| Mobile devices are evolving as the dominant computing platform,which people rely on deeply and use frequently so that there is a lot of private information in it. Apple iOS, as one of the most popular mobile operating systems, are considered more secure than other mobile offerings due to its built-in mechanisms, such as App (short for application) review and code signing. However, recent attacks have shown the feasibility of stealing the users' privacy without being detected,such as XcodeGhost and YouMi SDK.To block such malware, we present the design and implementation of a malware vetting system, called DMIA, in this paper. DMIA first collects runtime information of an app, especially API calls related to privacy and original network data provided by Monitor Layer. By matching local private data with network data, DMIA completes precise malware vetting.For those that cannot be resolved by matching because of communication encryption or obscure correlation features, DMIA offers a novel "machine learning model", which is black box but powerful. Furthermore, we propose and design a new method to detect malwares on the non-jairbreak platform, and prove its feasibility.We evaluated DMIA with 2000 apps from the official App Store and Cydia. As a result, DMIA verified 52 softwares which affected by the security incidents of XcodeGhost and YouMiSDK. It also verified 3 softwares which found by other malware detection tools. And DMIA successfully detected 2 new malwares. Furthermore, experiments show that DMIA can also identify private API abuse. There are 103 (5%) apps that use private API. In brief, DMIA is effective in detecting malwares missed by App Review. |
PDF Full Text Request