• PDF / 402,731 Bytes
• 16 Pages / 439.37 x 666.142 pts Page_size
• 24 Downloads / 195 Views

DOWNLOAD

REPORT

2

Digital Security and Forensics (SaFe) Research Group, Department of Computing, Faculty of Engineering and Computing, Coventry University, Coventry, UK {kalutarh,s.shaikh}@coventry.ac.uk Centre for Software Assurance, Bond University, Gold Coast, QLD 4229, Australia [email protected]

Abstract. The last decade has seen the emergence of mobile platform for software applications. An important factor in the remarkable growth in this area is the development of Android and a community of mobile application developers sharing open sourced and free software. While the emphasis for Android has been openness and user control, this brings with it challenges of validating and securing mobile apps. Development of dedicated tools and techniques to test mobile apps for functional and nonfunctional properties has been limited so far. Such an effort is made more difficult given frequent version updates for Android in its short history (over ten in ten years). The need for better security and assurance for mobile apps, on the other hand, is ever so more as apps providing important services such as banking, navigation, and identity management emerge. This paper attempts to converge on current concepts and practices of testing mobile apps. We provide a structured checklist approach to vulnerability assessment and permission mapping of mobile apps, which is underpinned by a set of available tools, and ultimately contribute to a framework for certification of mobile apps. The proposed certification process combines diverse sources and has a focus on automation.

1

Introduction

The last decade has seen the emergence of mobile platform for software applications. This has been helped by global telecommunication networks, offering ever increasing traffic capacity and coverage, along with remarkable developments in mobile processing performance in new generation smartphones and tablets. An equally important factor contributing to this growth is the development of open sourced operating systems, such as Android, and the support such platforms encouraging a community of mobile application (“app”) developers sharing software and utilities for free public use. The Android initiative is led by Google and has a market share of over 50 % [5]. With nearly 5 million mobile apps available for worldwide distribution over the Android platform, estimates suggest that by the end of December 2011 over 10 billion apps have been downloaded [3]. Given the increase in mobile devices (including phones and tablets) software for the mobile platform will become a significant issue. A. Cerone et al. (Eds.): SEFM 2012 Satellite Events, LNCS 7991, pp. 288–303, 2014. c Springer-Verlag Berlin Heidelberg 2014 DOI: 10.1007/978-3-642-54338-8 24, 

A Certification Process for Android Applications

289

The developer community welcomes the emphasis on openness and user control for development and distribution over the Android platform. While this is a factor in its growth and adoption, it brings with it the challenge of validating and securing apps [19]. Development of dedi

Recommend Documents

WLTDroid: Repackaging Detection Approach for Android Applications

180 90 54MB

Towards a software quality certification of master data-based applications

169 25 1MB

Certification as a Service

199 81 9MB

Reconstruction of Task Lists from Android Applications

161 94 358KB

AndroLib: Third-Party Software Library Recommendation for Android Applications

191 112 21MB

Reverse Engineering of Android Applications: REiMPAcT

160 36 35MB

Accreditation or Certification for Laboratories?

186 77 18MB

Death Certification

240 91 34KB

Death Certification

239 103 8MB

A Titanium Salicide Process Suitable for Submicron CMOS Applications

188 52 3MB

Pro OpenGL ES for Android

168 45 6MB

Code Between the Lines: Semantic Analysis of Android Applications

185 27 24MB