根據 2015 年 IDC(International Data Corporation) Worldwide Quarterlay Mobile Phone 調查的報導,Android 智慧型手機佔全球市占率 82%,是近年來最受歡迎的智慧型手機系統。主要原因有兩個:第一,Android 提供了免費開放式的系統架構,因此,吸引大量的手機製造商的青睞,且 Android 系統版本更新週期非常快,使得 Android 智慧手機消費者,永遠充滿著新鮮感。第二,Google 提供 Android 智慧型手機的 Apps 軟體設計師,可以透過兩種方式增加收入,分別是廣告和使用者付費兩機制,使得 Google App Store 上的 Apps 數量,每年倍數成長,根據 AppBrain 雜誌調查,統計到 2016 年,Apps 的數量已經達到兩百萬隻驚人的數量。根據 2016 年 Bloomberg Technolog 報導指出,Oracle 的律師 Annette Hurst 披露 Android 為 Google 帶來 310 億美金營收,其中有 220 億美金獲利來自於 Google App Store 和 Apps 廣告。其中 Apps 廣告數量比例在 Google App Store 佔 49%, 由上述可看出 Android App 廣大市場,因此成為駭客攻擊者目標,經過去研究發現,Android App 已經有存在惡意攻擊的實際案例。近年來 Android App 惡意攻擊手法已經滲透到廣告, 最常見利用廣告引導使用者到惡意網站, 這些惡意網站潛藏攻擊, 往往會造成個人或企業財務損失, 像網站勒索攻擊或釣魚網站等, 且因為 Ads 元件採用 Ad-Network 動態產生方式呈現, 在偵測上非常困難。因此, 本論文中, 我們提出一個工具稱為 DroidDAPA (Droid Detect Potential Attacks of Ads)。利用影像處理技術和分析 Android 系統方式,探討 Android App Ads 觸發後與 Browser 之間資料傳遞。最後產生惡意網站分析報表。此外, 本研究額外發現, 亦可幫助 VirusTotal 偵測 Malicious URL Infect 和 Malicious URL Repackage 惡意攻擊手法。此外, 本研究額外發現, 亦可幫助 VirusTotal 偵測 Malicious URL Infect 和 Malicious URL Repackage 惡意攻擊手法。

According to research by International Data Corporation (IDC) Worldwide Quarterly Mobile Phone in 2015, Android smartphones constitute 82% of the global market share of smartphones. Android has become the most popular smartphone operating system. There are two rationales behind this finding. First, Android adopts a free, open-source system architecture, which many phone manufacturers appreciate. Since Android is constantly updated, Android smartphone users are constantly greeted with freshness. Second, Google provides Android smartphone app developers with two ways to increase their income: by advertisements, and by user payments. These have allowed the number of Apps in the Google Play Store to increase exponentially. As claimed by AppBrain, there are over two million Apps on Android. Furthermore, an article in Bloomberg Technology features an attorney of Oracle, Annette Hurst, who discloses that Android has brought about 31 billion U.S. dollars’worth of revenue for Google—while 22 billions of which come from Google Play Store and Apps advertisements. Moreover, we note that advertisements in Apps make up 49% of the Google Play Store—and the sheer amount of Apps has made them the targets of many hackers. Past researches largely indicate that Android Apps have been found to be malicious. In recent years, malicious attacks in Android Apps have taken the form of Ads. The most ubiquitous method leads users to pharming websites —which launches attacks on the users’android smartphome. Common consequences include personal or business financial losses (like extortion attack or phishing websites). Moreover, because Ads elements appear dynamically by using Ad-etwork, viruses or malicious intent within them are difficult to detect. Therefore, we present, in this thesis, a tool called DroidDAPA (Droid Detect Potential Attacks of Ads). This utilises both image-processing technology, and analysis of Android System, to discuss data transfer between Android App Ads(after activation) and the Browser. Then, by incorporating VirusTotal to cross-reference malicious (i.e. pharming) websites, we produce a report of such websites. In addition to our intention, we have found that DroidDAPA can also assist VirusTotal in detecting Malicious URL Infect, and Malicious URL Repackage—which are methods of conducting malicious attacks.

[1] https://blog.vpn.asia/fight-ransomware/
[2] http://www.bloomberg.com/news/articles/2016-01-21/google-s-android-generates-31-billion-revenue-oracle-says-ijor8hvt
[3] http://dedexer.sourceforge.net/.
[4] Zhang, Yudong, and Lenan Wu, (2011), Optimal multi-level thresholding based on maximum Tsallis entropy via an artificial bee colony approach, Entropy, Vol. 13, No 4, pp 841-859.
[5] Y.. Da-zhang, Z. Jian-gang, and G. Yong, "A way of graying in the image of a bitmap and the realization of programming", Journal of Guangxi University of Technology, vol. 15, no. 1, pp. 23-26, 2004
[6] https://www.google.com/admob/
[7] https://en.wikipedia.org/wiki/AdMob
[8] https://en.wikipedia.org/wiki/Advertising network
[9] https://www.virustotal.com/zh-tw/
[10] https://www.virustotal.com/en/documentation/public-api/
[11] https://blog.lookout.com/blog/2015/11/04/trojanized-adware/
[12] "AdDroid: privilege separation for applications and advertisers in Android" ASIACCS '12 Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security Paul Pearce, Adrienne Porter Felt, Gabriel Nunez, David Wagner.
[13] L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang. 2012. CHEX: Statically vetting Android apps for component hijacking vulnerabilities. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS'12). 229–240.
[14] http://www.idc.com/prodserv/smartphone-os-market-share.jsp
[15] "Android phones hit by Ransomware," http://bits.blogs.nytimes.com/ 2014/08/22/android-phones-hit-by-ransomware/?r=0.
[16] https://blog.malwarebytes.com/threat-analysis/2016/01/when-url-shorteners-and-ransomware-collide/
[17] Are these Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces.NDSS 21-24 February 2016, San Diego, CA, USA Copyright 2016 Internet Society, ISBN 1-891562-41-X
[18] John Canny. A computational approach to edge detection. Pattern Analysis and Machine Intelligence, IEEE Transactions on, PAMI-8(6):679–698, Nov. 1986
[19] M. Grace, W. Zhou, X. Jiang, and A. Sadeghi,"Unsafe exposure analysis of mobile in-app advertise-ments,"in WiSec, 2012
[20] P. Pearce, A. P. Felt, and D. Wagner. AdDroid: Privilege separation for applications and advertisers in Android. In 7th ACM Symposium on Information, Computer and Communications Security (AsiaCCS'12), Seoul, Korea, May 2012
[21] Laboratory for Communications and Applications(2011). IEEE COMSOC MMTC E-Letter: ISPs and Ad Networks against Botnet Ad Fraud. http://infoscience.epfl.ch/record/165675/files/E-Letter-Vraton-jic.pdf (Access Date: 30 January, 2012).
[22] Emre Erturk, Eastern Institute of Technology. A Case Study in Open Source Software Security and Privacy: Android Adware, 2012 IEEE.
[23] S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry. 2012. Towards taming privilege escalation attacks on Android. In Proceedings of the 19th Network and Distributed System Security Symposium(NDSS’12).
[24] S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A.-R. Sadeghi. 2011a. XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks. Technical Report TR-2011-04. Technische Universitt Darmstadt, Darmstadt, Germany.
[25] A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin. 2011c. Permission re-delegation: Attacks and defenses. In Proceedings of the 20th USENIX Security Symposium. 331–346.
[26] E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. 2011. Analyzing inter-application communication in Android. In Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services (MobiSys'11). 239–252
[27] P. Faruki, A. Bharmal, V. Laxmi, V. Ganmoor, M. Singh Gaur, M. Conti and M. Rajarajan, Android Security: A Survey of Issues, Malware Penetration and Defenses, in: IEEE, 2015, pp. 1–17.
[28] Open Handest Alliance: Industry Leaders Announce Open Platform for Mobile Devices. Press release. http://www.openhandsetalliance.com/press 110507.html
[29] Open Handest Alliance: Open Handset Alliance Releases Android SDK. Press release. http://www.openhandsetalliance.com/press 111207.html
[30] Open Handest Alliance: Open Handest Alliance website. http://www.openhandsetalliance.com
[31] Google Inc.: Android Open Source Project. http://source.android.com.
[32] A. Narayanan, L. Chen, and C. K. Chan. AdDetect: Automated detection of Android ad libraries using semantic analysis. In Proceedings of IEEE Ninth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP’14), 2014.
[33] Li Li, Tegawend’e F. Bissyand’e, Jacques Klein, and Yves Le Traon. An Investigation into the Use of Common Libraries in Android Apps. In Technique Report, 2015.
[34] https://developer.android.com/guide/components/intents-filters.html
[35] https://developer.android.com/reference/android/content/Intent.html
[36] https://play.google.com/store
[37] E. Erturk, "A case study in open source software security and privacy: Android adware", WorldCIS 2012, pp. 189-191.
[38] http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-what-it-is-and-how-you-can-protect-yourself
[39] Benjamin Speckmann, "The Android mobile platform", A Review Paper Submitted to Eastern Michigan University on 16th April , 2008.
[40] Kilgo, P.M., (n.d.). Android OS: A robust, free, open-source operating system for mobile devices. Retrieved October 1, 2009, from http://pk-fire.com/etc/wtf/Android-os-final.pdf.
[41] A. Zarras, A. Kapravelos, G. Stringhini, T. Holz, C. Kruegel, and G. Vigna, "The dark alleys of madison avenue: Understanding malicious advertisements," in Proceedings of the 2014 Conference on Internet Measurement Conference. ACM, 2014, pp. 373–380.
[42] Z. Li, K. Zhang, Y. Xie, F. Yu, and X. Wang, "Knowing your enemy: understanding and detecting malicious web advertising," in Proceedings of the 2012 ACM conference on Computer and Communications Security. ACM, 2012, pp. 674–686.
[43] [T. Berners-Lee,1994] T. Berners-Lee.Uniform Resource Locators—A unifying syntax for the expression of names and addresses of objects on the network.(1 Jan. 1994) expires 1 July ,1994.
[44] W. Enck. 2011. Defending users against smartphone apps: Techniques and future directions. In Proceedings of the 7th International Conference on Information Systems Security (ICISS’11). 49–70.
[45] https://developer.android.com/reference/android/content/Intent.html
[46] W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, "A study of android application security", in USENIX Security, 2011.
[47] Y. Zhang, D. Song, H. Xue, and T. Wei, "Ad vulna: A vulnaggressive (vulnerable & aggressive) adware threatening millions," 2013, https://www.fireeye.com/blog/threat-research/2013/10/ad-vulna-a-vulnaggressive-vulnerable-aggressive-adware-threatening-millions. html.
[48] S. Shekhar, M. Dietz, and D. S. Wallach,"Adsplit: Separating smartphone advertising from applications."in USENIX Security Symposium, 2012, pp.553–567.
[49] M. Grace, Y. Zhou, Z. Wang, and X. Jiang. Systematic detection of capability leaks in stock Android smartphones. In Proceedings of the NDSS, 2012
[50] R. Wang, L. Xing, X. Wang, and S. Chen. Unauthorized origin crossing on mobile platforms: Threats and mitigation. In Proceedings of the 2013 ACM CCS, 2013.
[51] Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets. In Proceedings of the NDSS, 2012.