A Semantics and Context -Aware Approach to Android Application Security

Date of Award

June 2015

Degree Type


Degree Name

Doctor of Philosophy (PhD)


Electrical Engineering and Computer Science


Heng Yin


Android, App description, Malware detection, Privacy leakage, Security, Vulnerability patching

Subject Categories



As usage of the Android applications has grown, security concerns have also increased.

Four major threats have attracted attention. Malicious apps have been increasingly exponentially. Android Malware steals and pollutes sensitive information, executes attacker specified commands, or even totally roots and subverts the mobile devices. Moreover, a significant amount of recently discovered

malware samples are polymorphic malware variants and zero-day malware. New malware instances can easily exercise bytecode-level obfuscation to evade existing AV scanners.

A broad spectrum of software vulnerabilities have been discovered in Android apps. Attackers can exploit vulnerable programs to launch various attacks on their behalf. Static analysis is used to detect vulnerabilities, but introduces significant false alarms. An automated technique is needed to efficiently patch the victim apps and precisely defeat exploitations.

Information leakage is prevailing in both malware and benign applications. Some information leaks are legitimate due to the essential app functionalities, whereas others are undesirable or even malicious. It is thus extremely difficult to accurately and efficiently track information leaks, and at the same time, effectively disable the undesired ones.

The textual description of app products in Android markets act as the frontline protection and help users to recognize malicious or unwanted programs. Thus, the fact that Android app descriptions cannot faithfully reflect the security risks imperils end users.Android permissions are not only hard to understand but also incapable of explaining how the requested permissions are used. Textual descriptions provided by developers are not security-centric or trustworthy.

This dissertation addresses these problems by presenting concepts, methods and techniques that can be used to robustly detect malware, automatically patch vulnerabilities, efficiently protect privacy and effectively help users to understand the risks of mobile apps.

Firstly, DroidSIFT is proposed and developed to perform semantics-aware Android malware detection and classification. It extracts high-level program behavior graphs as features and captures homogeneous behaviors via measuring graph similarities. Thus, the subsequent classification is resilient to bytecode-level obfuscation and can detect malware variants and zero-day malware.

Secondly, AppSealer is presented to automatically patch component hijacking vulnerabilities in Android programs. It selectively inserts patch code into vulnerable programs and monitors the exact program slices that lead to potential exploitations. The patch code only introduces necessary intervention when an attack is about to launch. Therefore, this patch-based solution has minimal impact on the usability, but gains time for the developers to bring the fundamental fix.

Thirdly, Capper is introduced to enforce context-aware privacy policies for Android apps without compromising legitimate functionalities. It rewrites privacy breaching apps by inserting code that tracks sensitive information flow and enforces privacy polices. The policies are specific to program contexts and are created via modeling the user reaction to each privacy incident at runtime.

Lastly, DescribeMe is proposed and developed to automatically generate security-centric descriptions for Android applications. It retrieves security-related program semantics from Android apps and translates them into natural language scripts. To facilitate the translation, it also performs frequent behavior mining to discover and compress common semantics. As a result, the produced descriptions are security-sensitive, human-understandable and concise.


Surface provides description only. Full text is available to ProQuest subscribers. Ask your Librarian for assistance.

This document is currently not available here.