1. Raimund Genes - CTOSecurity under AndroidCopyright 2013 Trend Micro Inc.
2. Android has beendesigned with security inmind!
3. Security in Mind?Android is a privilege-separatedoperating system. Each applicationruns through a unique Linux user ID.No application has permission toimpact other applications.Applications can‘t access the networkwithout prior consent
4. Security in Mind?When installing anapplication, theuser is requestedby the apppackage installerto grantpermission(s)
5. But!Then, before or while running theapplication, it is never checked againby the user. If the permission wasgranted, the app can then use thedesired features without prompting theuser – forever!
6. SoWith clever social engineering the badguys convince the users to install a„useful“ application, the user willinglygives permission, and bingo – devicecould be misused
7. Industry Trends Malware increasing on “App Stores”
8. Android Malware• 10K: Middle of 2012!• 100K: End of 2012!http://blog.trendmicro.com/how-big-will-the-android-malware-threat-be-in-2012/
9. Chris Di Bona from Google, November 2011:”virus companies are playing on your fears to try to sell you bs protectionsoftware for Android, RIM and IOS. They are charlatans and scammers. IFyou work for a company selling virus protection for android, rim or IOSyou should be ashamed of yourself.”“The barriers to spreading such a program from phone to phone are largeand difficult enough to traverse when you have legitimate access to thephone, but this isn’t independence day, a virus that might work on onedevice won’t magically spread to the other.”All the major vendors have app markets, and all the major vendors haveapps that do bad things, are discovered, and are dropped from themarkets.
10. Industry Trends Google’s Bouncer
11. Google Bouncer: “Gone to the Gym”Slide 13 -‐ TREND MICRO CONFIDENTIAL
12. Extended Network: The App MarketsUse Case: Personal data exfiltration via an Android MarketApp MarketInfiltration Exfiltration &Exploits
13. Android Malware120,000 300,000+
14. ANDROIDOS_JIGENSHA.AImpact Scope:760,000 users data leaked online in Japan Malicious Behavior:The malware collect Users contact listincludes phone number and names, thensends them to a remote server.
15. Your phone as your wallet
16. Samsung’s Knox software
17. Types of ThreatsSpying ToolsTrack user data like GPSand send to a 3rd partyRooterHacks phone to takecontrolPremium ServiceSecretly subscribesuser to paid servicesData StealerSteals personalinformationMaliciousDownloaderDownloads new appswithout user consentClick FraudTriggers pay-per-clickactivity on the device
18. Viruses for Android
19. Where’s the problem?
20. That’s why don‘t we see this underIOS
21. Mobile App Reputation• Mobile App Reputation is a cloud-basedtechnology that automatically identifiesmobile threats based on app behavior– Crawl & collect huge number of Android appsfrom various Android Markets– Identifies existing and brand new mobilemalware– Identifies apps that may abuse privacy / deviceresources– World’s first automatic mobile app evaluationservice • Malware?• Privacy Risk?• High ResourceConsumption?Mobile App Reputa<on Apps No Issues Issue Iden<ﬁed
22. Mobile App ReputationGeneratesreputationscores anddetailed reportCollects Apps andscans them in thecloud1.Static Analysis:Dissects app codeand private dataaccess.2.Correlates webqueries with SmartProtection Network3.Dynamic Analysis:Activates app toanalyze actualbehaviour4.
23. Mobile Application Reputation Architecture Data Bus / Control BusMSR (Mobile Sourcing)MPAFI (Mobile PAFI)MSA (Mobile StaDc Analyzer)MDA (Mobile Dynamic Analyzer)MSE (Mobile Scoring Engine)MDS (Mobile Data Store) SPN (Smart Protec<on Network) WRS/FRS Correlate Services PAFI: Pre-‐Analysis File Interscan
24. The ServiceAppstoresubmitsnew appsFTPCrawlerWebUploadApps arescannedReport isprovidedHTMLXMLEMAILAppstore removesbad apps andadds detailedinfo to app listings
25. Information provided by MARSMARS Sample Report
26. Developers! • Ensure what public libraries do, before you use them!• Corporate customers are very sensitive regarding DataLeakage!• CPU load and Battery impact plays a bigger and biggerrole in App selection!• Quick and Dirty might not be the way to go for asustainable business!• If you write Apps for a 3rd party, expect that the App willbe tested not only for functionality but also for potentialrisks, negative impacts
27. Mid of May mars.trendmicro.comto check the rating of your App