论文标题
那是怎么在我的手机上得到的? Android设备上不需要的应用程序发行
How Did That Get In My Phone? Unwanted App Distribution on Android Devices
论文作者
论文摘要
Android是最受欢迎的操作系统,拥有数十亿个活动设备。不幸的是,它的受欢迎程度和开放性使其对不必要的应用程序(即恶意软件和潜在不需要的程序(PUP))有吸引力。在Android中,应用程序安装通常是通过官方和替代市场进行的,也是通过其他较小且较少了解的替代分销向量(例如Web下载,付费付费(PPI)服务,备份修复,Bloatware和IM工具)进行的。这项工作通过量化和比较不同向量的分布来对不需要的应用程序分布进行彻底的调查。我们测量的核心是大型安全供应商的声誉日志,其中包括2019年6月至9月之间在12M设备中观察到的790万个应用程序。作为第一步,我们测量了10%至24%的用户设备遇到的至少一个不需要的应用程序,并比较了恶意软件和PUP的患病率。对安装程序和儿童应用程序之间的WHO安装工具的分析表明,Play Market是主要的应用程序分销向量,负责所有安装的87%和67%的不需要的应用程序安装,但它也具有针对不需要应用程序的最佳防御能力。替代市场分配了所有应用程序的5.7%,但超过10%的不需要应用程序。 Bloatware也是一个重要的不需要的应用分销向量,其中6%的安装。而且,备份修复是一个无意的分销向量,甚至可能允许不需要的应用程序可以在用户的电话更换中幸存下来。我们通过PPI估计不需要的应用程序发行比Windows小。最后,我们观察到网络下载很少见,但即使与替代市场相比,也提供了更风险的主张。
Android is the most popular operating system with billions of active devices. Unfortunately, its popularity and openness makes it attractive for unwanted apps, i.e., malware and potentially unwanted programs (PUP). In Android, app installations typically happen via the official and alternative markets, but also via other smaller and less understood alternative distribution vectors such as Web downloads, pay-per-install (PPI) services, backup restoration, bloatware, and IM tools. This work performs a thorough investigation on unwanted app distribution by quantifying and comparing distribution through different vectors. At the core of our measurements are reputation logs of a large security vendor, which include 7.9M apps observed in 12M devices between June and September 2019. As a first step, we measure that between 10% and 24% of users devices encounter at least one unwanted app, and compare the prevalence of malware and PUP. An analysis of the who-installs-who relationships between installers and child apps reveals that the Play market is the main app distribution vector, responsible for 87% of all installs and 67% of unwanted app installs, but it also has the best defenses against unwanted apps. Alternative markets distribute instead 5.7% of all apps, but over 10% of unwanted apps. Bloatware is also a significant unwanted app distribution vector with 6% of those installs. And, backup restoration is an unintentional distribution vector that may even allow unwanted apps to survive users' phone replacement. We estimate unwanted app distribution via PPI to be smaller than on Windows. Finally, we observe that Web downloads are rare, but provide a riskier proposition even compared to alternative markets.
