@inproceedings{zhou_singh_jiang_2016, title={AppShell: Making data protection practical for lost or stolen Android devices}, DOI={10.1109/noms.2016.7502850}, abstractNote={Mobile apps continue to consume increasing amounts of sensitive data, such as banking credentials and classified documents. At the same time, the number of smartphone thefts is increasing at a rapid speed. As a result, there is an imperative need to protect sensitive data on lost or stolen mobile devices. In this work, we develop a practical solution to protect sensitive data on mobile devices. Our solution enables adaptive protection by pro-actively stepping up or stepping down data security based on perceived contextual risk of the device. We realize our solution for the Android platform in the form of a system called AppShell. AppShell does not require root privilege, nor need any modification to the underlying framework, and hence is a ready-to-deploy solution. It supports both in-memory and on-disk data protection by transparently encrypting the data, and discarding the encryption key, when required, for enhanced protection. We implement a working prototype of AppShell and evaluate it against several popular Android apps. Our results show that AppShell can successfully protect sensitive data in the lost devices with a reasonable performance overhead.}, booktitle={Noms 2016 - 2016 ieee/ifip network operations and management symposium}, author={Zhou, Y. J. and Singh, K. and Jiang, X. X.}, year={2016}, pages={502–508} }
 @book{jiang_zhou_2013, title={Android malware}, DOI={10.1007/978-1-4614-7394-7}, abstractNote={Mobile devices, such as smart phones, have achieved computing and networking capabilities comparable to traditional personal computers. Their successful consumerization has also become a source of pai}, publisher={New York: Springer}, author={Jiang, X. and Zhou, Y.}, year={2013} }
 @inproceedings{zhou_zhou_grace_jiang_zou_2013, title={Fast, scalable detection of "piggybacked" mobile applications}, DOI={10.1145/2435349.2435377}, abstractNote={Mobile applications (or apps) are rapidly growing in number and variety. These apps provide useful features, but also bring certain privacy and security risks. For example, malicious authors may attach destructive payloads to legitimate apps to create so-called "piggybacked" apps and advertise them in various app markets to infect unsuspecting users. To detect them, existing approaches typically employ pair-wise comparison, which unfortunately has limited scalability. In this paper, we present a fast and scalable approach to detect these apps in existing Android markets. Based on the fact that the attached payload is not an integral part of a given app's primary functionality, we propose a module decoupling technique to partition an app's code into primary and non-primary modules. Also, noticing that piggybacked apps share the same primary modules as the original apps, we develop a feature fingerprint technique to extract various semantic features (from primary modules) and convert them into feature vectors. We then construct a metric space and propose a linearithmic search algorithm (with O(n log n) time complexity) to efficiently and scalably detect piggybacked apps. We have implemented a prototype and used it to study 84,767 apps collected from various Android markets in 2011. Our results show that the processing of these apps takes less than nine hours on a single machine. In addition, among these markets, piggybacked apps range from 0.97% to 2.7% (the official Android Market has 1%). Further investigation shows that they are mainly used to steal ad revenue from the original developers and implant malicious payloads (e.g., for remote bot control). These results demonstrate the effectiveness and scalability of our approach.}, booktitle={ACM Conference on Data and Application Security and Privacy}, author={Zhou, W. and Zhou, Y. and Grace, M. and Jiang, X. and Zou, S.}, year={2013}, pages={185–195} }
 @article{zhou_jiang_2012, title={Dissecting Android Malware: Characterization and Evolution}, ISSN={["1081-6011"]}, DOI={10.1109/sp.2012.16}, abstractNote={The popularity and adoption of smart phones has greatly stimulated the spread of mobile malware, especially on the popular platforms such as Android. In light of their rapid growth, there is a pressing need to develop effective solutions. However, our defense capability is largely constrained by the limited understanding of these emerging mobile malware and the lack of timely access to related samples. In this paper, we focus on the Android platform and aim to systematize or characterize existing Android malware. Particularly, with more than one year effort, we have managed to collect more than 1,200 malware samples that cover the majority of existing Android malware families, ranging from their debut in August 2010 to recent ones in October 2011. In addition, we systematically characterize them from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads. The characterization and a subsequent evolution-based study of representative families reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software. Based on the evaluation with four representative mobile security software, our experiments show that the best case detects 79.6% of them while the worst case detects only 20.2% in our dataset. These results clearly call for the need to better develop next-generation anti-mobile-malware solutions.}, journal={2012 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP)}, author={Zhou, Yajin and Jiang, Xuxian}, year={2012}, pages={95–109} }