• Skip navigation
  • Skip to navigation
  • Skip to the bottom
Simulate organization breadcrumb open Simulate organization breadcrumb close
IT Security Infrastructures Lab
  • FAUTo the central FAU website
  1. Friedrich-Alexander-Universität
  2. Faculty of Engineering
  3. Department Computer Science
  • Campo
  • UnivIS
  • Jobs
  • Map
  • Help
  1. Friedrich-Alexander-Universität
  2. Faculty of Engineering
  3. Department Computer Science

IT Security Infrastructures Lab

Navigation Navigation close
  • Research
    • Forensic Computing Group
    • Human Factors in Security and Privacy Group
    • Multimedia Security
    • Security Education Development Group
    • System Security Group
    • Archive
    • Funded Projects
    • Publications
    Portal Research
  • Lab
    • Staff & Research Groups
    • Alumni
    • Partners
    Portal Lab
  • Teaching
    • Courses
    • Hinweise zu den Lehrveranstaltungen
    • Notes on Examinations
    • eTeaching
    • Theses
    • Writing a Thesis at Informatik 1
    Portal Teaching
  • How to reach us
  1. Home
  2. Research
  3. Archive
  4. ContrOWL: A new security app based on crowed intelligence

ContrOWL: A new security app based on crowed intelligence

In page navigation: Research
  • Forensic Computing Group
    • DiOS: Dynamic Privacy Analysis of iOS Applications
    • Fingerprinting Mobile Devices Using Personalized Configurations
    • Selective Deletion
  • Human Factors in Security and Privacy Group
    • Antivirus Usability
    • Browser Fingerprinting
    • IoT Security Update Labels
    • Phishing Susceptibility
    • Security Experts
    • ZigBee Security Research
  • Multimedia Security
    • Image & Video Forensics
    • Image Analysis & Enhancement
    • X-ray Phase Contrast
    • Blog
    • Code and Data
      • Copy-Move Forgery Detectors and Ground Truth Generator
      • Image Manipulation Dataset
    • Colloquium
  • Security Education Development Group
    • Open C3S Overview
    • Open-C3S-Projektergebnisse
    • Ulix – a Literate OS
  • System Security Group
    • AppAuth: On App-based Matrix Code Authentication in Online Banking
    • AppTAN (In)Security: (In)Security of App-based TAN Methods in Online Banking
    • AVX Crypto: AVX Instructions to Accelerate Crypto Primitives
    • Bispe: A Bytecode Interpreter for Secure Program Execution in Untrusted Main Memory
    • Centroid
    • CPU-bound Encryption (TRESOR, TreVisor, ARMORED)
    • FROST: Forensic Recovery Of Scrambled Telephones
    • How Android’s UI Security is Undermined by Accessibility
    • HyperCrypt: Hypervisor-based Encryption of Kernel and User Space
    • N26
    • Nomorp
    • One Key to Rule Them All: Recovering the Master Key from RAM to break Android’s File-Based Encryption
    • RamCrypt: Kernel-based Address Space Encryption for User-mode Processes
    • ReFuzz — Structure Aware Fuzzing of the Resilient File System (ReFS)
    • RISCoT – Security Analysis of Trusted Execution Environments on RISC-V
    • SED (In)Security: Hardware-based Full Disk Encryption (In)Security
    • SGX-Kernel: Isolating Operating System Components with Intel SGX
    • SGX-Timing: Cache Attacks on Intel SGX
    • SoK: The Evolution of Trusted UI on Mobile
    • Soteria: Offline Software Protection within Low-cost Embedded Devices
    • STARK / MARK: Tamperproof/Mutual Authentication to Resist Keylogging
    • TEEshift: Protecting Code Confidentiality by Selectively Shifting Functions into TEEs
    • VMAttack: Deobfuscating Virtualization-Based Packed Binaries
  • Archive
    • ContrOWL: A new security app based on crowed intelligence
    • Ext4 File Recovery
    • Forensic Email Visualization
    • Forensic RAID Recovery
    • Forensig²: File System Images for Training Courses in Forensic Computing
    • Mobile Hotspots
    • Mobile-Sandbox & ADEL: Automated Malware Analyses / Mobile Phone Forensics
    • Privacy Aspects of Forensic Computing
    • PyBox – A Python Sandbox
    • TrustedPals: Framework to Help Establish Security in a Mutually Untrusted Distributed System
    • VirMA: Windows NT pagefile.sys Virtual Memory Analysis
    • Win Vista/7/8/10 Thumbnails Analyzer
  • Funded Projects
  • Publications
    • Technische Berichte in Digitaler Forensik

ContrOWL: A new security app based on crowed intelligence

ContrOWL: A new security app based on crowed intelligence

ContrOWL is a security app that helps you find potential threads among your installed apps. It can also check freshly added apps on the fly and notify you if an app is rated as suspicious. ContrOWL also gives you information about top used permissions and broadcast intents of malware apps which should help you to evaluate them. Please read the help tab in ContrOWL to better understand how to use and understand it. The rating that tells whether an app is a potential thread or not is based on a study which evaluated about 16.000 malware apps and 100.000 goodware apps. The rating is purely based on permissions and broadcast intents fetched by the apps and for that not always correct. So maybe you will have non-malware apps with a high rating (high is bad and 100 is worst) that actually do no harm. Practice has shown that false positives can have two reasons:

  • First the app has only few permissions or broadcast intents and for that the calculation is not as accurate as for apps with many permissions and broadcast intents.
  • Second the app uses permissions and broadcast intents that could do harm and are often used by malware apps.

Anyway it is recommended to check apps with a high rating and therefore ContrOWL offers details about the permissions and broadcast intents and how other users evaluated this app. Of course each user can evaluate apps as malware, goodware or “not sure” at any time in the details section or after removal of an app. Your votes don’t show up immediately in the total votes part because for security reasons all votes will be buffered, checked and later inserted in the main database. Your personal votes are displayed in the application list and the application details.

Please take part in the voting system because crowd intelligence is a great way to determine false positives and negatives. Also inform the author via the help-tab in ContrOWL about Bugs, suggestions for improvements or other issues.

Important:

ContrOWL does not give a guarantee whether an app is malicious or not and therefore I will not be liable for damage caused by misinterpretations made by ConrOWL.

Known issues and planed features for next versions:

  • Better support for softkey only devices (Devices without a menu button can’t sort the lists)
  • To fulfill the support for softkeys switch from tab layout to action bar layout
  • Sorting possibilities in permissions, intents and apps details
  • repair button (If frequent reports about bugs I can’t fix come in)
  • Better layout for tablets (currently I could only test it on a tablet emulator and it worked but didn’t look very nice)

Screenshots:

Help and information tab inside the app. Permissions rating overview. Intents rating overview. Detailed app rating.

Information and Contact:

Bachelor thesis by Marcel Hrnecek
Project advisor: Michael Spreitzenbarth

 

Download:

Get it on Google Play

Lehrstuhl für Informatik 1
Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)

Martensstrasse 3
91058 Erlangen
  • Impressum
  • Datenschutz
Up