Unix Domain Sockets Applied in Android Malware Should Not Be Ignored
AbstractIncreasingly, malicious Android apps use various methods to steal private user data without their knowledge. Detecting the leakage of private data is the focus of mobile information security. An initial investigation found that none of the existing security analysis systems can track the flow of information through Unix domain sockets to detect the leakage of private data through such sockets, which can result in zero-day exploits in the information security field. In this paper, we conduct the first systematic study on Unix domain sockets as applied in Android apps. Then, we identify scenarios in which such apps can leak private data through Unix domain sockets, which the existing dynamic taint analysis systems do not catch. Based on these insights, we propose and implement JDroid, a taint analysis system that can track information flows through Unix domain sockets effectively to detect such privacy leaks. View Full-Text
Share & Cite This Article
Jiang, X.; Mu, D.; Zhang, H. Unix Domain Sockets Applied in Android Malware Should Not Be Ignored. Information 2018, 9, 54.
Jiang X, Mu D, Zhang H. Unix Domain Sockets Applied in Android Malware Should Not Be Ignored. Information. 2018; 9(3):54.Chicago/Turabian Style
Jiang, Xu; Mu, Dejun; Zhang, Huixiang. 2018. "Unix Domain Sockets Applied in Android Malware Should Not Be Ignored." Information 9, no. 3: 54.
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.