A Longitudinal Study of Cryptographic API: a Decade of Android Malware
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F22%3A00126229" target="_blank" >RIV/00216224:14330/22:00126229 - isvavai.cz</a>
Result on the web
<a href="http://dx.doi.org/10.5220/0011265300003283" target="_blank" >http://dx.doi.org/10.5220/0011265300003283</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.5220/0011265300003283" target="_blank" >10.5220/0011265300003283</a>
Alternative languages
Result language
angličtina
Original language name
A Longitudinal Study of Cryptographic API: a Decade of Android Malware
Original language description
Cryptography has been extensively used in Android applications to guarantee secure communications, conceal critical data from reverse engineering, or ensure mobile users’ privacy. Various system-based and third-party libraries for Android provide cryptographic functionalities, and previous works mainly explored the misuse of cryptographic API in benign applications. However, the role of cryptographic API has not yet been explored in Android malware. This paper performs a comprehensive, longitudinal analysis of cryptographic API in Android malware. In particular, we analyzed 603937 Android applications (half of them malicious, half benign) released between 2012 and 2020, gathering more than 1 million cryptographic API expressions. Our results reveal intriguing trends and insights on how and why cryptography is employed in Android malware. For instance, we point out the widespread use of weak hash functions and the late transition from insecure DES to AES. Additionally, we show that cryptography-related characteristics can help to improve the performance of learning-based systems in detecting malicious applications.
Czech name
—
Czech description
—
Classification
Type
D - Article in proceedings
CEP classification
—
OECD FORD branch
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Result continuities
Project
<a href="/en/project/GA20-03426S" target="_blank" >GA20-03426S: Examining and improving security of elliptic curve cryptography</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach
Others
Publication year
2022
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Article name in the collection
Proceedings of the 19th International Conference on Security and Cryptography
ISBN
9789897585906
ISSN
2184-7711
e-ISSN
—
Number of pages
13
Pages from-to
121-133
Publisher name
SCITEPRESS
Place of publication
Portugal
Event location
Lisabon
Event date
Jul 11, 2022
Type of event by nationality
WRD - Celosvětová akce
UT code for WoS article
000853004900010