Efficient, Evolutionary Security Analysis of Interacting Android Apps

2018 ◽  
Author(s):  
Hamid Bagheri ◽  
Jianghao Wang ◽  
Jarod Aerts ◽  
Sam Malek
Keyword(s):  
Security Analysis ◽  
Android Apps

Oh-Pwn-VPN! Security Analysis of OpenVPN-Based Android Apps

2018 ◽  
pp. 373-389 ◽  
Author(s):  
Qi Zhang ◽  
Juanru Li ◽  
Yuanyuan Zhang ◽  
Hui Wang ◽  
Dawu Gu
Keyword(s):  
Security Analysis ◽  
Android Apps

scholarly journals A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps

2021 ◽  
Vol 26 (3) ◽  
Author(s):  
Majid Hatamian ◽  
Samuel Wairimu ◽  
Nurul Momen ◽  
Lothar Fritsch
Keyword(s):  
Time Pressure ◽  
Security Analysis ◽  
Security Requirements ◽  
Security And Privacy ◽  
Contact Tracing ◽  
Privacy Policy ◽  
Privacy And Security ◽  
Android Apps ◽  
Dynamic Performances ◽  
The Impact

AbstractAs this article is being drafted, the SARS-CoV-2/COVID-19 pandemic is causing harm and disruption across the world. Many countries aimed at supporting their contact tracers with the use of digital contact tracing apps in order to manage and control the spread of the virus. Their idea is the automatic registration of meetings between smartphone owners for the quicker processing of infection chains. To date, there are many contact tracing apps that have already been launched and used in 2020. There has been a lot of speculations about the privacy and security aspects of these apps and their potential violation of data protection principles. Therefore, the developers of these apps are constantly criticized because of undermining users’ privacy, neglecting essential privacy and security requirements, and developing apps under time pressure without considering privacy- and security-by-design. In this study, we analyze the privacy and security performance of 28 contact tracing apps available on Android platform from various perspectives, including their code’s privileges, promises made in their privacy policies, and static and dynamic performances. Our methodology is based on the collection of various types of data concerning these 28 apps, namely permission requests, privacy policy texts, run-time resource accesses, and existing security vulnerabilities. Based on the analysis of these data, we quantify and assess the impact of these apps on users’ privacy. We aimed at providing a quick and systematic inspection of the earliest contact tracing apps that have been deployed on multiple continents. Our findings have revealed that the developers of these apps need to take more cautionary steps to ensure code quality and to address security and privacy vulnerabilities. They should more consciously follow legal requirements with respect to apps’ permission declarations, privacy principles, and privacy policy contents.

scholarly journals Security analysis of permission re-delegation vulnerabilities in Android apps

2020 ◽  
Vol 25 (6) ◽  
pp. 5084-5136
Author(s):  
Biniam Fisseha Demissie ◽  
Mariano Ceccato ◽  
Lwin Khin Shar
Keyword(s):  
Language Processing ◽  
Program Analysis ◽  
Security Analysis ◽  
Machine Learning Techniques ◽  
Test Cases ◽  
Large Set ◽  
Security Risks ◽  
Android Apps ◽  
Learning Techniques ◽  
Inter Process Communication

Abstract The Android platform facilitates reuse of app functionalities by allowing an app to request an action from another app through inter-process communication mechanism. This feature is one of the reasons for the popularity of Android, but it also poses security risks to the end users because malicious, unprivileged apps could exploit this feature to make privileged apps perform privileged actions on behalf of them. In this paper, we investigate the hybrid use of program analysis, genetic algorithm based test generation, natural language processing, machine learning techniques for precise detection of permission re-delegation vulnerabilities in Android apps. Our approach first groups a large set of benign and non-vulnerable apps into different clusters, based on their similarities in terms of functional descriptions. It then generates permission re-delegation model for each cluster, which characterizes common permission re-delegation behaviors of the apps in the cluster. Given an app under test, our approach checks whether it has permission re-delegation behaviors that deviate from the model of the cluster it belongs to. If that is the case, it generates test cases to detect the vulnerabilities. We evaluated the vulnerability detection capability of our approach based on 1,258 official apps and 20 mutated apps. Our approach achieved 81.8% recall and 100% precision. We also compared our approach with two static analysis-based approaches — Covert and IccTA — based on 595 open source apps. Our approach detected 30 vulnerable apps whereas Covert detected one of them and IccTA did not detect any. Executable proof-of-concept attacks generated by our approach were reported to the corresponding app developers.

FOOD SECURITY ANALYSIS OF STAVROPOL KRAI

2020 ◽  
pp. 85-90
Author(s):  
Yu.M. Sklyarova ◽  
I.Yu. Sklyarov ◽  
E.N. Lapina
Keyword(s):  
Food Security ◽  
Security Analysis ◽  
Stavropol Krai

CONSTITUTIONAL AND LEGAL EXPERIENCE OF INTERACTION OF BICAMERAL PARLIAMENTS OF THE CIS COUNTRIES IN THE SPHERE OF FOOD SECURITY

2020 ◽  
Vol 10 (5) ◽  
pp. 43-49
Author(s):  
MARINA MARKHGEYM ◽  
◽  
ANNA BEZUGLAYA
Keyword(s):  
Food Security ◽  
Security Analysis ◽  
Legal Doctrine ◽  
Commonwealth Of Independent States ◽  
Independent States ◽  
Cis Countries

The article presents the author’s analysis of constitutional texts, regulations and analytical materials of the countries of the Commonwealth of Independent States in order to consolidate in them the consolidated powers of the chambers of parliaments associated with the implementation of food security. Analysis of legal acts of the studied group of states showed that the sphere of food security (as part of the agrarian and food sphere/function) is one of the eventual spheres of interaction between the chambers of parliament. In the course of the study, two approaches of states to the formalization of provisions related to food security in constitutional texts were identified. The first approach is to consolidate norms that indirectly affect the field of food security (Belarus, Kazakhstan, Russia); the second - in the absence of such provisions (Tajikistan and Uzbekistan). It has been established that the interaction of the chambers of parliaments in the field of food security is implemented through the adoption of laws, as well as through various parliamentary events (parliamentary hearings, round tables, seminars, meetings, etc.). It is concluded that the available options for interaction between the chambers of parliaments of states in the field of food security reflect their independent approaches, which are developed on the basis of legal doctrine and practice.

Sign in / Sign up

Export Citation Format

Share Document