Design for a cloud-based hybrid Android application security assessment framework

Android platforms occupy predominant proportion of mobile market. Billions of Android apps are held on different public app markets or private repositories which needs an integrated procedure to control the security risks for the applications submitted from developers. To ensure the delivery of safe applications, the developers also need to identify potential security issues within the applications before the submissions. The industry lacks of an approach that can provide accurate, efficient and agile security assessment for Android applications. Based on the concept of data fusion, we design a hybrid assessment framework that combines white-box, black-box assessment and environmental forensic techniques. The proposed hybrid assessment framework is aimed to improve the overall assessment quality by harmonizing the merits of various conventional assessment techniques into an integrated system. Moreover, as security analysis usually requires databases with large volume of signature information and huge computing capacity used for vulnerability searching, the difficulty of the assessment is even increased if the application developers and inspectors are geographically distributed. We propose a cloud-based deployment strategy to enhance the accessibility, flexibility and cost-efficiency for the hybrid security assessment system.