Signing key leak detection in Google Play Store
- Authors
- 정수환
- Issue Date
- Mar-2016
- Publisher
- Korean Institute of information scientists and engineers, IEEE
- Citation
- International Conference on Information Networking, pp.13 - 16
- Journal Title
- International Conference on Information Networking
- Start Page
- 13
- End Page
- 16
- URI
- http://scholarworks.bwise.kr/ssu/handle/2018.sw.ssu/5595
- DOI
- 10.1109/ICOIN.2016.7427066
- ISSN
- 1976-7684
- Abstract
- Developers use their private keys to sign the apps before publishing in Google Play Store, an Official Android Market. These keys must be kept secret as they uniquely identify the authority of a developer. We conduct an investigation on more than 21000 real malware and 1000 benign apps in Google Play Store to justify whether the private keys of these benign apps have been manipulated by malware. As a result, 15 apps are found vulnerable due to the leakage of private keys. We also confirm the attacking technique that uses similar package name in third party apps to lure users to install malware without notice. © 2016 IEEE.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - College of Information Technology > ETC > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.