Skip to main content
SpringerLink
Log in

Improving Android Application Quality Through Extendable, Automated Security Testing

  • Chapter
  • First Online:
Emerging Trends in Cybersecurity Applications

  • 632 Accesses

Abstract

Users trust their most sensitive data to their mobile devices and installed applications. These applications continuously collect information about users and their interactions and store that data locally or share it over the network. App stores provide these applications for the user devices and act as trust gateways between the application developers and the end users, providing the needed assurance to the user that the application to be installed can be trusted. However, this process is far from ideal, mainly because App Stores usually validate developed applications submitted against antivirus and antimalware scrutiny but do not look at applications from a holistic security perspective. This chapter proposes, specifies and tests a system developed to improve Android applications’ security. This system is based on the automated testing of submitted apps and identifying potential security vulnerabilities to improve the apps’ development process, resulting in the overall improvement of the app ecosystem security both on the App Stores and on the end user’s devices. The source code of the system is available through a GitHub repository for public contribution.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. J. Clement, Mobile app usage – statistics & facts. Statista (2019). https://www.statista.com/topics/1002/mobile-app-usage/

  2. A. Ahmad, K. Li, C. Feng, S.M. Asim, A. Yousif, S. Ge, An empirical study of investigating mobile applications development challenges. IEEE Access 6, 17711–17728 (2018)

    Article  Google Scholar 

  3. J. Khan, H. Abbas, J. Al-Muhtadi, Survey on mobile user’s data privacy threats and defense mechanisms. Procedia Comput. Sci. 56, 376–383 (2015)

    Article  Google Scholar 

  4. P. Faruki, V. Laxmi, A. Bharmal, M.S. Gaur, V. Ganmoor, AndroSimilar: Robust signature for detecting variants of android malware. J. Inf. Secur. Appl. 22, 66–80 (2015)

    Google Scholar 

  5. I. Mohamed D. Patel, Android vs iOS security: A comparative study, in 2015 12th International Conference on Information Technology-New Generations (2015), pp. 725–730

    Google Scholar 

  6. T. Petsas, A. Papadogiannakis, M. Polychronakis, E. P. Markatos, T. Karagiannis, Rise of the planet of the apps: A systematic study of the mobile app ecosystem, in Proceedings of the 2013 conference on Internet measurement conference (2013), pp. 277–290

    Google Scholar 

  7. F. Palma, N. Realista, C. Serrão, L. Nunes, J. Oliveira, A. Almeida, Automated security testing of android applications for secure mobile development, in 2020 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW) (2020), pp. 222–231

    Google Scholar 

  8. R. Mahmood, N. Esfahani, T. Kacem, N. Mirzaei, S. Malek, A. Stavrou, A whitebox approach for automated security testing of android applications on the cloud, in 2012 7th International Workshop on Automation of Software Test (AST) (2012), pp. 22–28

    Google Scholar 

  9. OWASP, OWASP Mobile Security Project. https://www.owasp.org/index.php/OWASP_Mobile_Security_Project. Accessed 11 Dec 2019

  10. OWASP, OWASP Mobile Mobile Top 10 (2016). https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10. Accessed 11 Dec 2019

  11. ENISA, Privacy and Data Protection in Mobile Applications (2018)

    Google Scholar 

  12. ENISA, Smartphone Secure Development Guidelines (2017)

    Google Scholar 

  13. S. Quirolgico, J. Voas, T. Karygiannis, C. Michael, K. Scarfone, Vetting the Security of Mobile Applications (2015).. https://doi.org/10.6028/NIST.SP.800-163

  14. M. Howard, S. Lipner, The Security Development Lifecycle. O’Reilly Media, Incorporated (2009)

    Google Scholar 

  15. M. Howard, Building more secure software with improved development processes. IEEE Secur. Priv. 2(6), 63–65 (2004). https://doi.org/10.1109/MSP.2004.95

    Article  Google Scholar 

  16. G. McGraw, Software security and the building security in maturity model (BSIMM). J. Comput. Sci. Coll. 30(3), 7–8 (2015)

    Google Scholar 

  17. B. Chess, B. Arkin, Software security in practice. IEEE Secur. Priv. 9(2), 89–92 (2011)

    Article  Google Scholar 

  18. G. McGraw, Building secure software: Better than protecting bad software. IEEE Softw. 19(6), 57–58 (2002). https://doi.org/10.1109/MS.2002.1049391

    Article  Google Scholar 

  19. P. Kong, L. Li, J. Gao, K. Liu, T.F. Bissyandé, J. Klein, Automated testing of android apps: A systematic literature review. IEEE Trans. Reliab. 68(1), 45–66 (2018)

    Article  Google Scholar 

  20. A. Amin, A. Eldessouki, M.T. Magdy, N. Abdeen, H. Hindy, I. Hegazy, Androshield: Automated android applications vulnerability detection, a hybrid static and dynamic analysis approach. Information 10(10), 326 (2019)

    Article  Google Scholar 

  21. Androbugs, AndroBugs Framework (2015), [Online]. Available: https://github.com/AndroBugs/AndroBugs_Framework

  22. N. Drong, J. Van Thuijl, Upgrading and Extending the AndroBugs Framework (2020)

    Google Scholar 

  23. C. André, DroidstatX (2019), [Online]. Available: https://github.com/clviper/droidstatx

  24. D. Thomas, AndroWarn (2019), [Online]. Available: https://github.com/maaaaz/androwarn

  25. I. Revivo, O. Caspi, Cuckoo-Droid (2017), [Online]. Available: https://github.com/idanr1986/cuckoo-droid

  26. G. Suciu, C.-I. Istrate, R. I. Ruaducanu, M.-C. Dictu, O. Fratu, A. Vulpe, Mobile devices forensic platform for malware detection, in 6th International Symposium for ICS \& SCADA Cyber Security Research 2019 6 (2019), pp. 59–66

    Google Scholar 

  27. M. N. Seghir, D. Aspinall, Evicheck: Digital evidence for android, in International Symposium on Automated Technology for Verification and Analysis (2015), pp. 221–227

    Google Scholar 

  28. Linkedin, Quick Android Review Kit (2017), [Online]. Available: https://github.com/linkedin/qark/

  29. MobSF, Mobile Security Framework – MobSF (2019), [Online]. Available: https://github.com/MobSF/Mobile-Security-Framework-MobSF

Download references

Acknowledgements

This work is part of the AppSentinel project, co-funded by Lisboa2020/Portugal2020/EU in the context of the Portuguese Sistema de Incentivos à I&DT - Projetos em Copromoção (project 33953).

Author information

Authors and Affiliations

  1. ISCTE – Instituto Universitário de Lisboa, Information Sciences, Technologies and Architecture Research Center (ISTAR-IUL), Lisbon, Portugal

    Nuno Realista, Francisco Palma, Carlos Serrão, Luís Nunes & Ana Almeida

Authors
  1. Nuno Realista
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Francisco Palma
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Carlos Serrão
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Luís Nunes
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ana Almeida
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Carlos Serrão .

Editor information

Editors and Affiliations

  1. University of Detroit Mercy, Detroit, MI, USA

    Kevin Daimi

  2. Kent Institute Australia, Sydney, NSW, Australia

    Abeer Alsadoon

  3. Ulster University, Ulster, UK

    Cathryn Peoples

  4. EPITA Engineering School, Paris, France

    Nour El Madhoun

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Realista, N., Palma, F., Serrão, C., Nunes, L., Almeida, A. (2023). Improving Android Application Quality Through Extendable, Automated Security Testing. In: Daimi, K., Alsadoon, A., Peoples, C., El Madhoun, N. (eds) Emerging Trends in Cybersecurity Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-09640-2_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-09640-2_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-09639-6

  • Online ISBN: 978-3-031-09640-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation