A Longitudinal Study of Cryptographic API: a Decade of Android
Malware

D 2022

A Longitudinal Study of Cryptographic API: a Decade of Android Malware

JANOVSKÝ, Adam, Davide MAIORCA, Dominik MACKO, Václav MATYÁŠ, Giorgio GIACINTO et. al.

Basic information

Original name

A Longitudinal Study of Cryptographic API: a Decade of Android Malware

Name in Czech

Longitudální studie kryptografického API: Dékáda malwaru na platformě Android

Authors

JANOVSKÝ, Adam (203 Czech Republic, guarantor, belonging to the institution), Davide MAIORCA (380 Italy), Dominik MACKO (703 Slovakia, belonging to the institution), Václav MATYÁŠ (203 Czech Republic, belonging to the institution) and Giorgio GIACINTO (380 Italy)

Edition

Portugal, Proceedings of the 19th International Conference on Security and Cryptography, p. 121-133, 13 pp. 2022

Publisher

SCITEPRESS

Other information

Language

English

Type of outcome

Stať ve sborníku

Field of Study

10201 Computer sciences, information science, bioinformatics

Country of publisher

Portugal

Confidentiality degree

není předmětem státního či obchodního tajemství

Publication form

printed version "print"

RIV identification code

RIV/00216224:14330/22:00126229

Organization unit

Faculty of Informatics

ISBN

978-989-758-590-6

ISSN

DOI

http://dx.doi.org/10.5220/0011265300003283

UT WoS

000853004900010

Keywords in English

Cryptographic API; Malware; Android; Malware Detection

Abstract

V originále

Cryptography has been extensively used in Android applications to guarantee secure communications, conceal critical data from reverse engineering, or ensure mobile users’ privacy. Various system-based and third-party libraries for Android provide cryptographic functionalities, and previous works mainly explored the misuse of cryptographic API in benign applications. However, the role of cryptographic API has not yet been explored in Android malware. This paper performs a comprehensive, longitudinal analysis of cryptographic API in Android malware. In particular, we analyzed 603937 Android applications (half of them malicious, half benign) released between 2012 and 2020, gathering more than 1 million cryptographic API expressions. Our results reveal intriguing trends and insights on how and why cryptography is employed in Android malware. For instance, we point out the widespread use of weak hash functions and the late transition from insecure DES to AES. Additionally, we show that cryptography-related characteristics can help to improve the performance of learning-based systems in detecting malicious applications.

Links

GA20-03426S, research and development project

Name: Ověření a zlepšení bezpečnosti kryptografie eliptických křivek

Investor: Czech Science Foundation

MUNI/A/1076/2019, interní kód MU

Name: Zapojení studentů Fakulty informatiky do mezinárodní vědecké komunity 20 (Acronym: SKOMU)

Investor: Masaryk University, Category A

Citovat

JANOVSKÝ, Adam, Davide MAIORCA, Dominik MACKO, Václav MATYÁŠ and Giorgio GIACINTO. A Longitudinal Study of Cryptographic API: a Decade of Android Malware. In Sabrina De Capitani di Vimercati and Pierangela Samarati. Proceedings of the 19th International Conference on Security and Cryptography. Portugal: SCITEPRESS, 2022, p. 121-133. ISBN 978-989-758-590-6. Available from: https://dx.doi.org/10.5220/0011265300003283.

@inproceedings{1874340,
   author = {Janovský, Adam and Maiorca, Davide and Macko, Dominik and Matyáš, Václav and Giacinto, Giorgio},
   address = {Portugal},
   booktitle = {Proceedings of the 19th International Conference on Security and Cryptography},
   doi = {http://dx.doi.org/10.5220/0011265300003283},
   editor = {Sabrina De Capitani di Vimercati and Pierangela Samarati},
   keywords = {Cryptographic API; Malware; Android; Malware Detection},
   howpublished = {tištěná verze "print"},
   language = {eng},
   location = {Portugal},
   isbn = {978-989-758-590-6},
   pages = {121-133},
   publisher = {SCITEPRESS},
   title = {A Longitudinal Study of Cryptographic API: a Decade of Android Malware},
   year = {2022}
}

TY  - JOUR
ID  - 1874340
AU  - Janovský, Adam - Maiorca, Davide - Macko, Dominik - Matyáš, Václav - Giacinto, Giorgio
PY  - 2022
TI  - A Longitudinal Study of Cryptographic API: a Decade of Android Malware
PB  - SCITEPRESS
CY  - Portugal
SN  - 9789897585906
KW  - Cryptographic API
KW  - Malware
KW  - Android
KW  - Malware Detection
N2  - Cryptography has been extensively used in Android applications to guarantee secure communications, conceal critical data from reverse engineering, or ensure mobile users’ privacy. Various system-based and third-party libraries for Android provide cryptographic functionalities, and previous works mainly explored the misuse of cryptographic API in benign applications. However, the role of cryptographic API has not yet been explored in Android malware. This paper performs a comprehensive, longitudinal analysis of cryptographic API in Android malware. In particular, we analyzed 603937 Android applications (half of them malicious, half benign) released between 2012 and 2020, gathering more than 1 million cryptographic API expressions. Our results reveal intriguing trends and insights on how and why cryptography is employed in Android malware. For instance, we point out the widespread use of weak hash functions and the late transition from insecure DES to AES. Additionally, we show that cryptography-related characteristics can help to improve the performance of learning-based systems in detecting malicious applications.
ER  -

JANOVSKÝ, Adam, Davide MAIORCA, Dominik MACKO, Václav MATYÁŠ and Giorgio GIACINTO. A Longitudinal Study of Cryptographic API: a Decade of Android Malware. In Sabrina De Capitani di Vimercati and Pierangela Samarati. \textit{Proceedings of the 19th International Conference on Security and Cryptography}. Portugal: SCITEPRESS, 2022, p.~121-133. ISBN~978-989-758-590-6. Available from: https://dx.doi.org/10.5220/0011265300003283.

Detailed Information on Publication Record