Penelitian ini bertujuan untuk mengembangkan game edukasi fisika berbasis android pada materi suhu dan kalor menggunakan program konstruk 2, yang dimana permainan dirancang untuk menstimulasi daya ...pikir termasuk meningkatkan pemahaman konsep fisika. Game edukasi ini dikembangkan dengan metode Research and Development (R&D) dengan tahapan model ADDIE yaitu: analisis, desain, pengembangan, implementasi, dan evaluasi, namun pada penelitian hanya sampai ditahap perancangan atau pengembangan. Selain itu, untuk memastikan bahwa game yang dirancang sesuai dengan yang diharapkan, penulis melakukan pengujian kelayakan serta penerimaan game oleh ahli media dan pelajar.Berdasarkan hasil analisis, diperoleh penilaian dari 5 ahli dengan beberapa aspek penilaian terhadap game edukasi ini termasuk dalam katagori sangat layak dengan nilai rata-rata 3,70 dari skor maksimal 4,00 dan skor minimal 3,0. Dari hasil yang diperoleh, game edukasi fisika yang dikembangkan memiliki kualitas yang baik sehingga layak untuk diimplementasikan.
Many program analyses require statically inferring the possible values of composite types. However, current approaches either do not account for correlations between object fields or do so in an ad ...hoc manner. In this paper, we introduce the problem of composite constant propagation. We develop the first generic solver that infers all possible values of complex objects in an interprocedural, flow and context-sensitive manner, taking field correlations into account. Composite constant propagation problems are specified using COAL, a declarative language. We apply our COAL solver to the problem of inferring Android Inter-Component Communication (ICC) values, which is required to understand how the components of Android applications interact. Using COAL, we model ICC objects in Android more thoroughly than the state-of-the-art. We compute ICC values for 460 applications from the Play store. The ICC values we infer are substantially more precise than previous work. The analysis is efficient, taking slightly over two minutes per application on average. While this work can be used as the basis for many whole-program analyses of Android applications, the COAL solver can also be used to infer the values of composite objects in many other contexts.
The Android packaging model offers ample opportunities for malware writers to piggyback malicious code in popular apps, which can then be easily spread to a large user base. Although recent research ...has produced approaches and tools to identify piggybacked apps, the literature lacks a comprehensive investigation into such phenomenon. We fill this gap by: 1) systematically building a large set of piggybacked and benign apps pairs, which we release to the community; 2) empirically studying the characteristics of malicious piggybacked apps in comparison with their benign counterparts; and 3) providing insights on piggybacking processes. Among several findings providing insights analysis techniques should build upon to improve the overall detection and classification accuracy of piggybacked apps, we show that piggybacking operations not only concern app code, but also extensively manipulates app resource files, largely contradicting common beliefs. We also find that piggybacking is done with little sophistication, in many cases automatically, and often via library code.
Smartphones are indispensable in people's daily activities, and smartphone apps tend to be increasingly concurrent due to the wide use of multi-core devices and technologies. Due to this tendency, ...developers are increasingly unable to tackle the complexity of concurrent apps and to avoid subtle concurrency bugs. To better address this issue, we propose a novel approach to detecting concurrency bugs in Android apps based on the fact that one can generate simultaneous input events and their schedules for an app, which would easily trigger concurrency bugs in an app. We conduct systematic state space exploration to find potentially conflicting resource accesses in an Android app. The app is then automatically pressure-tested by guided event and schedule generation. We implemented our prototype tool named AATT+ and evaluated it with two sets of real-world Android apps. Benchmarking using 15 Android apps with previously known concurrency bugs, AATT+ and existing concurrency-unaware techniques detected 10 and 1 bugs, respectively. Evaluated with another set of 17 popular Android apps, AATT+ detected 11 concurrency bugs and 7 of them were previously unknown, achieving an over 80% higher detection rate than existing concurrency-unaware techniques.
•Proposed an effective approach to detecting concurrency bugs in Android apps by combining event and schedule generation.•Implemented a prototype tool AATT+ and evaluated it using real-world Android apps.•Studied concurrency bugs in our experiments and identified common bug patterns.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UILJ, UL, UM, UPCLJ, UPUK, ZAGLJ, ZRSKP
Android has been a major target of malicious applications (malapps). How to detect and keep the malapps out of the app markets is an ongoing challenge. One of the central design points of Android ...security mechanism is permission control that restricts the access of apps to core facilities of devices. However, it imparts a significant responsibility to the app developers with regard to accurately specifying the requested permissions and to the users with regard to fully understanding the risk of granting certain combinations of permissions. Android permissions requested by an app depict the app's behavioral patterns. In order to help understanding Android permissions, in this paper, we explore the permission-induced risk in Android apps on three levels in a systematic manner. First, we thoroughly analyze the risk of an individual permission and the risk of a group of collaborative permissions. We employ three feature ranking methods, namely, mutual information, correlation coefficient, and T-test to rank Android individual permissions with respect to their risk. We then use sequential forward selection as well as principal component analysis to identify risky permission subsets. Second, we evaluate the usefulness of risky permissions for malapp detection with support vector machine, decision trees, as well as random forest. Third, we in depth analyze the detection results and discuss the feasibility as well as the limitations of malapp detection based on permission requests. We evaluate our methods on a very large official app set consisting of 310 926 benign apps and 4868 real-world malapps and on a third-party app sets. The empirical results show that our malapp detectors built on risky permissions give satisfied performance (a detection rate as 94.62% with a false positive rate as 0.6%), catch the malapps' essential patterns on violating permission access regulations, and are universally applicable to unknown malapps (detection rate as 74.03%).
As mobile devices become increasingly smarter and more powerful, so too must the engineering of their software. User-interface-driven system testing of these devices is gaining popularity, with each ...vendor releasing some automation tool. However, these tools are inappropriate for amateur programmers, an increasing portion of app developers. MobiGUITAR (Mobile GUI Testing Framework) provides automated GUI-driven testing of Android apps. It's based on observation, extraction, and abstraction of GUI widgets' run-time state. The abstraction is a scalable state machine model that, together with test coverage criteria, provides a way to automatically generate test cases. When applied to four open-source Android apps, MobiGUITAR automatically generated and executed 7,711 test cases and reported 10 new bugs. Some bugs were Android-specific, stemming from the event- and activity-driven nature of Android.
Latar belakang penelitian yaitu belum adanya media pembelajaran berbasis android pada mata pelajaran Matematika di SMAS 2 Muhammadiyah Pontianak agar siswa dapat belajar secara mandiri. Penelitian ...ini bertujuan untuk mengetahui: 1) Pengembangan media pembelajaran berbasis android pada materi Limit Fungsi Aljabar di SMAS 2 Muhammadiyah Pontianak; 2) Kelayakan ahli media dan ahli materi terhadap media pembelajaran berbasis android pada materi Limit Fungsi Aljabar di SMAS Muhammadiyah 2 Pontianak; 3) Respon siswa terhadap media pembelajaran berbasis android pada materi Limit Fungsi Aljabar di SMAS Muhammadiyah 2 Pontianak. Metode yang digunakan yaitu Penelitian dan Pengembangan. Model yang digunakan yaitu Borg and Gall. Penelitian dilakukan di SMA Muhammadiyah 2 Pontianak. Subjek penelitian dilakukan di kelas XI yang berjumlah 33 orang siswa. Instrumen yang digunakan berupa angket. Hasil penelitian yaitu pengembangan media pembelajaran berbasis android menggunakan model pengembangan Borg and Gall. Kelayakan ahli media yaituf 97 termasuk dalam kategori Sangat Layak, sedangkan untuk ahli materi diperoleh skor 110 kategori layak. Respon siswa diperoleh 4 jadi, hasil penilaian media pembelajaran berbasis android termasuk dalam kategori baik.Sehingga dapat disimpulkan media pembelajaran berbasis android layak digunakan oleh siswa dalam prose pembelajaran.
With the integration of smartphone into daily life, end users store a large amount of sensitive information into Android device. For protecting the sensitive information, a method of multi-booting ...Android OS from On-The-Go (OTG) device is proposed to meet the requirements of end users in different scenarios. The proposed method utilizes system domain isolation to guarantee the security of sensitive information on different Android OS. The difference with other solutions is that our proposed solution does not add additional components to Android OS, which makes the overhead of Android runtime has been effectively controlled. A prototype of the proposed method is implemented and deployed into the real android device to evaluate the effectiveness, the efficiency and the performance overhead. The experiment results show that the performance overhead is reasonable and our method can effectively mitigate the risk of sensitive information leakage when booting different Android instance in the same Android device.
Full text
Available for:
FZAB, GIS, IJS, KILJ, NLZOH, NUK, OILJ, SBCE, SBMB, UL, UM, UPUK
Mobile phishing attacks, such as mimic mobile browser pages, masquerade as legitimate applications by leveraging repackaging or clone techniques, have caused varied yet significant security concerns. ...Consequently, detection techniques have been receiving increasing attention. However, many such detection methods are not well tested and may therefore still be vulnerable to new types of phishing attacks. In this article, we propose a new attacking technique, named GUI-Squatting attack, which can generate phishing apps (phapps) automatically and effectively on the Android platform. Our method adopts image processing and deep learning algorithms, to enable powerful and large-scale attacks. We observe that a successful phishing attack requires two conditions, page confusion and logic deception during attacks synthesis. We directly optimize these two conditions to create a practical attack. Our experimental results reveal that existing phishing defenses are less effective against such emergent attacks and may, therefore, stimulate more efficient detection techniques. To further demonstrate that our generated phapps can not only bypass existing detection techniques, but also deceive real users, we conduct a human study and successfully steal users' login information. The human study also shows that different response messages (e.g., "Crash" and "Server failed") after pressing the login button mislead users to regard our phapps as functionality problems instead of security threats. Extensive experiments reveal that such newly proposed attacks still remain mostly undetected, and are worth further exploration.
Smartphones have become pervasive due to the availability of office applications, Internet, games, vehicle guidance using location-based services apart from conventional services such as voice calls, ...SMSes, and multimedia services. Android devices have gained huge market share due to the open architecture of Android and the popularity of its application programming interface (APIs) in the developer community. Increased popularity of the Android devices and associated monetary benefits attracted the malware developers, resulting in big rise of the Android malware apps between 2010 and 2014. Academic researchers and commercial antimalware companies have realized that the conventional signature-based and static analysis methods are vulnerable. In particular, the prevalent stealth techniques, such as encryption, code transformation, and environment-aware approaches, are capable of generating variants of known malware. This has led to the use of behavior-, anomaly-, and dynamic-analysis-based methods. Since a single approach may be ineffective against the advanced techniques, multiple complementary approaches can be used in tandem for effective malware detection. The existing reviews extensively cover the smartphone OS security. However, we believe that the security of Android, with particular focus on malware growth, study of antianalysis techniques, and existing detection methodologies, needs an extensive coverage. In this survey, we discuss the Android security enforcement mechanisms, threats to the existing security enforcements and related issues, malware growth timeline between 2010 and 2014, and stealth techniques employed by the malware authors, in addition to the existing detection methods. This review gives an insight into the strengths and shortcomings of the known research methodologies and provides a platform, to the researchers and practitioners, toward proposing the next-generation Android security, analysis, and malware detection techniques.