Explaining the Use of Cryptographic API in Android Malware

D 2023

Explaining the Use of Cryptographic API in Android Malware

JANOVSKÝ, Adam; Davide MAIORCA; Dominik MACKO; Václav MATYÁŠ; Giorgio GIACINTO et al.

Základní údaje

Originální název

Explaining the Use of Cryptographic API in Android Malware

Autoři

JANOVSKÝ, Adam; Davide MAIORCA; Dominik MACKO; Václav MATYÁŠ a Giorgio GIACINTO

Vydání

Cham, E-Business and Telecommunications, od s. 69-97, 29 s. 2023

Nakladatel

Springer Nature Switzerland

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10200 1.2 Computer and information sciences

Stát vydavatele

Švýcarsko

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

elektronická verze "online"

Odkazy

URL

Označené pro přenos do RIV

Ano

Kód RIV

RIV/00216224:14330/23:00131871

Organizační jednotka

Fakulta informatiky

ISBN

978-3-031-45136-2

ISSN

Klíčová slova anglicky

cryptography;Android;malware

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 13. 8. 2025 18:04, Mgr. Petra Trembecká, Ph.D.

Anotace

V originále

Cryptography allows for guaranteeing secure communications, concealing critical data from reverse engineering, or ensuring mobile users’ privacy. Android malware developers extensively leveraged cryptographic libraries to obfuscate and hide malicious behavior. Various system-based and third-party libraries provide cryptographic functionalities for Android, and their use and misuse by application developers have already been documented. This paper analyzes the use of cryptographic APIs in Android malware by comparing them to benign Android applications. In particular, Android applications released between 2012 and 2020 have been analyzed, and more than 1 million cryptographic API expressions have been gathered. We created a processing pipeline to produce a report to reveal trends and insights on how and why cryptography is employed in Android malware. Results showed that the usage of cryptographic APIs in malware differs from that made in benign applications. The different patterns in the use of cryptographic APIs in malware and benign applications have been further analyzed through the explanations of Android malware detectors based on machine learning approaches, showing how crypto-related features can improve detection performances. We observed that the transition to more robust cryptographic techniques is slower in Android malware than in benign applications.

Návaznosti

GA20-03426S, projekt VaV

Název: Ověření a zlepšení bezpečnosti kryptografie eliptických křivek

Investor: Grantová agentura ČR, Ověření a zlepšení bezpečnosti kryptografie eliptických křivek

MUNI/A/1076/2019, interní kód MU

Název: Zapojení studentů Fakulty informatiky do mezinárodní vědecké komunity 20 (Akronym: SKOMU)

Investor: Masarykova univerzita, Zapojení studentů Fakulty informatiky do mezinárodní vědecké komunity 20, DO R. 2020_Kategorie A - Specifický výzkum - Studentské výzkumné projekty

Citovat

JANOVSKÝ, Adam; Davide MAIORCA; Dominik MACKO; Václav MATYÁŠ a Giorgio GIACINTO. Explaining the Use of Cryptographic API in Android Malware. Online. In Van Sinderen, M., Wijnhoven, F., Hammoudi, S., Samarati, P., Vimercati. E-Business and Telecommunications. Cham: Springer Nature Switzerland, 2023, s. 69-97. ISBN 978-3-031-45136-2. Dostupné z: https://doi.org/10.1007/978-3-031-45137-9_4.

@inproceedings{2323657,
   author = {Janovský, Adam and Maiorca, Davide and Macko, Dominik and Matyáš, Václav and Giacinto, Giorgio},
   address = {Cham},
   booktitle = {E-Business and Telecommunications},
   doi = {https://doi.org/10.1007/978-3-031-45137-9_4},
   editor = {Van Sinderen, M., Wijnhoven, F., Hammoudi, S., Samarati, P., Vimercati},
   keywords = {cryptography;Android;malware},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {Cham},
   isbn = {978-3-031-45136-2},
   pages = {69-97},
   publisher = {Springer Nature Switzerland},
   title = {Explaining the Use of Cryptographic API in Android Malware},
   url = {https://link.springer.com/chapter/10.1007/978-3-031-45137-9_4},
   year = {2023}
}

TY  - CONF
ID  - 2323657
AU  - Janovský, Adam - Maiorca, Davide - Macko, Dominik - Matyáš, Václav - Giacinto, Giorgio
PY  - 2023
TI  - Explaining the Use of Cryptographic API in Android Malware
PB  - Springer Nature Switzerland
CY  - Cham
SN  - 9783031451362
KW  - cryptography;Android;malware
UR  - https://link.springer.com/chapter/10.1007/978-3-031-45137-9_4
N2  - Cryptography allows for guaranteeing secure communications, concealing critical data from reverse engineering, or ensuring mobile users’ privacy. Android malware developers extensively leveraged cryptographic libraries to obfuscate and hide malicious behavior. Various system-based and third-party libraries provide cryptographic functionalities for Android, and their use and misuse by application developers have already been documented. This paper analyzes the use of cryptographic APIs in Android malware by comparing them to benign Android applications. In particular, Android applications released between 2012 and 2020 have been analyzed, and more than 1 million cryptographic API expressions have been gathered. We created a processing pipeline to produce a report to reveal trends and insights on how and why cryptography is employed in Android malware. Results showed that the usage of cryptographic APIs in malware differs from that made in benign applications. The different patterns in the use of cryptographic APIs in malware and benign applications have been further analyzed through the explanations of Android malware detectors based on machine learning approaches, showing how crypto-related features can improve detection performances. We observed that the transition to more robust cryptographic techniques is slower in Android malware than in benign applications.
ER  -

JANOVSKÝ, Adam; Davide MAIORCA; Dominik MACKO; Václav MATYÁŠ a Giorgio GIACINTO. Explaining the Use of Cryptographic API in Android Malware. Online. In Van Sinderen, M., Wijnhoven, F., Hammoudi, S., Samarati, P., Vimercati. \textit{E-Business and Telecommunications}. Cham: Springer Nature Switzerland, 2023, s.~69-97. ISBN~978-3-031-45136-2. Dostupné z: https://doi.org/10.1007/978-3-031-45137-9\_{}4.

Přehled o publikaci