Don't throw me away: Threats caused by the abandoned internet resources used by android apps

Elkana Pariwono, Mitsuaki Akiyama, Daiki Chiba, Tatsuya Mori

    研究成果: Conference contribution

    抄録

    This study aims to understand the threats caused by abandoned Internet resources used by Android apps. By abandoned, we mean Internet resources that support apps that were published and are still available on the mobile app marketplace, but have not been maintained and hence are at risk for abuse by an outsider. Internet resources include domain names and hard-coded IP addresses, which could be used for nefarious purposes, e.g., stealing sensitive private information, scamming and phishing, click fraud, and injecting malware distribution URL. As a result of the analysis of 1.1 M Android apps published in the official marketplace, we uncovered 3,628 of abandoned Internet resources associated with 7,331 available mobile apps. These resources are subject to hijack by outsiders. Of these apps, 13 apps have been installed more than a million of times, a measure of the breadth of the threat. Based on the findings of empirical experiments, we discuss potential threats caused by abandoned Internet resources and propose countermeasures against these threats.

    元の言語English
    ホスト出版物のタイトルASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security
    出版者Association for Computing Machinery, Inc
    ページ147-158
    ページ数12
    ISBN(電子版)9781450355766
    DOI
    出版物ステータスPublished - 2018 5 29
    イベント13th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2018 - Incheon, Korea, Republic of
    継続期間: 2018 6 42018 6 8

    Other

    Other13th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2018
    Korea, Republic of
    Incheon
    期間18/6/418/6/8

    Fingerprint

    Application programs
    Internet
    Android (operating system)
    Websites
    Experiments

    ASJC Scopus subject areas

    • Software
    • Computer Science Applications
    • Information Systems
    • Computer Networks and Communications

    これを引用

    Pariwono, E., Akiyama, M., Chiba, D., & Mori, T. (2018). Don't throw me away: Threats caused by the abandoned internet resources used by android apps. : ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security (pp. 147-158). Association for Computing Machinery, Inc. https://doi.org/10.1145/3196494.3196554

    Don't throw me away : Threats caused by the abandoned internet resources used by android apps. / Pariwono, Elkana; Akiyama, Mitsuaki; Chiba, Daiki; Mori, Tatsuya.

    ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2018. p. 147-158.

    研究成果: Conference contribution

    Pariwono, E, Akiyama, M, Chiba, D & Mori, T 2018, Don't throw me away: Threats caused by the abandoned internet resources used by android apps. : ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, pp. 147-158, 13th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2018, Incheon, Korea, Republic of, 18/6/4. https://doi.org/10.1145/3196494.3196554
    Pariwono E, Akiyama M, Chiba D, Mori T. Don't throw me away: Threats caused by the abandoned internet resources used by android apps. : ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc. 2018. p. 147-158 https://doi.org/10.1145/3196494.3196554
    Pariwono, Elkana ; Akiyama, Mitsuaki ; Chiba, Daiki ; Mori, Tatsuya. / Don't throw me away : Threats caused by the abandoned internet resources used by android apps. ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2018. pp. 147-158
    @inproceedings{c1492429f645471dbabd1eecc424ee7a,
    title = "Don't throw me away: Threats caused by the abandoned internet resources used by android apps",
    abstract = "This study aims to understand the threats caused by abandoned Internet resources used by Android apps. By abandoned, we mean Internet resources that support apps that were published and are still available on the mobile app marketplace, but have not been maintained and hence are at risk for abuse by an outsider. Internet resources include domain names and hard-coded IP addresses, which could be used for nefarious purposes, e.g., stealing sensitive private information, scamming and phishing, click fraud, and injecting malware distribution URL. As a result of the analysis of 1.1 M Android apps published in the official marketplace, we uncovered 3,628 of abandoned Internet resources associated with 7,331 available mobile apps. These resources are subject to hijack by outsiders. Of these apps, 13 apps have been installed more than a million of times, a measure of the breadth of the threat. Based on the findings of empirical experiments, we discuss potential threats caused by abandoned Internet resources and propose countermeasures against these threats.",
    keywords = "Android Security, Mobile Apps Measurement, Mobile computing security",
    author = "Elkana Pariwono and Mitsuaki Akiyama and Daiki Chiba and Tatsuya Mori",
    year = "2018",
    month = "5",
    day = "29",
    doi = "10.1145/3196494.3196554",
    language = "English",
    pages = "147--158",
    booktitle = "ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security",
    publisher = "Association for Computing Machinery, Inc",

    }

    TY - GEN

    T1 - Don't throw me away

    T2 - Threats caused by the abandoned internet resources used by android apps

    AU - Pariwono, Elkana

    AU - Akiyama, Mitsuaki

    AU - Chiba, Daiki

    AU - Mori, Tatsuya

    PY - 2018/5/29

    Y1 - 2018/5/29

    N2 - This study aims to understand the threats caused by abandoned Internet resources used by Android apps. By abandoned, we mean Internet resources that support apps that were published and are still available on the mobile app marketplace, but have not been maintained and hence are at risk for abuse by an outsider. Internet resources include domain names and hard-coded IP addresses, which could be used for nefarious purposes, e.g., stealing sensitive private information, scamming and phishing, click fraud, and injecting malware distribution URL. As a result of the analysis of 1.1 M Android apps published in the official marketplace, we uncovered 3,628 of abandoned Internet resources associated with 7,331 available mobile apps. These resources are subject to hijack by outsiders. Of these apps, 13 apps have been installed more than a million of times, a measure of the breadth of the threat. Based on the findings of empirical experiments, we discuss potential threats caused by abandoned Internet resources and propose countermeasures against these threats.

    AB - This study aims to understand the threats caused by abandoned Internet resources used by Android apps. By abandoned, we mean Internet resources that support apps that were published and are still available on the mobile app marketplace, but have not been maintained and hence are at risk for abuse by an outsider. Internet resources include domain names and hard-coded IP addresses, which could be used for nefarious purposes, e.g., stealing sensitive private information, scamming and phishing, click fraud, and injecting malware distribution URL. As a result of the analysis of 1.1 M Android apps published in the official marketplace, we uncovered 3,628 of abandoned Internet resources associated with 7,331 available mobile apps. These resources are subject to hijack by outsiders. Of these apps, 13 apps have been installed more than a million of times, a measure of the breadth of the threat. Based on the findings of empirical experiments, we discuss potential threats caused by abandoned Internet resources and propose countermeasures against these threats.

    KW - Android Security

    KW - Mobile Apps Measurement

    KW - Mobile computing security

    UR - http://www.scopus.com/inward/record.url?scp=85049229053&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85049229053&partnerID=8YFLogxK

    U2 - 10.1145/3196494.3196554

    DO - 10.1145/3196494.3196554

    M3 - Conference contribution

    AN - SCOPUS:85049229053

    SP - 147

    EP - 158

    BT - ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security

    PB - Association for Computing Machinery, Inc

    ER -