Sciweavers

CCS
2015
ACM

iRiS: Vetting Private API Abuse in iOS Applications

8 years 7 months ago
iRiS: Vetting Private API Abuse in iOS Applications
With the booming sale of iOS devices, the number of iOS applications has increased significantly in recent years. To protect the security of iOS users, Apple requires every iOS application to go through a vetting process called App Review to detect uses of private APIs that provide access to sensitive user information. However, recent attacks have shown the feasibility of using private APIs without being detected during App Review. To counter such attacks, we propose a new iOS application vetting system, called iRiS, in this paper. iRiS first applies fast static analysis to resolve API calls. For those that cannot be statically resolved, iRiS uses a novel iterative dynamic analysis approach, which is slower but more powerful compared to static analysis. We have ported Valgrind to iOS and implemented a prototype of iRiS on top of it. We evaluated iRiS with 2019 applications from the official App Store. From these, iRiS identified 146 (7%) applications that use a total number of 150 ...
Zhui Deng, Brendan Saltaformaggio, Xiangyu Zhang,
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where CCS
Authors Zhui Deng, Brendan Saltaformaggio, Xiangyu Zhang, Dongyan Xu
Comments (0)