<p>The widespread availability of unofficially modified Android applications out- side official application stores poses significant security risks. These applications often contain obfuscated or unauthorized code components that bypass standard validation mechanisms, requesting significantly more permissions than required by core functionality. They might even execute unauthorized background oper- ations. The risk for user privacy and security is substantially higher than with legitimate versions. While users are often enticed by added features or ad removal, they remain unaware of the hidden behaviors and potential data exfiltration taking place behind the scenes. This paper presents a comprehensive com- parative security analysis of six widely-used mobile applications-WhatsApp, Instagram, Telegram, Snapchat, TikTok, and Twitter-by evaluating both their official APKs and corresponding modified versions. We employed a hybrid anal- ysis framework combining static and dynamic tools, including APKTool, JADX, MobSF, Frida, and Wireshark. Our inspection covered permission usage, dynam- ically registered components, network endpoints, background service behavior, and runtime code execution. Experimental results reveal that modified apps consistently request a higher number of dangerous permissions, leverage reflec- tion for hidden payloads, and communicate with non-trusted third-party domains. Notably, behaviors such as unauthorized media access, background microphone recording, and dynamic code loading were observed in over the modified samples. To objectively quantify risk, we introduce a security scor- ing model aligned with the OWASP Mobile Security Testing Guide (MSTG), capturing key behavioral and structural risk factors. The findings expose systemic vulnerabilities introduced through application repackaging, underscor- ing the need for improved user awareness, stricter sideloading controls, and behavioral auditing of APKs. This paper also provides a reproducible method- ology for evaluating mobile application security in untrusted environments.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Deconstructing android messaging clones: A hybrid reverse engineering and risk assessment framework

  • Ibrahim Al-Oqily,
  • Basil Khalaf,
  • Mohammad Al-Fayez

摘要

The widespread availability of unofficially modified Android applications out- side official application stores poses significant security risks. These applications often contain obfuscated or unauthorized code components that bypass standard validation mechanisms, requesting significantly more permissions than required by core functionality. They might even execute unauthorized background oper- ations. The risk for user privacy and security is substantially higher than with legitimate versions. While users are often enticed by added features or ad removal, they remain unaware of the hidden behaviors and potential data exfiltration taking place behind the scenes. This paper presents a comprehensive com- parative security analysis of six widely-used mobile applications-WhatsApp, Instagram, Telegram, Snapchat, TikTok, and Twitter-by evaluating both their official APKs and corresponding modified versions. We employed a hybrid anal- ysis framework combining static and dynamic tools, including APKTool, JADX, MobSF, Frida, and Wireshark. Our inspection covered permission usage, dynam- ically registered components, network endpoints, background service behavior, and runtime code execution. Experimental results reveal that modified apps consistently request a higher number of dangerous permissions, leverage reflec- tion for hidden payloads, and communicate with non-trusted third-party domains. Notably, behaviors such as unauthorized media access, background microphone recording, and dynamic code loading were observed in over the modified samples. To objectively quantify risk, we introduce a security scor- ing model aligned with the OWASP Mobile Security Testing Guide (MSTG), capturing key behavioral and structural risk factors. The findings expose systemic vulnerabilities introduced through application repackaging, underscor- ing the need for improved user awareness, stricter sideloading controls, and behavioral auditing of APKs. This paper also provides a reproducible method- ology for evaluating mobile application security in untrusted environments.