TY - GEN
T1 - Don't throw me away
T2 - 13th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2018
AU - Pariwono, Elkana
AU - Akiyama, Mitsuaki
AU - Chiba, Daiki
AU - Mori, Tatsuya
N1 - Publisher Copyright:
© 2018 Association for Computing Machinery.
PY - 2018/5/29
Y1 - 2018/5/29
N2 - This study aims to understand the threats caused by abandoned Internet resources used by Android apps. By abandoned, we mean Internet resources that support apps that were published and are still available on the mobile app marketplace, but have not been maintained and hence are at risk for abuse by an outsider. Internet resources include domain names and hard-coded IP addresses, which could be used for nefarious purposes, e.g., stealing sensitive private information, scamming and phishing, click fraud, and injecting malware distribution URL. As a result of the analysis of 1.1 M Android apps published in the official marketplace, we uncovered 3,628 of abandoned Internet resources associated with 7,331 available mobile apps. These resources are subject to hijack by outsiders. Of these apps, 13 apps have been installed more than a million of times, a measure of the breadth of the threat. Based on the findings of empirical experiments, we discuss potential threats caused by abandoned Internet resources and propose countermeasures against these threats.
AB - This study aims to understand the threats caused by abandoned Internet resources used by Android apps. By abandoned, we mean Internet resources that support apps that were published and are still available on the mobile app marketplace, but have not been maintained and hence are at risk for abuse by an outsider. Internet resources include domain names and hard-coded IP addresses, which could be used for nefarious purposes, e.g., stealing sensitive private information, scamming and phishing, click fraud, and injecting malware distribution URL. As a result of the analysis of 1.1 M Android apps published in the official marketplace, we uncovered 3,628 of abandoned Internet resources associated with 7,331 available mobile apps. These resources are subject to hijack by outsiders. Of these apps, 13 apps have been installed more than a million of times, a measure of the breadth of the threat. Based on the findings of empirical experiments, we discuss potential threats caused by abandoned Internet resources and propose countermeasures against these threats.
KW - Android Security
KW - Mobile Apps Measurement
KW - Mobile computing security
UR - http://www.scopus.com/inward/record.url?scp=85049229053&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85049229053&partnerID=8YFLogxK
U2 - 10.1145/3196494.3196554
DO - 10.1145/3196494.3196554
M3 - Conference contribution
AN - SCOPUS:85049229053
T3 - ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security
SP - 147
EP - 158
BT - ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security
PB - Association for Computing Machinery, Inc
Y2 - 4 June 2018 through 8 June 2018
ER -