A carregar...
Publicação
App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats
| Nome: | Descrição: | Tamanho: | Formato: | |
|---|---|---|---|---|
| 1.84 MB | Adobe PDF |
Autores
Orientador(es)
Resumo(s)
Today’s smart-phones are ubiquitous in people’s lives, collecting and storing private
and confidential data. At the same time, users are exposed to mobile apps with bad
engineering practices and to malicious apps, both endangering the security of their data.
This happens because app stores face considerable challenges, like the efficient analysis
of the huge volume of apps received, the moving target nature of the threats and the lack
of accuracy of users’ feedback.
In this dissertation we present a study on the use of automated verification tools of
applications at the app market level for improving the security of the end users. This
study led to a platform that combines static analysis tools for Android apps with users’
feedback to determine the apps threat level. We implemented this platform as a module
and evaluated it in Aptoide - an Android app store - to support the quality assurance
decisions of app inspection, which might lead to the removal of the app from the store.
The assessment shows that for the 19% of the APKs ranked with the highest threat
level, the proposed module only failed in 2%. This means that, in a context of an app store
that receives thousands of apps per day, the module is able to inform with considerable
certainty which apps need to be inspected by the quality assurance team with urgency,
because are likely a threat to consumers. Therefore, the proposed solution contributes to
accelerate the app store response to mobile threats and, consequently, to the reduction of
its impact on app consumers.
Although the module improves and strengthens the application verification process
by uncovering problems that were not previously exposed, after we made more tests we
realised that the specification of these problems could be further adjusted.
Descrição
Palavras-chave
android apps app store services mobile quality assurance software testing static analysis