Sciweavers

CODASPY
2016

On the Origin of Mobile Apps: Network Provenance for Android Applications

8 years 8 months ago
On the Origin of Mobile Apps: Network Provenance for Android Applications
Many mobile services consist of two components: a server providing an API, and an application running on smartphones and communicating with the API. An unresolved problem in this design is that it is difficult for the server to authenticate which app is accessing the API. This causes many security problems. For example, the provider of a private network API has to embed secrets in its official app to ensure that only this app can access the API; however, attackers can uncover the secret by reverse-engineering. As another example, malicious apps may send automatic requests to ad servers to commit ad fraud. In this work, we propose a system that allows network API to authenticate the mobile app that sends each request so that the API can make an informed access control decision. Our system, the Mobile Trusted-Origin Policy, consists of two parts: 1) an app provenance mechanism that annotates outgoing HTTP(S) requests with information about which app generated the network traffic, and 2)...
Ryan Stevens, Jonathan Crussell, Hao Chen 0003
Added 31 Mar 2016
Updated 31 Mar 2016
Type Journal
Year 2016
Where CODASPY
Authors Ryan Stevens, Jonathan Crussell, Hao Chen 0003
Comments (0)