Computer Science ›› 2018, Vol. 45 ›› Issue (4): 163-168.doi: 10.11896/j.issn.1002-137X.2018.04.027

Previous Articles     Next Articles

PDiOS:Private API Call Detection in iOS Applications

WU Shu, ZHOU An-min and ZUO Zheng   

  • Online:2018-04-15 Published:2018-05-11

Abstract: Apple has reviewed every application in App Store,including private application programming interface(API) calls,but some malicious applications still escape from the review.Aiming at the private API call in iOS application,a detection technique combining dynamic and static analysis was proposed.Most of the API call sites were processed by static analysis of backward slicing and constant propagation,and the remaining APIs are dealt with by dynamic iterative analysis based on enforcement.Static analysis includes a comprehensive analysis of the binary file and the implicit call analysis in the resource file processing.Dynamic analysis mainly depends on the binary dynamic analysis framework for iterative analysis.Finally,the existence of private API is determined by comparing the API in the public header file.There are 82 applications with 128 different private API calls during the testing of 1012 applications in App Store,and 26 applications are sure to use private API calls in the 32 applications signed by the enterprise certificate.

Key words: Private application programming interface,Application vetting,Backward slicing,Constant propagation,Forced execution

[1] JOORABCHI M E,MESBAH A.Reverse engineering iOS mobile applications[C]∥2012 19th Working Conference on Reverse Engineering(WCRE).IEEE,2012:177-186.
[2] KURTZ A,GASCON H,BECKER T,et al.Fingerprinting mobile devices using personalized configurations[J].Proceedings on Privacy Enhancing Technologies,2016,6(1):4-19.
[3] EGELE M,KRUEGEL C,KIRDA E,et al.PiOS:Detecting Privacy Leaks in iOS Applications[C]∥NDSS.2011:177-183.
[4] DENG Z,SALTAFORMAGGIO B,ZHANG X,et al.iRiS:Vetting private api abuse in ios applications[C]∥Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security.ACM,2015:44-56.
[5] SERIOT N.iPhone Privacy[EB/OL].[2010-02-03].http://seriot.ch/resources/talks_papers/iPhonePrivacy.pdf.
[6] iOS Technology Overview[EB/OL].[2016-05-01].https://developer.apple.com/library/content/documentation/Miscellaneous/Conceptual/iPhoneOSTechOverview/Introduction/Introduction.html#//apple_ref/doc/uid/TP40007898-CH1-SW1.
[7] 关东升.iOS开发指南[M].北京:人民邮电出版社,2016.
[8] AGARWAL Y,HALL M.ProtectMyPrivacy:detecting and mi-tigating privacy leaks on iOS devices using crowdsourcing[C]∥11th Annual International Conference on Mobile Systems,Applications,and Services.ACM,2013:97-110.
[9] GARCA L,RODRGUEZ R J.A Peek under the Hood of iOS Malware[C]∥2016 11th International Conference on Availability,Reliability and Security(ARES).IEEE,2016:590-598.
[10] MOU L,LU Z,LI H,et al.Coupling distributed and symbolicexecution for natural language queries[J].arXiv preprint arXiv:1612.02741,2016.
[11] PENG F,DENG Z,ZHANG X,et al.X-Force:Force-Executing Binary Programs for Security Applications[C]∥USENIX Security Symposium.2014:829-844.
[12] Hex-Rays.IDA Pro.http://www.hex-rays.com/idapro.
[13] WEISER M.Program slicing[C]∥International Conference on Software Engineering.IEEE Press,1981:439-449.
[14] SABELFELD A,MYERS A C.Language-based information-flow security[J].IEEE Journal on Selected Areas in Communications,2003,21(1):5-19.
[15] NETHERCOTE N,SEWARD J.Valgrind:a framework forheavy weight dynamic binary instrumentation[J].ACM Sigplan notices,ACM,2007,42(6):89-100.
[16] LEVIN J.Mac OS X and IOS Internals:To the Apple’s Core[M].England:John Wiley & Sons,2012.

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!