Detailed Information on Publication Record

JANOVSKÝ, Adam, Davide MAIORCA, Dominik MACKO, Václav MATYÁŠ and Giorgio GIACINTO. A Longitudinal Study of Cryptographic API: a Decade of Android Malware. In Sabrina De Capitani di Vimercati and Pierangela Samarati. Proceedings of the 19th International Conference on Security and Cryptography. Portugal: SCITEPRESS, 2022, p. 121-133. ISBN 978-989-758-590-6. Available from: https://dx.doi.org/10.5220/0011265300003283.

Other formats: BibTeX LaTeX RIS

Basic information
Original name	A Longitudinal Study of Cryptographic API: a Decade of Android Malware
Name in Czech	Longitudální studie kryptografického API: Dékáda malwaru na platformě Android
Authors	JANOVSKÝ, Adam (203 Czech Republic, guarantor, belonging to the institution), Davide MAIORCA (380 Italy), Dominik MACKO (703 Slovakia, belonging to the institution), Václav MATYÁŠ (203 Czech Republic, belonging to the institution) and Giorgio GIACINTO (380 Italy).
Edition	Portugal, Proceedings of the 19th International Conference on Security and Cryptography, p. 121-133, 13 pp. 2022.
Publisher	SCITEPRESS

Other information
Original language	English
Type of outcome	Proceedings paper
Field of Study	10201 Computer sciences, information science, bioinformatics
Country of publisher	Portugal
Confidentiality degree	is not subject to a state or trade secret
Publication form	printed version "print"
RIV identification code	RIV/00216224:14330/22:00126229
Organization unit	Faculty of Informatics
ISBN	978-989-758-590-6
ISSN	2184-7711
Doi	http://dx.doi.org/10.5220/0011265300003283
UT WoS	000853004900010
Keywords in English	Cryptographic API; Malware; Android; Malware Detection
Tags	firank_B
Tags	International impact, Reviewed
Changed by	Changed by: RNDr. Pavel Šmerk, Ph.D., učo 3880. Changed: 14/5/2024 12:44.

Abstract
Cryptography has been extensively used in Android applications to guarantee secure communications, conceal critical data from reverse engineering, or ensure mobile users’ privacy. Various system-based and third-party libraries for Android provide cryptographic functionalities, and previous works mainly explored the misuse of cryptographic API in benign applications. However, the role of cryptographic API has not yet been explored in Android malware. This paper performs a comprehensive, longitudinal analysis of cryptographic API in Android malware. In particular, we analyzed 603937 Android applications (half of them malicious, half benign) released between 2012 and 2020, gathering more than 1 million cryptographic API expressions. Our results reveal intriguing trends and insights on how and why cryptography is employed in Android malware. For instance, we point out the widespread use of weak hash functions and the late transition from insecure DES to AES. Additionally, we show that cryptography-related characteristics can help to improve the performance of learning-based systems in detecting malicious applications.

Abstract

Cryptography has been extensively used in Android applications to guarantee secure communications, conceal critical data from reverse engineering, or ensure mobile users’ privacy. Various system-based and third-party libraries for Android provide cryptographic functionalities, and previous works mainly explored the misuse of cryptographic API in benign applications. However, the role of cryptographic API has not yet been explored in Android malware. This paper performs a comprehensive, longitudinal analysis of cryptographic API in Android malware. In particular, we analyzed 603937 Android applications (half of them malicious, half benign) released between 2012 and 2020, gathering more than 1 million cryptographic API expressions. Our results reveal intriguing trends and insights on how and why cryptography is employed in Android malware. For instance, we point out the widespread use of weak hash functions and the late transition from insecure DES to AES. Additionally, we show that cryptography-related characteristics can help to improve the performance of learning-based systems in detecting malicious applications.

Links
GA20-03426S, research and development project	Name: Ověření a zlepšení bezpečnosti kryptografie eliptických křivek
GA20-03426S, research and development project	Investor: Czech Science Foundation
MUNI/A/1076/2019, interní kód MU	Name: Zapojení studentů Fakulty informatiky do mezinárodní vědecké komunity 20 (Acronym: SKOMU)
MUNI/A/1076/2019, interní kód MU	Investor: Masaryk University, Category A