Mobile device market grew in rapid speed in the past few years; as shown in Table 1, more than 6.8 billion mobile phones were sold up to 2013 [21]. Besides that, smart devices (Smartphones, tablets) have become the majority in the market of mobile devices [27, 25, 34, 28, 29].
Smart devices provide variety functionalities through the mobile applications running on them, and bring out the whole new style of mobile device using, people now do lots of thing on their mobile devices, not just simply making phone calls and send SMS like old days.
Rank Country or region Number of
mobile phones Population Percentage
of population Last updated
— World 6.8billion+ 7,012,000,000 97 2013
Table 1. The amounts of mobile phones [21]
Smart devices provide enough computing power and network service with mobility, leading lots of PC users turn to smart devices on some activities they used to do on PCs, such as web browsing and social network accessing [1, 31, 24, 37]. The explosive growth of smart devices and the structural changes on mobile device using stimulated the growth of mobile app market; people download and use apps on their smart
‧
國立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
2
devices for different purposes all the time, under this circumstance; the amount of mobile apps grew with astonished speed, there are already more than one million apps on Apple App Store [5, 20], and the amount of app is still in steady growth [36].
Figure 1. Smartphone penetration [26]
Figure 2. The growth of the Apple App Store [36]
‧
As mentioned above, mobile apps provide various functionalities to satisfy users with their needs, some of these functionalities are similar with those provided on PC, such as web browsing, email service; and the other services provide more specific functionalities on mobile devices, for example: navigation. However, just like those security issues raised while enjoying the convenience on using PC programs, there are threats when user using mobile apps.
For example, lots of people access social network or use communication apps more on the mobile devices than on their computers, and lots of these services encourage or ask users to create a new account or use the existing information as the new account, such as account of famous domain (Facebook, Google, etc.) or even the cellphone number (especially in the cases of communication apps). Moreover, some apps may ask users to import information such as contacts in order to interact with their friends; navigation apps need to know exactly where the users are by assessing their GPS location to provide precise suggestions. Apps make these requests for providing much better user experiences, which is the positive incentive on users’ information.
To enjoy the functionalities provided by apps, as mentioned before:
users have to meet the requirements of apps first; in the case above, users need to provide their personal information to some degree to create an account and grant the requests for apps to access private data on the device. Actions like these raise severe security issues, for instance, apps may be able to access more information or get more permissions than necessary, and apps may misuse the information and the permissions they
‧
obtained, moreover, apps could collect/transmit the data of the devices or the information of the users, and these may open windows for apps with malicious incentives.
Situations mentioned above give apps with malicious incentives lot of chances to achieve their objectives, which are basically performed with two phases, the first phase is retrieving private information on the devices;
and the second phase is transmitting the information outward the devices for further uses. If the actions apps take in these two phases is without user granted, than users will probably not even aware such behaviors.
Nonetheless, most of the apps available on the market were not developed by the developers in the companies manufactured the mobile devices or the companies build the operating systems running on the devices. Most of these apps were developed by other companies or independent developers. Under this circumstance, it is highly likely the malignant developers or hackers have their chances to insert the malicious contents into the apps to achieve the specific objectives.
Like all the web applications, mobile applications have their license agreements which are “long, incomprehensible privacy policies that users typically do not read, let alone understand” [38]. Hence, users’ confidence comes from other users and other services from the same companies. On the other hand, even we suppose that users have read the license agreements and fully comprehend the terms, according to end user license agreements (EULA) of the markets, “Information collected by third parties, which may include such things as location data or contact details, is governed by their privacy policies.” [2, 35, 4], which means users have
‧
to visit the application developers’ websites and ensure that their personal information will not be retrieved by others like advertisers. In sum, accepting or declining the license agreements doesn’t guarantee anyone’s information security.
To ensure the security level, Apple Inc. adopts the review policy, which is developers of apps must obey the license agreement proposed by Apple, and all of the apps submitted to the Apple App Store will be reviewed by Apple to ensure there is no violation of the license agreement [8]. However, this policy is not totally effective, there were still apps contain malicious behaviors which approved by Apple, famous example are the applications developed by the developer “Storm8” which harvested users phone numbers and other personal information [6].
Besides that, users of devices which is root exploited (jailbroken) can download apps form non-official (which means apps are not been reviewed) repositories such as the well-known Cydia [10].
The objective of this work is to present an effective static approach to analyze behaviors of iOS apps. And we developed a system, which provides an effective tool named AppBeach (abbrv. on App Behavior Architect) for analyzing the app executables with distributed computing algorithm, which detects and reports the potential malicious behaviors of mobile apps.
‧
2.1. Malicious behaviors of mobile apps
To fulfill the needs of users, mobile app executes series of functions to perform the requested functionalities; these sets of function calls are the behaviors of the mobile app, which are basically performed to delight users, the intensives the vast majority of app developers have. However, there are times the information misused by the application, or the app itself is made for malicious objectives by hackers or malicious developers.
Adrienne Porter Felt et al. [17] conclude the threat types of mobile applications into three categories: Malware, Personal Spyware and Grayware. Furthermore they evaluate the security of different mobile app markets and classified the incentives of malicious apps; they conclude the incentives as follows: Novelty and Amusement, Selling User Information, Stealing User Credentials, Premium-Rate Calls and SMS, SMS Spam, Search Engine Optimization and Ransom.
William Enck et al. [16] classified the mobile app malicious behavior in another approach; they divided these behaviors into two categories: information misuse and phone misuse. The first type is information misuse, which means that sensitive information on the devices (including IMEI, the device identifier; IMSI, the subscriber identifier; ICCID, the SIM card serial number; location information and so on.) has been being leaked by transferring information outward the device. The other type is phone misuse, which means the smartphone