I.Y. Private Data Protection of Android Application. In Advances in Computer Science and Ubiquitous Computing; Springer: Singapore, 2017; pp. 1470–1475. Church, K.; De Oliveira, R. What’s up with Whatsapp?: Comparing Mobile Instant Messaging Behaviors with Traditional SMS. In Proceedings of the 15th International Conference on Human-Computer Interaction with Mobile Devices and Services, Munich, Germany, 27–30 August 2013; pp. 352–361. Ha, Y.W.; Kim, J.; Libaque-Saenz, C.F.; Chang, Y.; Park, M.-C. Use and Gratifications of Mobile SNSs: Facebook and KakaoTalk in Korea. Telemat. Inform. 2015, 32, 425–438. [CrossRef] KaKaoTalk. Available online: http://www.kakaocorp.com/service/KakaoTalk (accessed on 13 April 2018). Syrup. Available online: http://www.smartwallet.co.kr/index.do#about_syrup (accessed on 13 April 2018). Jain, V.; Gaur, M.S.; Laxmi, V.; Mosbah, M. Detection of Sqlite Database Vulnerabilities in Android Apps. In International Conference on Information Systems Security; Springer: Cham, Switzerland, 2016; pp. 521–531. Jiang, Y.Z.X.; Xuxian, Z. Detecting Passive Content Leaks and Pollution in Android Applications. In Proceedings of the 20th Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, 23 April 2013. Hassanshahi, B.; Yap, R.H. Android Database Attacks Revisited. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, Abu Dhabi, United Arab Emirates, 2–6 April 2017; pp. 625–639. Felt, A.P.; Chin, E.; Hanna, S.; Song, D.; Wagner, D. Android Permissions Demystified. In Proceedings of the 18th ACM conference on Computer and communications security, Chicago, IL, USA, 17–21 October 2011; pp. 627–638. Tamma, R.; Tindall, D. Learning Android Forensics; Packt Publishing Ltd.: Birmingham, UK, 2015.

Sustainability 2018, 10, 1290

30. 31. 32. 33.

18 of 18

App Annie App Store Stats | Google Play Top App Matrix Overall. Available online: https://www.appannie. com/apps/google-play/matrix/?category=1&date=2017-06-07 (accessed on 13 April 2018). Free Android Emulator on PC and Mac- Download Nox App Player. Available online: https://en.bignox. com/ (accessed on 13 April 2018). Yaghmour, K. Embedded Android: Porting, Extending, and Customizing; O’Reilly Media, Inc.: Sebastopol, CA, USA, 2013. Android Booting Sequence Explained. Available online: http://androidsrc.net/android-booting-sequenceexplained/ (accessed on 13 April 2018). © 2018 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

Suggest Documents

Detecting Clones in Android Applications through

Detecting Clones in Android Applications through
Read more
Retrofitting Concurrency for Android Applications through Refactoring

Retrofitting Concurrency for Android Applications through Refactoring
Read more
Collections of Android Applications

Collections of Android Applications
Read more
Identifying Urban Neighborhood Names through User ... - MDPI

Identifying Urban Neighborhood Names through User ... - MDPI
Read more
Improving Remote Species Identification through Efficient ... - MDPI

Improving Remote Species Identification through Efficient ... - MDPI
Read more
User Guide: Android devices

User Guide: Android devices
Read more
User Manual for Android

User Manual for Android
Read more
Android User Manual [PDF]

Android User Manual [PDF]
Read more
Android series User Manual

Android series User Manual
Read more
Android Office User Manual

Android Office User Manual
Read more
Unlearning Smoking Habits through Mobile Applications on Android OS

Unlearning Smoking Habits through Mobile Applications on Android OS
Read more
Retrofitting Concurrency for Android Applications through Refactoring [PDF]

Retrofitting Concurrency for Android Applications through Refactoring [PDF]
Read more
Android Hacker Protection Level 0

Android Hacker Protection Level 0
Read more
Energy-Efficient Scheduling of Periodic Applications on Safety ... - MDPI

Energy-Efficient Scheduling of Periodic Applications on Safety ... - MDPI
Read more
Efficient Threshold Zero-Knowledge with Applications to User-Centric ...

Efficient Threshold Zero-Knowledge with Applications to User-Centric ...
Read more
Energy-Efficient Data Collection through Adaptive Selection of ... - MDPI

Energy-Efficient Data Collection through Adaptive Selection of ... - MDPI
Read more
Efficient Applications in User Transparent Parallel ... - Semantic Scholar

Efficient Applications in User Transparent Parallel ... - Semantic Scholar
Read more
Efficient Threshold Zero-Knowledge with Applications to User-Centric ...

Efficient Threshold Zero-Knowledge with Applications to User-Centric ...
Read more
Mini Android Pc User Manual.pdf

Mini Android Pc User Manual.pdf
Read more
eKEY® for Android™ User Manual

eKEY® for Android™ User Manual
Read more
Dial91 Android Edition User Guide

Dial91 Android Edition User Guide
Read more
Android Smartphone User Guide - Gemini

Android Smartphone User Guide - Gemini
Read more
Study on User Authority Management for Safe Data Protection ... - MDPI

Study on User Authority Management for Safe Data Protection ... - MDPI
Read more
Ski Tracks (Android) User Guide

Ski Tracks (Android) User Guide
Read more