Nav: Home

Cebit 2015: Find out what your apps are really doing

March 10, 2015

RiskIQ, an IT security-software company, recently examined 350,000 apps that offer monetary transactions, and found more than 40,000 of these specialized programs to be little more than scams. Employees had downloaded the apps from around 90 recognized app store websites worldwide, and analyzed them. They discovered that a total of eleven percent of these apps contained malicious executable functions - they could read along personal messages, or remove password protections. And all this would typically take place unnoticed by the user.

Computer scientists from Saarbrücken have now developed a software system that allows users to detect malicious apps at an early stage. This is achieved by scanning the program code, with an emphasis on those parts where the respective app is accessing or transmitting personal information. The monitoring software will detect whether a data request is related to the subsequent transmission of data, and will flag the code sequence in question as suspicious accordingly. "Imagine your address book is read out, and hundreds of lines of code later, without you noticing, your phone will send your contacts to an unknown website," Erik Derr says. Derr is a PhD student at the Graduate School for Computer Science at Saarland University, and a researcher at the Saarbrücken Research Center for IT Security, CISPA. An important feature of the software he developed is its ability to monitor precisely which websites an app is accessing, or which phone number a text message was sent to.

To conclusively detect these functional relationships between the data source and the recipient, the researchers use contemporary methods of information flow analysis. They set their program up in advance with a list of suspicious code combinations that access programming interfaces, so that it would learn to differentiate between "good" and "evil" apps, and additionally fed it with details of currently known attacks. "So it can be helpful, for instance, to know the telephone numbers of these expensive premium services. Say one of these numbers is dialed without the consent of the user, then the fraud is obvious," Derr explains. Since his method is computationally demanding and also requires a lot of memory space, the software is run on a dedicated server. "It takes our software an average of 25 minutes per app," Derr says. So far, his research team has tested around 23,000 apps in this manner. And of course, consumers will benefit most from this approach. "The app could be analyzed on our server, and the results would be displayed on your smartphone. Or ideally, the evaluation process could be integrated directly into the app store websites," explains Derr. This is one of the reasons the Saarbrücken researchers are already discussing the issue with US online retail company Amazon. "But Google would certainly be an option as well,", says Derr.
-end-
Background Information on Computer Science in Saarbrücken

The Department of Computer Science represents the center of computer science research in Saarbrücken. Seven other internationally renowned research institutes are nearby: The Max Planck Institutes for Informatics and for Software Systems, the German Research Center for Artificial Intelligence (DFKI), the Center for Bioinformatics, the Intel Visual Computing Institute, the Center for IT Security, Privacy and Accountability (CISPA), and the Cluster of Excellence "Multimodal Computing and Interaction".

Media Inquiries:

Erik Derr
Center For IT Security, Privacy and Accountability CISPA
Phone: +49 681 302 57368
Email: derr(at)cs.uni-saarland.de

Editor:

Gordon Bolduan
Science Communication
Competence Center Computer Science Saarland
Phone: +49 681 302-70741
Email: bolduan(at)mmci.uni-saarland.de

Information for Radio Journalists: Phone interviews with Saarland University scientists can be conducted in studio quality using the Radio Codec (via direct-dial IP connection, or the ARD Sternpunkt 106813020001). Interview requests can be made via our press department (+49 681 302-2601).

Saarland University

Related Data Articles:

Data centers use less energy than you think
Using the most detailed model to date of global data center energy use, researchers found that massive efficiency gains by data centers have kept energy use roughly flat over the past decade.
Storing data in music
Researchers at ETH Zurich have developed a technique for embedding data in music and transmitting it to a smartphone.
Life data economics: calling for new models to assess the value of human data
After the collapse of the blockchain bubble a number of research organisations are developing platforms to enable individual ownership of life data and establish the data valuation and pricing models.
Geoscience data group urges all scientific disciplines to make data open and accessible
Institutions, science funders, data repositories, publishers, researchers and scientific societies from all scientific disciplines must work together to ensure all scientific data are easy to find, access and use, according to a new commentary in Nature by members of the Enabling FAIR Data Steering Committee.
Democratizing data science
MIT researchers are hoping to advance the democratization of data science with a new tool for nonstatisticians that automatically generates models for analyzing raw data.
Getting the most out of atmospheric data analysis
An international team including researchers from Kanazawa University used a new approach to analyze an atmospheric data set spanning 18 years for the investigation of new-particle formation.
Ecologists ask: Should we be more transparent with data?
In a new Ecological Applications article, authors Stephen M. Powers and Stephanie E.
Should you share data of threatened species?
Scientists and conservationists have continually called for location data to be turned off in wildlife photos and publications to help preserve species but new research suggests there could be more to be gained by sharing a rare find, rather than obscuring it, in certain circumstances.
Futuristic data storage
The development of high-density data storage devices requires the highest possible density of elements in an array made up of individual nanomagnets.
Making data matter
The advent of 3-D printing has made it possible to take imaging data and print it into physical representations, but the process of doing so has been prohibitively time-intensive and costly.
More Data News and Data Current Events

Trending Science News

Current Coronavirus (COVID-19) News

Top Science Podcasts

We have hand picked the top science podcasts of 2020.
Now Playing: TED Radio Hour

Climate Mindset
In the past few months, human beings have come together to fight a global threat. This hour, TED speakers explore how our response can be the catalyst to fight another global crisis: climate change. Guests include political strategist Tom Rivett-Carnac, diplomat Christiana Figueres, climate justice activist Xiye Bastida, and writer, illustrator, and artist Oliver Jeffers.
Now Playing: Science for the People

#562 Superbug to Bedside
By now we're all good and scared about antibiotic resistance, one of the many things coming to get us all. But there's good news, sort of. News antibiotics are coming out! How do they get tested? What does that kind of a trial look like and how does it happen? Host Bethany Brookeshire talks with Matt McCarthy, author of "Superbugs: The Race to Stop an Epidemic", about the ins and outs of testing a new antibiotic in the hospital.
Now Playing: Radiolab

Speedy Beet
There are few musical moments more well-worn than the first four notes of Beethoven's Fifth Symphony. But in this short, we find out that Beethoven might have made a last-ditch effort to keep his music from ever feeling familiar, to keep pushing his listeners to a kind of psychological limit. Big thanks to our Brooklyn Philharmonic musicians: Deborah Buck and Suzy Perelman on violin, Arash Amini on cello, and Ah Ling Neu on viola. And check out The First Four Notes, Matthew Guerrieri's book on Beethoven's Fifth. Support Radiolab today at Radiolab.org/donate.