• DocumentCode
    247129
  • Title

    Analysis on Password Protection in Android Applications

  • Author

    Shao Shuai ; Dong Guowei ; Guo Tao ; Yang Tianchang ; Shi Chenjie

  • Author_Institution
    China Inf. Technol. Security Evaluation Center, Beijing, China
  • fYear
    2014
  • fDate
    8-10 Nov. 2014
  • Firstpage
    504
  • Lastpage
    507
  • Abstract
    Although there has been much research on the leakage of sensitive data in Android applications, most of the existing research focus on how to detect the malware or adware that are intentionally collecting user privacy. There are not much research on analyzing the vulnerabilities of apps that may cause the leakage of privacy. In this paper, we present a vulnerability analyzing method which combines taint analysis and cryptography misuse detection. The four steps of this method are decompile, taint analysis, API call record, cryptography misuse analysis, all of which steps except taint analysis can be executed by the existing tools. We develop a prototype tool PW Exam to analysis how the passwords are handled and if the app is vulnerable to password leakage. Our experiment shows that a third of apps are vulnerable to leak the users´ passwords.
  • Keywords
    cryptography; data privacy; mobile computing; smart phones; API call record; Android applications; PW Exam; cryptography misuse analysis; cryptography misuse detection; decompile step; password leakage; password protection; taint analysis; user privacy; vulnerability analyzing method; Androids; Encryption; Humanoid robots; Privacy; Smart phones; Android apps; leakage; password; vulnerability;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), 2014 Ninth International Conference on
  • Conference_Location
    Guangdong
  • Type

    conf

  • DOI
    10.1109/3PGCIC.2014.102
  • Filename
    7024636
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=247129