Don't throw me away: Threats caused by the abandoned internet resources used by android apps

Elkana Pariwono, Mitsuaki Akiyama, Daiki Chiba, Tatsuya Mori

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    3 Citations (Scopus)

    Abstract

    This study aims to understand the threats caused by abandoned Internet resources used by Android apps. By abandoned, we mean Internet resources that support apps that were published and are still available on the mobile app marketplace, but have not been maintained and hence are at risk for abuse by an outsider. Internet resources include domain names and hard-coded IP addresses, which could be used for nefarious purposes, e.g., stealing sensitive private information, scamming and phishing, click fraud, and injecting malware distribution URL. As a result of the analysis of 1.1 M Android apps published in the official marketplace, we uncovered 3,628 of abandoned Internet resources associated with 7,331 available mobile apps. These resources are subject to hijack by outsiders. Of these apps, 13 apps have been installed more than a million of times, a measure of the breadth of the threat. Based on the findings of empirical experiments, we discuss potential threats caused by abandoned Internet resources and propose countermeasures against these threats.

    Original languageEnglish
    Title of host publicationASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security
    PublisherAssociation for Computing Machinery, Inc
    Pages147-158
    Number of pages12
    ISBN (Electronic)9781450355766
    DOIs
    Publication statusPublished - 2018 May 29
    Event13th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2018 - Incheon, Korea, Republic of
    Duration: 2018 Jun 42018 Jun 8

    Other

    Other13th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2018
    CountryKorea, Republic of
    CityIncheon
    Period18/6/418/6/8

    Keywords

    • Android Security
    • Mobile Apps Measurement
    • Mobile computing security

    ASJC Scopus subject areas

    • Software
    • Computer Science Applications
    • Information Systems
    • Computer Networks and Communications

    Fingerprint Dive into the research topics of 'Don't throw me away: Threats caused by the abandoned internet resources used by android apps'. Together they form a unique fingerprint.

    Cite this