Don't throw me away

Threats caused by the abandoned internet resources used by android apps

Elkana Pariwono, Mitsuaki Akiyama, Daiki Chiba, Tatsuya Mori

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    This study aims to understand the threats caused by abandoned Internet resources used by Android apps. By abandoned, we mean Internet resources that support apps that were published and are still available on the mobile app marketplace, but have not been maintained and hence are at risk for abuse by an outsider. Internet resources include domain names and hard-coded IP addresses, which could be used for nefarious purposes, e.g., stealing sensitive private information, scamming and phishing, click fraud, and injecting malware distribution URL. As a result of the analysis of 1.1 M Android apps published in the official marketplace, we uncovered 3,628 of abandoned Internet resources associated with 7,331 available mobile apps. These resources are subject to hijack by outsiders. Of these apps, 13 apps have been installed more than a million of times, a measure of the breadth of the threat. Based on the findings of empirical experiments, we discuss potential threats caused by abandoned Internet resources and propose countermeasures against these threats.

    Original languageEnglish
    Title of host publicationASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security
    PublisherAssociation for Computing Machinery, Inc
    Pages147-158
    Number of pages12
    ISBN (Electronic)9781450355766
    DOIs
    Publication statusPublished - 2018 May 29
    Event13th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2018 - Incheon, Korea, Republic of
    Duration: 2018 Jun 42018 Jun 8

    Other

    Other13th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2018
    CountryKorea, Republic of
    CityIncheon
    Period18/6/418/6/8

    Fingerprint

    Application programs
    Internet
    Android (operating system)
    Websites
    Experiments

    Keywords

    • Android Security
    • Mobile Apps Measurement
    • Mobile computing security

    ASJC Scopus subject areas

    • Software
    • Computer Science Applications
    • Information Systems
    • Computer Networks and Communications

    Cite this

    Pariwono, E., Akiyama, M., Chiba, D., & Mori, T. (2018). Don't throw me away: Threats caused by the abandoned internet resources used by android apps. In ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security (pp. 147-158). Association for Computing Machinery, Inc. https://doi.org/10.1145/3196494.3196554

    Don't throw me away : Threats caused by the abandoned internet resources used by android apps. / Pariwono, Elkana; Akiyama, Mitsuaki; Chiba, Daiki; Mori, Tatsuya.

    ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2018. p. 147-158.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Pariwono, E, Akiyama, M, Chiba, D & Mori, T 2018, Don't throw me away: Threats caused by the abandoned internet resources used by android apps. in ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, pp. 147-158, 13th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2018, Incheon, Korea, Republic of, 18/6/4. https://doi.org/10.1145/3196494.3196554
    Pariwono E, Akiyama M, Chiba D, Mori T. Don't throw me away: Threats caused by the abandoned internet resources used by android apps. In ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc. 2018. p. 147-158 https://doi.org/10.1145/3196494.3196554
    Pariwono, Elkana ; Akiyama, Mitsuaki ; Chiba, Daiki ; Mori, Tatsuya. / Don't throw me away : Threats caused by the abandoned internet resources used by android apps. ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2018. pp. 147-158
    @inproceedings{c1492429f645471dbabd1eecc424ee7a,
    title = "Don't throw me away: Threats caused by the abandoned internet resources used by android apps",
    abstract = "This study aims to understand the threats caused by abandoned Internet resources used by Android apps. By abandoned, we mean Internet resources that support apps that were published and are still available on the mobile app marketplace, but have not been maintained and hence are at risk for abuse by an outsider. Internet resources include domain names and hard-coded IP addresses, which could be used for nefarious purposes, e.g., stealing sensitive private information, scamming and phishing, click fraud, and injecting malware distribution URL. As a result of the analysis of 1.1 M Android apps published in the official marketplace, we uncovered 3,628 of abandoned Internet resources associated with 7,331 available mobile apps. These resources are subject to hijack by outsiders. Of these apps, 13 apps have been installed more than a million of times, a measure of the breadth of the threat. Based on the findings of empirical experiments, we discuss potential threats caused by abandoned Internet resources and propose countermeasures against these threats.",
    keywords = "Android Security, Mobile Apps Measurement, Mobile computing security",
    author = "Elkana Pariwono and Mitsuaki Akiyama and Daiki Chiba and Tatsuya Mori",
    year = "2018",
    month = "5",
    day = "29",
    doi = "10.1145/3196494.3196554",
    language = "English",
    pages = "147--158",
    booktitle = "ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security",
    publisher = "Association for Computing Machinery, Inc",

    }

    TY - GEN

    T1 - Don't throw me away

    T2 - Threats caused by the abandoned internet resources used by android apps

    AU - Pariwono, Elkana

    AU - Akiyama, Mitsuaki

    AU - Chiba, Daiki

    AU - Mori, Tatsuya

    PY - 2018/5/29

    Y1 - 2018/5/29

    N2 - This study aims to understand the threats caused by abandoned Internet resources used by Android apps. By abandoned, we mean Internet resources that support apps that were published and are still available on the mobile app marketplace, but have not been maintained and hence are at risk for abuse by an outsider. Internet resources include domain names and hard-coded IP addresses, which could be used for nefarious purposes, e.g., stealing sensitive private information, scamming and phishing, click fraud, and injecting malware distribution URL. As a result of the analysis of 1.1 M Android apps published in the official marketplace, we uncovered 3,628 of abandoned Internet resources associated with 7,331 available mobile apps. These resources are subject to hijack by outsiders. Of these apps, 13 apps have been installed more than a million of times, a measure of the breadth of the threat. Based on the findings of empirical experiments, we discuss potential threats caused by abandoned Internet resources and propose countermeasures against these threats.

    AB - This study aims to understand the threats caused by abandoned Internet resources used by Android apps. By abandoned, we mean Internet resources that support apps that were published and are still available on the mobile app marketplace, but have not been maintained and hence are at risk for abuse by an outsider. Internet resources include domain names and hard-coded IP addresses, which could be used for nefarious purposes, e.g., stealing sensitive private information, scamming and phishing, click fraud, and injecting malware distribution URL. As a result of the analysis of 1.1 M Android apps published in the official marketplace, we uncovered 3,628 of abandoned Internet resources associated with 7,331 available mobile apps. These resources are subject to hijack by outsiders. Of these apps, 13 apps have been installed more than a million of times, a measure of the breadth of the threat. Based on the findings of empirical experiments, we discuss potential threats caused by abandoned Internet resources and propose countermeasures against these threats.

    KW - Android Security

    KW - Mobile Apps Measurement

    KW - Mobile computing security

    UR - http://www.scopus.com/inward/record.url?scp=85049229053&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85049229053&partnerID=8YFLogxK

    U2 - 10.1145/3196494.3196554

    DO - 10.1145/3196494.3196554

    M3 - Conference contribution

    SP - 147

    EP - 158

    BT - ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security

    PB - Association for Computing Machinery, Inc

    ER -