APSET, an Android aPplication SEcurity Testing tool for detecting intent-based vulnerabilities

Salva, Sébastien; Zafimiharisoa, Stassia R.

doi:10.1007/s10009-014-0303-8

Cited by 18 publications

(19 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The literature includes several contributions on highlighting issues related to the performance of Android apps such as poor responsiveness [29] and exception handling [55]. Yang et al [74], for example, have proposed a systematic testing approach to uncover and quantify common causes of poor [27] MAMBA [28] Pretect [29] SSDA [30] TrimDroid [8] ERVA [9] SAPIENZ [11] RacerDroid [31] DiagDroid [32] MOTIF [33] DRUN [34] GAT [35] Zhang et al [36] Jabbarvand et al [37] Qian et al [38] Ermuth et al [39] Zhang et al [40] Zhang et al [41] dLens [42] Packeviius et al [43] Knorr et al [44] IntentDroid [45] Farto et al [46] Bielik et al [47] MobiGUITAR [48] Aktouf et al [49] AppAudit [50] Hassanshahi et al [51] iMPAcT [52] Deng et al [53] Espada et al [54] Zhang et al [55] QUANTUM [56] CRAXDroid [57] IntentFuzzer [58] Vikomir et al [59] Shahriar et al [60] APSET [61] DROIDRACER [62] AppACTS [63] CAFA [64] Guo et al…”

Section: Test Objectivesmentioning

confidence: 99%

“…[43] SIG-Droid [99] Knorr et al [44] TAST [100] IntentDroid [45] Griebe et al [101] Farto et al [46] Bielik et al [47] MobiGUITAR [48] AGRippin [102] Aktouf et al [49] THOR [103] AppAudit [50] Morgado et al [104] Hassanshahi et al [51] iMPAcT [52] Deng et al [53] Espada et al [54] Zhang et al [55] QUANTUM [56] CRAXDroid [57] IntentFuzzer [58] Vikomir et al [59] Shahriar et al [60] APSET [61] DROIDRACER [62] EvoDroid [105] SPAG-C [106] Caiipa [107] UGA [108] AppACTS [63] CAFA [64] Holzmann et al [109] Guo et al [65] Griebe et al [66] PBGT [67] Chen et al [110] Banerjee et al [68] Amalfitano et al [111] Adinata et al [112] A5 [69] Suarez et al [70] Linares et al [71] Sasnauskas et al [72] AMDetector [73] RERAN [15] Yang et al …”

Section: Which Test Levels Are Addressed?mentioning

confidence: 99%

See 1 more Smart Citation

Automated Testing of Android Apps: A Systematic Literature Review

et al. 2019

View full text Add to dashboard Cite

Automated testing of Android apps is essential for app users, app developers and market maintainer communities alike. Given the widespread adoption of Android and the specificities of its development model, the literature has proposed various testing approaches for ensuring that not only functional requirements but also non-functional requirements are satisfied. In this paper, we aim at providing a clear overview of the state-of-the-art works around the topic of Android app testing, in an attempt to highlight the main trends, pinpoint the main methodologies applied and enumerate the challenges faced by the Android testing approaches as well as the directions where the community effort is still needed. To this end, we conduct a Systematic Literature Review (SLR) during which we eventually identified 103 relevant research papers published in leading conferences and journals until 2016. Our thorough examination of the relevant literature has led to several findings and highlighted the challenges that Android testing researchers should strive to address in the future. After that, we further propose a few concrete research directions where testing approaches are needed to solve recurrent issues in app updates, continuous increases of app sizes, as well as the Android ecosystem fragmentation. 1 INTRODUCTION Android smart devices have become pervasive after gaining tremendous popularity in recent years. As of July 2017, Google Play, the official app store, is distributing over 3 million Android applications (i.e., apps), covering over 30 categories ranging from entertainment and personalisation apps to education and financial apps. Such popularity among developer communities can be attributed to the accessible development environment based on familiar Java programming language as well as the availability of libraries implementing diverse functionalities [1]. The app distribution ecosystem around the official store and other alternative stores such as Anzhi and AppChina is further attractive for users to find apps and organisations to market their apps [2]. Unfortunately, the distribution ecosystem of Android is porous to poorly-tested apps [3]-[5]. Yet, as reported • ξ The corresponding author.

show abstract

Section: Test Objectivesmentioning

confidence: 99%

Section: Which Test Levels Are Addressed?mentioning

confidence: 99%

Automated Testing of Android Apps: A Systematic Literature Review

et al. 2019

View full text Add to dashboard Cite

show abstract

“…APSET is a tool for Android application security testing. This tool aims to detect intent‐based vulnerabilities and uses vulnerability patterns proposed by an Android expert.…”

Section: Related Workmentioning

confidence: 99%

“…This mechanism is combined with the permission mechanism in the components to achieve more flexibility in developing applications. 12 As the Android application communication model mostly promotes the development of rich applications, Android developers can use this communication model to leverage existing data and services provided by other applications. To achieve this, Android has provided a message passing system that facilitates the communication of applications.…”

mentioning

confidence: 99%

VAnDroid: A framework for vulnerability analysis of Android applications using a model‐driven reverse engineering technique

2018

View full text Add to dashboard Cite

Summary Android is extensively used worldwide by mobile application developers. Android provides applications with a message passing system to communicate within and between them. Due to the risks associated with this system, it is vital to detect its unsafe operations and potential vulnerabilities. To achieve this goal, a new framework, called VAnDroid, based on Model Driven Reverse Engineering (MDRE), is presented that identifies security risks and vulnerabilities related to the Android application communication model. In the proposed framework, some security‐related information included in an Android app is automatically extracted and represented as a domain‐specific model. Then, it is used for analyzing security configurations and identifying vulnerabilities in the corresponding application. The proposed framework is implemented as an Eclipse‐based tool, which automatically identifies the Intent Spoofing and Unauthorized Intent Receipt as two attacks related to the Android application communication model. To evaluate the tool, it has been applied to several real‐world Android applications, including 20 apps from Google Play and 110 apps from the F‐Droid repository. VAnDroid is also compared with several existing analysis tools, and it is shown that it has a number of key advantages over those tools specifically regarding its high correctness, scalability, and usability in discovering vulnerabilities. The results well indicate the effectiveness and capacity of the VAnDroid as a promising approach in the field of Android security.

show abstract

“…There are other model-based testing tools for Android which are not focused on models that consider the user inputs. For instance, the tool APSET [23] considers manually constructed formal models of vulnerability patterns to generate test cases for ANDROID applications. Test generation is implemented with an ad-hoc algorithm that also considers the compiled code of the application and the configuration files in the ANDROID system.…”

Section: Comparison With Related Workmentioning

confidence: 99%

Using Model Checking to Generate Test Cases for Android Applications

Espada

Gallardo

Salmerón

et al. 2015

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

The behavior of mobile devices is highly non deterministic and barely predictable due to the interaction of the user with its applications. In consequence, analyzing the correctness of applications running on a smartphone involves dealing with the complexity of its environment. In this paper, we propose the use of model-based testing to describe the potential behaviors of users interacting with mobile applications. These behaviors are modeled by composing specially-designed state machines. These composed state machines can be exhaustively explored using a model checking tool to automatically generate all possible user interactions. Each generated trace model checker can be interpreted as a test case to drive a runtime analysis of actual applications. We have implemented a tool that follows the proposed methodology to analyze ANDROID devices using the model checker SPIN as the exhaustive generator of test cases.

show abstract

APSET, an Android aPplication SEcurity Testing tool for detecting intent-based vulnerabilities

Cited by 18 publications

References 19 publications

Automated Testing of Android Apps: A Systematic Literature Review

Automated Testing of Android Apps: A Systematic Literature Review

VAnDroid: A framework for vulnerability analysis of Android applications using a model‐driven reverse engineering technique

Using Model Checking to Generate Test Cases for Android Applications

Contact Info

Product

Resources

About