Security in Android Applications
نویسندگان
چکیده
The ubiquity of smartphones, and their very broad capabilities and usage, make the security of these devices tremendously important. Unfortunately, despite all progress in security and privacy mechanisms, vulnerabilities continue to proliferate. Research has shown that many vulnerabilities are due to insecure programming practices. However, each study has often dealt with a specific issue, making the results less actionable for practitioners. To promote secure programming practices, we have reviewed related research, and identified avoidable vulnerabilities in Android-run devices and the security code smells that indicate their presence. In particular, we explain the vulnerabilities, their corresponding smells, and we discuss how they could be eliminated or mitigated during development. Moreover, we develop a lightweight static analysis tool and discuss the extent to which it successfully detects several vulnerabilities in about 46,000 apps hosted by the official Android market.
منابع مشابه
ریسک سنج: ابزاری برای سنجش دقیق میزان ریسک امنیتی برنامهها در دستگاههای همراه
Nowadays smartphones and tablets are widely used due to their various capabilities and features for end users. In these devices, accessing a wide range of services and sensitive information including private personal data, contact list, geolocation, sending and receiving messages, accessing social networks and etc. are provided via numerous application programs. These types of accessibilities, ...
متن کاملFormal Modeling and Reasoning about the Android Security Framework
Android OS is currently the most widespread mobile operating system and is very likely to remain so in the near future. The number of available Android applications will soon reach the staggering figure of 500,000, with an average of 20,000 applications being introduced in the Android Market over the last 6 months. Since many applications (e.g., home banking applications) deal with sensitive da...
متن کاملAnalysis of Permission-based Security in Android through Policy Expert, Developer, and End User Perspectives
Being one of the major operating system in smartphone industry, security in Android is paramount importance to end users. Android applications are published through Google Play Store which is an official marketplace for Android. If we have to define the current security policy implemented by Google Play Store for publishing Android applications in one sentence then we can write it as “all are s...
متن کاملA Model Guided Security Analysis Approach for Android Applications
Revealing security vulnerabilities is one of great challenges for the Android ecosystem. Static analysis is the usual approach of the security analysis for computer software. However, it is undirected and time-consuming for the common static analysis methods to analyze the entire Android application systematically from the main entry point. In order to adapt to the event-driven feature of Andro...
متن کاملUnderstanding Application Behaviours for Android Security: A Systematic Characterization
In contrast to most existing research on Android focusing on specific security issues, there is little broad understanding of Android application run-time characteristics and their security implications. To mitigate this gap, we present the first dynamic characterization study of Android applications that targets such a broad understanding for Android security. Through lightweight method-level ...
متن کاملLiterature Analysis on Malware Detection
Usage of Android smartphones is more as compared to another smartphones due to its Open Source Operating System. Due to its Open OS, Android enables us to install third party applications. However, Security is one of the main concerns in Android. Security threats of malicious applications are rapidly increasing due to the nature of the third party applications where only developers can assign r...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2017