AndroShield: Automated Android Applications Vulnerability Detection, a Hybrid Static and Dynamic Analysis Approach

Amr Amin ; Amgad Eldessouki; Menna Tullah Magdy; Nouran Abdeen; Hanan Hindy ; Islam Hegazy 


Abstract


The security of mobile applications has become a major research field which is associated with a lot of challenges. The high rate of developing mobile applications has resulted in less secure applications. This is due to what is called the “rush to release” as defined by Ponemon Institute. Security testing—which is considered one of the main phases of the development life cycle—is either not performed or given minimal time; hence, there is a need for security testing automation. One of the techniques used is Automated Vulnerability Detection. Vulnerability detection is one of the security tests that aims at pinpointing potential security leaks. Fixing those leaks results in protecting smart-phones and tablet mobile device users against attacks. This paper focuses on building a hybrid approach of static and dynamic analysis for detecting the vulnerabilities of Android applications. This approach is capsuled in a usable platform (web application) to make it easy to use for both public users and professional developers. Static analysis, on one hand, performs code analysis. It does not require running the application to detect vulnerabilities. Dynamic analysis, on the other hand, detects the vulnerabilities that are dependent on the run-time behaviour of the application and cannot be detected using static analysis. The model is evaluated against different applications with different security vulnerabilities. Compared with other detection platforms, our model detects information leaks as well as insecure network requests alongside other commonly detected flaws that harm users’ privacy. The code is available through a GitHub repository for public contribution.


Other data

Keywords Vulnerability detection;Android applications;Static analysis;Dynamic analysis;Mobile security;User privacy
Issue Date 22-Oct-2019
Publisher MDPI
Journal INFORMATION 
URI https://www.mdpi.com/2078-2489/10/10/326
http://research.asu.edu.eg/handle/123456789/178058
DOI 10.3390/info10100326


Recommend this item

CORE Recommender

Items in Ain Shams Scholar are protected by copyright, with all rights reserved, unless otherwise indicated.