Mobile quarantine station for malicious Android apps

March 13, 2015, Saarland University
Philipp von Styp-Rekowsky. Credit: Oliver Dietze

The attacks were perfidious: In February this year, the Czech IT security company Avast declared that it had identified several malicious game apps for mobile phones in the Google Play Store – ones that would only become criminally active on the device after several weeks. Then the affected smartphones or tablet computers would suddenly take minutes, instead of seconds, to display all the usual settings in proper colors. Or a message would appear when unlocking the device, claiming that the memory was infected or full of pornographic data. Anyone following the instructions given there would be redirected to suspicious sites, which make users download even more malicious programs (malware).

"Regardless of whether the application is malicious or not, recreational games that you just want to play around with can be downloaded without hesitation using our method," says Philipp von Styp-Rekowsky. The computer scientist is a doctoral candidate at the Saarland University Graduate School for Computer Science, and also a researcher at the Center for IT-Security, Privacy and Accountability (CISPA), one of three security research centers in Germany that are specifically funded by the German Federal Ministry of Education and Research, BMBF.

What von Styp-Rekowsky developed for mobile devices with an Android , already exists for operating systems on personal computers – the keywords are "Application Virtualization" or "Sandboxing". This is what software experts call those specially insulated areas of a program where its computations can have no effect whatsoever on its environment. Accordingly, von Styp-Rekowsky designed an app that acts as a kind of "quarantine station", isolating suspicious-looking apps installed on devices like smartphones and .

"This has some significant advantages compared to previous methods," says von Styp-Rekowsky. "So far, this kind of controlled execution of oversight when executing suspicious apps could only be achieved either by interfering with the operating system, or by modifying the executable code of the app. In the first case, users would need to install a special version of the operating system, but in the second case, as soon as you change the code, you are no longer on firm legal ground, and will also lose the application data as well as the automatic update function." However, both these methods would not only be overwhelming to less experienced users, in the worst case, they could even make the device inoperative.

Von Styp-Rekowsky's sandbox approach works around these difficulties. "The installation process for apps is just the same as before. Users only need to make sure that it happens inside the sandbox," the researcher says. Moreover, his system not only serves as a protection against data theft, it is also useful for business clients with issues related to the trend to "bring your own device": It is becoming increasingly common that employees use their personal devices for official duties. In terms of IT security and legal certainty, this is certainly a major challenge for employers. "With the help of our app, a company could set up a segment of the employee's device in such a way that it is limited to work-related activities, allowing better protection of the interests of both the employer and the owner of the device," von Styp-Rekowsky explains. The app is still a research prototype presently, but will be developed into a marketable application in the next few months.

Explore further: Cebit 2015: Find out what your apps are really doing

Related Stories

Cebit 2015: Find out what your apps are really doing

March 10, 2015

These tiny programs on Internet-connected mobile phones are increasingly becoming entryways for surveillance and fraud. Computer scientists from the center for IT-Security, Privacy and Privacy, CISPA, have developed a program ...

Software analyzes apps for malicious behavior

March 7, 2014

Last year at the end of July the Russian software company "Doctor Web" detected several malicious apps in the app store "Google Play". Downloaded on a smartphone, the malware installed—without the permission of the user—additional ...

Recommended for you

Printing microelectrode array sensors on gummi candy

June 22, 2018

Microelectrodes can be used for direct measurement of electrical signals in the brain or heart. These applications require soft materials, however. With existing methods, attaching electrodes to such materials poses significant ...

EU copyright law passes key hurdle

June 20, 2018

A highly disputed European copyright law that could force online platforms such as Google and Facebook to pay for links to news content passed a key hurdle in the European Parliament on Wednesday.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.