Blackdroid: A black-box way for Android plaintext and ciphertext privacy leaks detecting and guarding

Zhang, Yan; Wang, Yazhe; Wang, Dan; Zhou, Qihui; Zhang, Ruoding

doi:10.1109/cecnet.2013.6703301

Cited by 2 publications

(2 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Answers to Q 9 confirm the importance of research studying security weaknesses related to data stored/manipulated by the apps [4,10,45].…”

Section: Survey With Developersmentioning

confidence: 92%

“…CWE-20: Improper Input Validation DifFuzz [40], DroidFuzzer [36], EvoTaint [38], Flowdroid [4], Huang et al [37], IVDroid [39], Monkey [ AppFence [50], AppIntent [51], AutoPatchDroid [52], Blackdroid [45], CoChecker [53], ComDroid [54], ContentScope [55], Covert [56], CredMiner [57],Flowdroid [4], IccTA [5], Kul et al [49], Matsumoto2013 et al [58], MITHYS [59], M-Perm [60], OAUTHLINT [61], Onwuzurike et al [62] CWE-269: Improper Privilege Management AppProfiler [63], AppGuard [64], AutoPatchDroid [52], AW-iDe [65], Bartsch et al [66], CoChecker [53], Covert [56], DroidChecker [67], Droidtector [68], Lintent [69], M-Perm [60], PaddyFrog [ External validity. We manually analyzed a total of 681 security weakness-fixing commits coming from 315 apps.…”

Section: Security Weaknesses Toolsmentioning

confidence: 99%

See 1 more Smart Citation

Taxonomy of Security Weaknesses in Java and Kotlin Android Apps

Mazuera-Rozo¹,

Escobar‐Velásquez²,

Espitia-Acero³

et al. 2022

Preprint

View full text Add to dashboard Cite

Android is nowadays the most popular operating system in the world, not only in the realm of mobile devices, but also when considering desktop and laptop computers. Such a popularity makes it an attractive target for security attacks, also due to the sensitive information often manipulated by mobile apps. The latter are going through a transition in which the Android ecosystem is moving from the usage of Java as the official language for developing apps, to the adoption of Kotlin as the first choice supported by Google. While previous studies have partially studied security weaknesses affecting Java Android apps, there is no comprehensive empirical investigation studying software security weaknesses affecting Android apps considering (and comparing) the two main languages used for their development, namely Java and Kotlin. We present an empirical study in which we: (i) manually analyze 681 commits including security weaknesses fixed by developers in Java and Kotlin apps, with the goal of defining a taxonomy highlighting the types of software security weaknesses affecting Java and Kotlin Android apps; (ii) survey 43 Android developers to validate and complement our taxonomy. Based on our findings, we propose a list of future actions that could be performed by researchers and practitioners to improve the security of Android apps.

show abstract

“…Answers to Q 9 confirm the importance of research studying security weaknesses related to data stored/manipulated by the apps [4,10,45].…”

Section: Survey With Developersmentioning

confidence: 92%