Apparatus and method for analyzing permission of application for mobile devices and detecting risk

US 9,141,801 B2
Filed: 08/22/2013
Issued: 09/22/2015
Est. Priority Date: 02/27/2013
Status: Active Grant

First Claim

Patent Images

1. An apparatus for analyzing a permission of an application for a mobile device, the apparatus comprising:

an executable file acquisition device configured to acquire an executable file of the application;

a file extraction device including an unpackaging section, wherein the unpacking section is configured to unpackage the executable file to extract a first file which describes the information about permission that is declared in the application and a permission that the application uses; and

an execution permission analyzing device configured to detect a security risk which can be caused by the permission on the basis of the permission described in the extracted file,wherein the information related to the permission of the application comprises;

information on permission that is declared in the application, permission that the application uses and a function that uses the permission of the application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus for analyzing a permission of an application for a mobile device, the apparatus comprising: an executable file acquisition unit; a file extraction module; and an execution permission analyzing module configured to detect a security risk which can be caused by the permission on the basis of the permission described in the extracted file, wherein the information related to the permission of the application includes information on permission that is declared in the application, permission that the application uses and a function that uses the permission of the application.

Citations

15 Claims

1. An apparatus for analyzing a permission of an application for a mobile device, the apparatus comprising:
- an executable file acquisition device configured to acquire an executable file of the application;
  
  a file extraction device including an unpackaging section, wherein the unpacking section is configured to unpackage the executable file to extract a first file which describes the information about permission that is declared in the application and a permission that the application uses; and
  
  an execution permission analyzing device configured to detect a security risk which can be caused by the permission on the basis of the permission described in the extracted file,wherein the information related to the permission of the application comprises;
  
  information on permission that is declared in the application, permission that the application uses and a function that uses the permission of the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus of claim 1, wherein the file extraction device further includes:
    - a reverse engineering section configured to perform a reverse engineering on a second file that contains information on a function that uses the permission of the application among the unpackaged files by the unpackaging unit.
  - 3. The apparatus of claim 2, wherein the reverse engineering section is configured to convert the second file into a file having an extension of class or jar, which in turn is converted into a file having an extension of Java.
  - 4. The apparatus of claim 2, wherein the execution permission analyzing device comprises:
    - a declared permission analyzing section configured to analyze the first file;
      
      a function extraction section configured to parse the result that the second file has been subjected to the reverse engineering to extract the function that the application uses;
      
      a pattern analyzing section configured to analyze the risk on the basis of a pre-defined pattern; and
      
      a permission risk analyzing section configured to analyze the permission related to the application on the basis of the results of the declared permission analyzing unit, the function extraction unit and the pattern analysis unit and detect the risk,wherein the pre-defined pattern represents a pattern to call the function.
  - 5. The apparatus of claim 4, wherein the permission risk analysis section is configured to detect that a risk exists when there is at least one of a case where the permission is declared independently, a case where the declared permission has not been used, a case where the permission that are not declared is used via a function, or a case where a pattern that a function calls is identical to the pre-defined pattern in which there is the risk.
  - 6. The apparatus of claim 2, wherein the application is an application for Android;
    - the executable file of the application has an extension of apx;
      
      the first file is an androidmanifest.xml file; and
      
      the second file is a classes.dex file.
  - 7. The apparatus of claim 1, further comprises:
    - an analysis result reporting device configured to display the result analyzed by the execution permission analyzing module.

8. A method for analyzing a permission of an application for mobile devices, the method comprising:
- acquiring an executable file from the application for mobile devices;
  
  unpackaging the executable file to extract a first file, which describes the information about permission that is declared in the application and permission that the application uses; and
  
  detecting a security risk which can be caused by the permission on the basis of the permission described in the extracted file,wherein the information related to the permission of the application comprises;
  
  information on a permission that is declared in the application, permission that the application uses, and a function that uses the permission of the application.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, wherein said unpackaging the executable file to extract a first file further comprises:
    - performing a reverse engineering on a second file that contains information on a function that uses the permission of the application among the unpackaged files.
  - 10. The method of claim 9, wherein said performing a reverse engineering on a second file comprises:
    - converting the second file into a file having an extension of class or jar, which in turn is converted into a file having an extension of Java.
  - 11. The method of claim 9, wherein said detecting a security risk comprises:
    - analyzing the first file;
      
      extracting a function that the application uses by parsing the result that the second file has been subjected to the reverse engineering;
      
      analyzing the risk on the basis of a pre-defined pattern; and
      
      analyzing the permission related to the application based on the results of said analyzing the first file, said extracting a function, and said analyzing the risk and detecting the risk,wherein the pre-defined pattern represents a pattern to call the function.
  - 12. The method of claim 11, wherein said analyzing the permission related to the application comprises:
    - detecting that a risk exists when there is at least one of a case where the permission is declared independently, a case where the declared permission has not been used, a case where the permission that are not declared is used via a function, or a case where a pattern that a function calls is identical to the pre-defined pattern in which there is the risk.
  - 13. The method of claim 9, wherein the application is an application for Android;
    - the executable file of the application has an extension of apx;
      
      the first file is an androidmanifest.xml file; and
      
      the second file is a classes.dex file.
  - 14. The method of claim 8, further comprising:
    - reporting the analysis result analyzed by analyzing the permission related to the application so as to display it.
  - 15. A non-transitory computer-readable storage medium including computer executable instructions, wherein the instructions, when executed by a processor, causes the processor to perform the method disclosed in claim 8.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute
Original Assignee
Electronics and Telecommunications Research Institute
Inventors
Moon, Jong Sik, Han, Seung Wan, Cho, Hyun Sook
Primary Examiner(s)
Darrow, Justin T
Assistant Examiner(s)
SONG, HEE K

Application Number

US13/973,194
Publication Number

US 20140245448A1
Time in Patent Office

761 Days
Field of Search

726/24, 726/25
US Class Current

1/1
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

Apparatus and method for analyzing permission of application for mobile devices and detecting risk

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for analyzing permission of application for mobile devices and detecting risk

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links