Jump to content
Nytro

An Empirical Study of Cryptographic Misuse in Android Applications

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

An Empirical Study of Cryptographic Misuse

in Android Applications

ABSTRACT

Developers use cryptographic APIs in Android with the intent

of securing data such as passwords and personal information

on mobile devices. In this paper, we ask whether developers

use the cryptographic APIs in a fashion that provides typical

cryptographic notions of security, e.g., IND-CPA security. We

develop program analysis techniques to automatically check

programs on the Google Play marketplace, and find that

10,327 out of 11,748 applications that use cryptographic APIs

– 88% overall – make at least one mistake. These numbers

show that applications do not use cryptographic APIs in a

fashion that maximizes overall security. We then suggest

specific remediations based on our analysis towards improving

overall cryptographic security in Android applications.

Download:

https://www.cs.ucsb.edu/~chris/research/doc/ccs13_cryptolint.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...