MAS: Mobile-Apps Assessment and Analysis System
Title | MAS: Mobile-Apps Assessment and Analysis System |
Publication Type | Conference Paper |
Year of Publication | 2017 |
Authors | Tien, C. W., Huang, T. Y., Huang, T. C., Chung, W. H., Kuo, S. Y. |
Conference Name | 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W) |
Date Published | June 2017 |
Publisher | IEEE |
ISBN Number | 978-1-5386-2272-8 |
Keywords | Android (operating system), Android app, Android apps, android encryption, automatic security validation system, dynamic analysis, Encryption, Google, Google Play store, Government, Guidelines, Human Behavior, human factors, MAS, Metrics, mobile applications, mobile apps assessment and analysis system, Mobile communication, mobile computing, mobile security, program diagnostics, pubcrawl, resilience, Resiliency, Scalability, security of data, Security Validation, static analysis, Taiwan government, Trusted Computing |
Abstract | Mobile apps are widely adopted in daily life, and contain increasing security flaws. Many regulatory agencies and organizations have announced security guidelines for app development. However, most security guidelines involving technicality and compliance with this requirement is not easily feasible. Thus, we propose Mobile Apps Assessment and Analysis System (MAS), an automatic security validation system to improve guideline compliance. MAS combines static and dynamic analysis techniques, which can be used to verify whether android apps meet the security guideline requirements. We implemented MAS in practice and verified 143 real-world apps produced by the Taiwan government. Besides, we also validated 15,000 popular apps collected from Google Play Store produced in three countries. We found that most apps contain at least three security issues. Finally, we summarize the results and list the most common security flaws for consideration in further app development. |
URL | http://ieeexplore.ieee.org/document/8023720/ |
DOI | 10.1109/DSN-W.2017.17 |
Citation Key | tien_mas:_2017 |
- Mobile Applications
- Trusted Computing
- Taiwan government
- static analysis
- Security Validation
- security of data
- Scalability
- Resiliency
- resilience
- pubcrawl
- program diagnostics
- Mobile Security
- mobile computing
- Mobile communication
- mobile apps assessment and analysis system
- Android (operating system)
- Metrics
- MAS
- Human Factors
- Human behavior
- Guidelines
- Government
- Google Play store
- encryption
- dynamic analysis
- automatic security validation system
- android encryption
- Android apps
- Android app