Vulnerability Detection on Android Apps–Inspired by Case Study on Vulnerability Related With Web Functions

Qin, Jiawei; Zhang, Hua; Guo, Jing; Wang, Senmiao; Wen, Qiaoyan; Shi, Yuanming

doi:10.1109/access.2020.2998043

Cited by 10 publications

(5 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ApkAnalyzer [13], FlowDroid [17] Qin, et al, IEEE Access, 2020 [116] Alibaba Cloud OSS credential disclosure, Improper certificate validation, Web-View remote code execution, Web-View bypass certificate validation It can detect vulnerabilities in packed and unpacked apps with a low computing cost. The average accuracy, detection rate, efficiency, and scalability are also high.…”

Section: 23mentioning

confidence: 99%

“…An increasing number of these supporting methods, such as [45,48,89,93] are based on machine learning and deep learning for automatic early detection of security issues and vulnerabilities, which can support the software engineers to improve software security. Studies in [10,18,116,164] employ alternative techniques, to identify vulnerabilities. A thorough understanding of these existing methods is essential for developing Android applications by applying security best practices.…”

Section: Introductionmentioning

confidence: 99%

“…127 records excluded due to not available in public Records after removing nonpublic records (687) 568 records excluded due to not in the review focus Final number of records included (118) Identification Screening Eligibility Included 3 records excluded due to insufficient analysis 2 records added from snowballing Records after excluding out of focus records (119)Total records found(116) …”

mentioning

confidence: 99%

“…Few studies considered dynamic analysis also with the conventional methods. The study in[116], Android app vulnerability detection was discussed, and it was inspired by a case study of web functions' vulnerabilities. Android app categories including browsers, shopping, and finance were investigated for security by downloading and examining 6,177 apps.…”

mentioning

confidence: 99%

See 3 more Smart Citations

Android Source Code Vulnerability Detection: A Systematic Literature Review

et al. 2023

View full text Add to dashboard Cite

The use of mobile devices is rising daily in this technological era. A continuous and increasing number of mobile applications are constantly offered on mobile marketplaces to fulfil the needs of smartphone users. Many Android applications do not address the security aspects appropriately. This is often due to a lack of automated mechanisms to identify, test, and fix source code vulnerabilities at the early stages of design and development. Therefore, the need to fix such issues at the initial stages rather than providing updates and patches to the published applications is widely recognized. Researchers have proposed several methods to improve the security of applications by detecting source code vulnerabilities and malicious codes. This Systematic Literature Review (SLR) focuses on Android application analysis and source code vulnerability detection methods and tools by critically evaluating 118 carefully selected technical studies published between 2016 and 2022. It highlights the advantages, disadvantages, applicability of the proposed techniques and potential improvements of those studies. Both Machine Learning (ML) based methods and conventional methods related to vulnerability detection are discussed while focusing more on ML-based methods since many recent studies conducted experiments with ML. Therefore, this paper aims to enable researchers to acquire in-depth knowledge in secure mobile application development while minimizing the vulnerabilities by applying ML methods. Furthermore, researchers can use the discussions and findings of this SLR to identify potential future research and development directions.

show abstract

Section: 23mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 99%

mentioning

confidence: 99%

See 2 more Smart Citations

Android Source Code Vulnerability Detection: A Systematic Literature Review

et al. 2023

View full text Add to dashboard Cite

show abstract

“…Nowadays, people's lifestyles increasingly depend on mobile applications (apps), such as B. shopping, managing money, surfing the Internet, etc. However, developers mainly focus on application implementation and user experience improvement while ignoring security issues [10]. With the application of users to an application to support their productivity, irresponsible parties are often used to infiltrate malicious code in several applications.…”

Section: Introductionmentioning

confidence: 99%

Mobile Device Security Evaluation using Reverse TCP Method

Riadi¹,

Aprilliansyah

Sunardi³

2022

KINETIK

View full text Add to dashboard Cite

Security evaluation on Android devices is critical so that users of the operating system are protected from malware attacks such as remote access trojans that can steal users' credential data. Remote access trojan (RAT) attacks can be anticipated by detecting vulnerabilities in applications and systems. This study simulates a remote access trojan attack by exploiting it until the Attacker gains full access to the victim's device. The episode is carried out with several steps: creating a payload, installing applications to the victim's device, connecting listeners, and performing exploits to retrieve important information on the victim's device. Test material using Android 12, problems occurred when trying to install the application because a harmful warning will appear from Play Protect due to not using the latest version of privacy protection which causes the application to be indicated as malware and the like. On Android 11, the application injected with the backdoor was successfully installed on the device and successfully accessed by the attacker. Attackers also get vital information, including system information, contacts, call logs, messages, and full access to the victim's device system directory. Based on this research, it is expected that Android device users constantly update the Android version on the device they are using.

show abstract