Analysis on Password Protection in Android Applications

Submitted by BrandonB on Mon, 05/04/2015 - 12:26pm

Title	Analysis on Password Protection in Android Applications
Publication Type	Conference Paper
Year of Publication	2014
Authors	Shao Shuai, Dong Guowei, Guo Tao, Yang Tianchang, Shi Chenjie
Conference Name	P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), 2014 Ninth International Conference on
Date Published	Nov
Keywords	Android applications, Android apps, Androids, API call record, cryptography, cryptography misuse analysis, cryptography misuse detection, data privacy, decompile step, Encryption, Humanoid robots, leakage, mobile computing, password, password leakage, password protection, privacy, PW Exam, smart phones, taint analysis, user privacy, Vulnerability, vulnerability analyzing method
Abstract	Although there has been much research on the leakage of sensitive data in Android applications, most of the existing research focus on how to detect the malware or adware that are intentionally collecting user privacy. There are not much research on analyzing the vulnerabilities of apps that may cause the leakage of privacy. In this paper, we present a vulnerability analyzing method which combines taint analysis and cryptography misuse detection. The four steps of this method are decompile, taint analysis, API call record, cryptography misuse analysis, all of which steps except taint analysis can be executed by the existing tools. We develop a prototype tool PW Exam to analysis how the passwords are handled and if the app is vulnerable to password leakage. Our experiment shows that a third of apps are vulnerable to leak the users' passwords.
URL	https://ieeexplore.ieee.org/document/7024636/
DOI	10.1109/3PGCIC.2014.102
Citation Key	7024636

Groups:

Science of Security VO