Abstract
Users trust their most sensitive data to their mobile devices and installed applications. These applications continuously collect information about users and their interactions and store that data locally or share it over the network. App stores provide these applications for the user devices and act as trust gateways between the application developers and the end users, providing the needed assurance to the user that the application to be installed can be trusted. However, this process is far from ideal, mainly because App Stores usually validate developed applications submitted against antivirus and antimalware scrutiny but do not look at applications from a holistic security perspective. This chapter proposes, specifies and tests a system developed to improve Android applications’ security. This system is based on the automated testing of submitted apps and identifying potential security vulnerabilities to improve the apps’ development process, resulting in the overall improvement of the app ecosystem security both on the App Stores and on the end user’s devices. The source code of the system is available through a GitHub repository for public contribution.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
J. Clement, Mobile app usage – statistics & facts. Statista (2019). https://www.statista.com/topics/1002/mobile-app-usage/
A. Ahmad, K. Li, C. Feng, S.M. Asim, A. Yousif, S. Ge, An empirical study of investigating mobile applications development challenges. IEEE Access 6, 17711–17728 (2018)
J. Khan, H. Abbas, J. Al-Muhtadi, Survey on mobile user’s data privacy threats and defense mechanisms. Procedia Comput. Sci. 56, 376–383 (2015)
P. Faruki, V. Laxmi, A. Bharmal, M.S. Gaur, V. Ganmoor, AndroSimilar: Robust signature for detecting variants of android malware. J. Inf. Secur. Appl. 22, 66–80 (2015)
I. Mohamed D. Patel, Android vs iOS security: A comparative study, in 2015 12th International Conference on Information Technology-New Generations (2015), pp. 725–730
T. Petsas, A. Papadogiannakis, M. Polychronakis, E. P. Markatos, T. Karagiannis, Rise of the planet of the apps: A systematic study of the mobile app ecosystem, in Proceedings of the 2013 conference on Internet measurement conference (2013), pp. 277–290
F. Palma, N. Realista, C. Serrão, L. Nunes, J. Oliveira, A. Almeida, Automated security testing of android applications for secure mobile development, in 2020 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW) (2020), pp. 222–231
R. Mahmood, N. Esfahani, T. Kacem, N. Mirzaei, S. Malek, A. Stavrou, A whitebox approach for automated security testing of android applications on the cloud, in 2012 7th International Workshop on Automation of Software Test (AST) (2012), pp. 22–28
OWASP, OWASP Mobile Security Project. https://www.owasp.org/index.php/OWASP_Mobile_Security_Project. Accessed 11 Dec 2019
OWASP, OWASP Mobile Mobile Top 10 (2016). https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10. Accessed 11 Dec 2019
ENISA, Privacy and Data Protection in Mobile Applications (2018)
ENISA, Smartphone Secure Development Guidelines (2017)
S. Quirolgico, J. Voas, T. Karygiannis, C. Michael, K. Scarfone, Vetting the Security of Mobile Applications (2015).. https://doi.org/10.6028/NIST.SP.800-163
M. Howard, S. Lipner, The Security Development Lifecycle. O’Reilly Media, Incorporated (2009)
M. Howard, Building more secure software with improved development processes. IEEE Secur. Priv. 2(6), 63–65 (2004). https://doi.org/10.1109/MSP.2004.95
G. McGraw, Software security and the building security in maturity model (BSIMM). J. Comput. Sci. Coll. 30(3), 7–8 (2015)
B. Chess, B. Arkin, Software security in practice. IEEE Secur. Priv. 9(2), 89–92 (2011)
G. McGraw, Building secure software: Better than protecting bad software. IEEE Softw. 19(6), 57–58 (2002). https://doi.org/10.1109/MS.2002.1049391
P. Kong, L. Li, J. Gao, K. Liu, T.F. Bissyandé, J. Klein, Automated testing of android apps: A systematic literature review. IEEE Trans. Reliab. 68(1), 45–66 (2018)
A. Amin, A. Eldessouki, M.T. Magdy, N. Abdeen, H. Hindy, I. Hegazy, Androshield: Automated android applications vulnerability detection, a hybrid static and dynamic analysis approach. Information 10(10), 326 (2019)
Androbugs, AndroBugs Framework (2015), [Online]. Available: https://github.com/AndroBugs/AndroBugs_Framework
N. Drong, J. Van Thuijl, Upgrading and Extending the AndroBugs Framework (2020)
C. André, DroidstatX (2019), [Online]. Available: https://github.com/clviper/droidstatx
D. Thomas, AndroWarn (2019), [Online]. Available: https://github.com/maaaaz/androwarn
I. Revivo, O. Caspi, Cuckoo-Droid (2017), [Online]. Available: https://github.com/idanr1986/cuckoo-droid
G. Suciu, C.-I. Istrate, R. I. Ruaducanu, M.-C. Dictu, O. Fratu, A. Vulpe, Mobile devices forensic platform for malware detection, in 6th International Symposium for ICS \& SCADA Cyber Security Research 2019 6 (2019), pp. 59–66
M. N. Seghir, D. Aspinall, Evicheck: Digital evidence for android, in International Symposium on Automated Technology for Verification and Analysis (2015), pp. 221–227
Linkedin, Quick Android Review Kit (2017), [Online]. Available: https://github.com/linkedin/qark/
MobSF, Mobile Security Framework – MobSF (2019), [Online]. Available: https://github.com/MobSF/Mobile-Security-Framework-MobSF
Acknowledgements
This work is part of the AppSentinel project, co-funded by Lisboa2020/Portugal2020/EU in the context of the Portuguese Sistema de Incentivos à I&DT - Projetos em Copromoção (project 33953).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Realista, N., Palma, F., Serrão, C., Nunes, L., Almeida, A. (2023). Improving Android Application Quality Through Extendable, Automated Security Testing. In: Daimi, K., Alsadoon, A., Peoples, C., El Madhoun, N. (eds) Emerging Trends in Cybersecurity Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-09640-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-09640-2_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-09639-6
Online ISBN: 978-3-031-09640-2
eBook Packages: Computer ScienceComputer Science (R0)