國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
5.2 Limitation
There are three limitations of the presented approach. First, we have to get an iOS application executable, that is available for the analysis. It is necessary to jailbreak the device in order to retrieve app executables; hence the latest apps that are not runnable on jailbroken devices may not be analyzed with the presented approach. For this reason, the subject of the reported experiments is highly limited to iOS version applications. Second, we can only conduct the behavior, that is included in the framework. If the developer per-forms a similar behavior which uses other frameworks or third party packages, we would not be able to check it. However, if the frameworks are included among our pattern, it could be detected. Third, we cluster these applications according to their descriptions.
As a result, if the description of an application is too unambiguous to correctly repre-sent its features, it is possible that it would be categorized into some actually dissimilar applications.
References
[1] D. M. Blei, A. Y. Ng, and M. I. Jordan, “Latent dirichlet allocation,” the Journal of machine Learning research, vol. 3, pp. 993–1022, 2003.
[2] “Number of available applications in the google play store from decem-ber 2009 to novemdecem-ber 2015.” http://www.statista.com/statistics/266210/
number-of-available-applications-in-the-google-play-store/. (Visited on 02/22/2016).
[3] “Number of available apps in the apple app store from july 2008 to june 2015.” http://www.statista.com/statistics/263795/
number-of-available-apps-in-the-apple-app-store/. (Visited on 02/22/2016).
[4] “Apps4review.com.” http://apps4review.com. (Visited on 01/04/2016).
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
[5] B. Yan and G. Chen, “Appjoy: personalized mobile application discovery,” in Pro-ceedings of the 9th international conference on Mobile systems, applications, and services, pp. 113–126, ACM, 2011.
[6] “The sweet setup.” http://thesweetsetup.com. (Visited on 01/04/2016).
[7] “Path app under fire for unauthorized address book upload.” http://appleinsider.
com/articles/12/02/07/path_app_under_fire_for_unauthorized_address_
book_upload.html. (Visited on 01/04/2016).
[8] “G data mobile malware report threat report: Q3/2015.” https://public.
gdatasoftware.com/Presse/Publikationen/Malware_Reports/G_DATA_
MobileMWR_Q3_2015_EN.pdf. (Visited on 01/04/2016).
[9] “Mcafee labs threats report november 2015.” http://www.mcafee.com/us/
resources/reports/rp-quarterly-threats-nov-2015.pdf. (Visited on 01/04/2016).
[10] B. Gedik and L. Liu, “Location privacy in mobile systems: A personalized anonymiza-tion model,” in Distributed Computing Systems, 2005. ICDCS 2005. Proceedings.
25th IEEE International Conference on, pp. 620–629, IEEE, 2005.
[11] A. Beach, M. Gartrell, and R. Han, “Solutions to security and privacy issues in mobile social networking,” in Computational Science and Engineering, 2009. CSE’09.
International Conference on, vol. 4, pp. 1036–1042, IEEE, 2009.
[12] “Mobilead2013.” http://www.emarketer.com/Article/
Driven-by-Facebook-Google-Mobile-Ad-Market-Soars-10537-2013/1010690.
(Visited on 01/04/2016).
[13] “Gartner says mobile advertising spending will reach $18 billion in 2014.” http:
//www.gartner.com/newsroom/id/2653121. (Visited on 01/04/2016).
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
[14] J. Gui, S. Mcilroy, M. Nagappan, and W. G. J. Halfond, “Truth in advertising: The hidden cost of mobile ads for software developers,” in 37th IEEE/ACM International Conference on Software Engineering, ICSE 2015, Florence, Italy, May 16-24, 2015, Volume 1, pp. 100–110, 2015.
[15] Z. Deng, B. Saltaformaggio, X. Zhang, and D. Xu, “iris: Vetting private api abuse in ios applications,” in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 44–56, ACM, 2015.
[16] “ios developer library.” https://developer.apple.com/library/ios/navigation.
(Visited on 01/04/2016).
[17] “nst/ios-runtime-headers.” https://github.com/nst/iOS-Runtime-Headers.
(Visited on 01/04/2016).
[18] “Appbrain.” http://www.appbrain.com. (Visited on 01/04/2016).
[19] P. Resnick, N. Iacovou, M. Suchak, P. Bergstrom, and J. Riedl, “Grouplens: An open architecture for collaborative filtering of netnews,” in Proceedings of the 1994 ACM Conference on Computer Supported Cooperative Work, CSCW ’94, pp. 175–
186, ACM, 1994.
[20] M. J. Pazzani, J. Muramatsu, and D. Billsus, “Syskill & webert: Identifying inter-esting web sites,” in AAAI/IAAI, Vol. 1, pp. 54–61, 1996.
[21] R. Van Meteren and M. Van Someren, “Using content-based filtering for recom-mendation,” in Proceedings of the Machine Learning in the New Information Age:
MLnet/ECML2000 Workshop, pp. 47–56, 2000.
[22] M. Balabanovi´c and Y. Shoham, “Fab: content-based, collaborative recommenda-tion,” Communications of the ACM, vol. 40, no. 3, pp. 66–72, 1997.
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
[23] G. Adomavicius and A. Tuzhilin, “Toward the next generation of recommender sys-tems: A survey of the state-of-the-art and possible extensions,” Knowledge and Data Engineering, IEEE Transactions on, vol. 17, no. 6, pp. 734–749, 2005.
[24] J. S. Breese, D. Heckerman, and C. Kadie, “Empirical analysis of predictive algo-rithms for collaborative filtering,” in Proceedings of the Fourteenth conference on Uncertainty in artificial intelligence, pp. 43–52, Morgan Kaufmann Publishers Inc., 1998.
[25] B. Sarwar, G. Karypis, J. Konstan, and J. Riedl, “Item-based collaborative filtering recommendation algorithms,” in Proceedings of the 10th international conference on World Wide Web, pp. 285–295, ACM, 2001.
[26] S. Deerwester, S. T. Dumais, G. W. Furnas, T. K. Landauer, and R. Harshman, “In-dexing by latent semantic analysis,” Journal of the American society for information science, vol. 41, no. 6, p. 391, 1990.
[27] T. Hofmann, “Probabilistic latent semantic analysis,” in Proceedings of the Fifteenth conference on Uncertainty in artificial intelligence, pp. 289–296, Morgan Kaufmann Publishers Inc., 1999.
[28] R. Krestel, P. Fankhauser, and W. Nejdl, “Latent dirichlet allocation for tag recom-mendation,” in Proceedings of the third ACM conference on Recommender systems, pp. 61–68, ACM, 2009.
[29] T. Hofmann, “Collaborative filtering via gaussian probabilistic latent semantic anal-ysis,” in Proceedings of the 26th Annual International ACM SIGIR Conference on Research and Development in Informaion Retrieval, SIGIR ’03, (New York, NY, USA), ACM, 2003.
[30] K. Yoshii, M. Goto, K. Komatani, T. Ogata, and H. G. Okuno, “Hybrid collaborative and content-based music recommendation using probabilistic model with latent user
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
[31] L. M. de Campos, J. M. Fern´andez-Luna, J. F. Huete, and M. A. Rueda-Morales,
“Combining content-based and collaborative recommendations: A hybrid approach based on bayesian networks,” Int. J. Approx. Reasoning, vol. 51, no. 7, pp. 785–799, 2010.
[32] F. Godin, V. Slavkovikj, W. De Neve, B. Schrauwen, and R. Van de Walle, “Using topic models for twitter hashtag recommendation,” in Proceedings of the 22nd in-ternational conference on World Wide Web companion, pp. 593–596, Inin-ternational World Wide Web Conferences Steering Committee, 2013.
[33] T. K. Landauer and S. T. Dumais, “A solution to plato’s problem: The latent se-mantic analysis theory of acquisition, induction, and representation of knowledge.,”
Psychological review, vol. 104, no. 2, p. 211, 1997.
[34] A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, “A survey of mobile malware in the wild,” in Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM ’11, pp. 3–14, 2011.
[35] W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, “A study of android application security.,” in USENIX security symposium, vol. 2, p. 2, 2011.
[36] W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. Mc-Daniel, and A. N. Sheth, “Taintdroid: an information-flow tracking system for real-time privacy monitoring on smartphones,” ACM Transactions on Computer Systems (TOCS), vol. 32, no. 2, p. 5, 2014.
[37] C. Mann and A. Starostin, “A framework for static detection of privacy leaks in android applications,” in Proceedings of the 27th Annual ACM Symposium on Applied Computing, pp. 1457–1462, ACM, 2012.
[38] M. Egele, C. Kruegel, E. Kirda, and G. Vigna, “Pios: Detecting privacy leaks in ios applications.,” in NDSS, 2011.
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
[39] T. Werthmann, R. Hund, L. Davi, A.-R. Sadeghi, and T. Holz, “Psios: bring your own privacy & security to ios devices,” in Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, pp. 13–24, ACM, 2013.
[40] L. Davi, A. Dmitrienko, M. Egele, T. Fischer, T. Holz, R. Hund, S. N¨urnberger, and A.-R. Sadeghi, “Mocfi: A framework to mitigate control-flow attacks on smart-phones.,” in NDSS, 2012.
[41] N. Nethercote and J. Seward, “Valgrind: a framework for heavyweight dynamic binary instrumentation,” in ACM Sigplan notices, vol. 42, pp. 89–100, ACM, 2007.
[42] F. Yu, Y.-C. Lee, S. Tai, and W.-S. Tang, “Appbeach: Characterizing app behaviors via static binary analysis,” in Proceedings of the 2013 IEEE Second International Conference on Mobile Services, p. 86, IEEE Computer Society, 2013.
[43] “Jgibblda:a java implementation of latent dirichlet allocation (lda) using gibbs sam-pling for parameter estimation and inference.” http://jgibblda.sourceforge.net.
(Visited on 01/04/2016).
[44] T. L. Griffiths and M. Steyvers, “Finding scientific topics,” Proceedings of the Na-tional Academy of Sciences, vol. 101, no. suppl 1, pp. 5228–5235, 2004.
[45] G. Salton and C. Buckley, “Term-weighting approaches in automatic text retrieval,”
Information processing & management, vol. 24, no. 5, pp. 513–523, 1988.
[46] “Appbeach.” http://soslab.nccu.edu.tw/appbeach, 2014. (Visited on 01/04/2016).