Android Wear

Abstract: Android is a new software toolkit for mobile phones, created by Google and the Open Handset Alliance. In a few years, it's expected to be found inside millions of cell phones and other mobile devices, making Android a major platform for application developers. That could be your own program running on all those devices. Getting started developing with Android is easy. You don't even need access to an Android phone, just a computer where you can install the Android SDK and the phone emulator that comes with it. Within minutes, "Hello, Android" will get you creating your first working application: Android's version of "Hello, World." From there, you'll build up a more substantial example: an Android Sudoku game. By gradually adding features to the game throughout the course of the book, you'll learn about many aspects of Android programming including user interfaces, multimedia, and the Android life cycle. If you're a busy developer who'd rather be coding than reading about coding, this book is for you. To help you find what you need to know fast, each chapter ends with "Fast forward" section. These sections provide guidance for where you should go next when you need to read the book out of order.

Abstract: It is reported recently that legitimate libraries are repackaged for propagating malware. An in-depth analysis of such potentially-harmful libraries (PhaLibs), however, has never been done before, due to the challenges in identifying those libraries whose code can be unavailable online (e.g., removed from the public repositories, spreading underground, etc.). Particularly, for an iOS app, the library it integrates cannot be trivially recovered from its binary code and cannot be analyzed by any publicly available anti-virus (AV) systems. In this paper, we report the first systematic study on PhaLibs across Android and iOS, based upon a key observation that many iOS libraries have Android versions that can potentially be used to understand their behaviors and the relations between the libraries on both sides. To this end, we utilize a methodology that first clusters similar packages from a large number of popular Android apps to identify libraries, and strategically analyze them using AV systems to find PhaLibs. Those libraries are then used to search for their iOS counterparts within Apple apps based upon the invariant features shared cross platforms. On each discovered iOS PhaLib, our approach further identifies its suspicious behaviors that also appear on its Android version and uses the AV system on the Android side to confirm that it is indeed potentially harmful. Running our methodology on 1.3 million Android apps and 140,000 popular iOS apps downloaded from 8 markets, we discovered 117 PhaLibs with 1008 variations on Android and 23 PhaLibs with 706 variations on iOS. Altogether, the Android PhaLibs is found to infect 6.84% of Google Play apps and the iOS libraries are embedded within thousands of iOS apps, 2.94% among those from the official Apple App Store. Looking into the behaviors of the PhaLibs, not only do we discover the recently reported suspicious iOS libraries such as mobiSage, but also their Android counterparts and 6 other back-door libraries never known before. Those libraries are found to contain risky behaviors such as reading from their host apps' keychain, stealthily recording audio and video and even attempting to make phone calls. Our research shows that most Android-side harmful behaviors have been preserved on their corresponding iOS libraries, and further identifies new evidence about libraries repackaging for harmful code propagations on both sides.

Abstract: Master the Android mobile development platform Build compelling Java-based mobile applications using the Android SDK and the Eclipse open-source software development platform. Android: A Programmer's Guide shows you, step-by-step, how to download and set up all of the necessary tools, build and tune dynamic Android programs, and debug your results. Discover how to provide web and chat functions, interact with the phone dialer and GPS devices, and access the latest Google services. You'll also learn how to create custom Content Providers and database-enable your applications using SQLite. Install and configure Java, Eclipse, and Android plugin Create Android projects from the Eclipse UI or command line Integrate web content, images, galleries, and sounds Deploy menus, progress bars, and auto-complete functions Trigger actions using Android Intents, Filters, and Receivers Implement GPS, Google Maps, Google Earth, and GTalk Build interactive SQLite databases, calendars, and notepads Test applications using the Android Emulator and Debug Bridge Table of contents Ch 1. What is Android Ch 2. Downloading and setting up Eclipse Ch 3. Downloading the Google Android SDK and Eclipse Plugin Ch 4. Exploring the Google Android SDK Ch 5. Application: Hello World! Ch 6. Using the Google Android Emulator Ch 7. Reacting to phone events Ch 8. Calling the GPS Ch 9. Application: Note Block Ch 10. Buttons, Lists, and other Objects Ch 11. Application: Caller Info Ch 12. Application: Find Me Ch 13. Interacting with other Google Services Ch 14. Troubleshooting and Errors

Abstract: The increasing convergence of wearable technologies and cloud services in applications, such as health care, could result in new attack vectors for the 'Cloud of Things', which could in turn be exploited to exfiltrate sensitive user data. In this paper, we analyze the types of sensitive user data that may be present on a wearable device and develop a method to demonstrate that they can be exfiltrated by an adversary. To undertake this study, we select the Android Wear smartwatch operating system as a case study and, specifically, the Samsung Gear Live smartwatch. We present a technique that allows an adversary to exfiltrate data from smartwatches. Using this technique, we determine that the smartwatch stores a relatively large amount of sensitive user data, including SMS messages, contact information, and biomedical data, and does not effectively protect this user data from physical exfiltration. Copyright © 2016 John Wiley & Sons, Ltd.