Look back! Earlier versions will reveal weaknesses in Android Apps


Summary of the talk: Nowadays, Android platform gains explosively growing popularity. A considerable number of mobile consumers are attracted to varieties of Android Apps, which leads developers to invest resources to maintain the upward trajectory. In the early stage, the developers usually pay more attention to the functionality of Android Apps than the security matters. Unfortunately, it makes Android Apps a hot target for attackers. For the sake of resolving the attacks, developers attach great importance to improve the security of Apps and upgrade them to new versions, whereas leave their earlier versions diffuse through the network. In this paper, we indicate how to attack newly versions of popular Apps, including Facebook, Sina Weibo and Qihoo360 Cloud Driven, by using the weaknesses existing in their earlier versions. We design and implement an App weaknesses analysis tool named “DroidSkynet” to analyze the security weakness on widespread applications. Among 900 mainstream Apps collected from real world, our DroidSkynet indicates that 36.3% Apps are suffer from such weaknesses.

Biography: Jian Weng received the M.S. and B.S. degrees in computer science and engineering from South China University of Technology, in 2004 and 2000,respectively,and the Ph.D. degree in computer science and engineering from Shanghai Jiao Tong University,in 2008.From April 2008 to March 2010, he was a postdoc in the School of Information Systems, Singapore Management University. Currently, he is a dean, professor and phd-supervisor with the School of Information Technology, Jinan University. He has published more than 60 papers in cryptography conferences and journals,such as top conferences like CRYPTO,EUROCRYPT,ASIACRYPT,TCC,PKC, CT-RSA, and top journals like IEEE TDSC,IEEE TIFS etc. He served as PC co-chairs or PC member for more than 20 international conferences. He has won the 2014 cryptographic innovation award from Chinese Association for Cryptographic Research, the best paper award from the 28th Symposiumon Cryptography and Information Security (SCIS2011),and the best student award from the 8th International Conference on Provable Security(ProvSec2014). He has also investigated many Key Projects in National Science Foundation of China and Guangdong Province.