In the last few years, mobiles and mobile-based tools and applications have become so widespread that mobile apps are used in all phases of life such as messaging, entertainment, healthcare, and all kinds of financial transactions. Further, as more applications are moved to mobile apps (e.g., Android and iOS), the security has become a major issue. As mobile applications transition to cloud-based platforms and necessitate remote access, the spectrum of potential attacks has broadened. The increase in security vulnerabilities and threats poses a significant challenge for organizations in terms of management and mitigation. Consequently, it is crucial for both organizations and individuals to enhance their security measures. It is imperative that scientists and engineers allocate more time to the detection, verification, and mitigation of security vulnerabilities on a grand scale. This encompasses the code base, infrastructure, and corporate assets. A variety of security tools for detection and reporting are available in the market. Nevertheless, these systems often generate a high number of false positives that subsequently require manual verification by security engineers. To deal with these challenges, in this study a mobile app security assessment model called Mobile App Security Assessment Tool (MASAT) is developed in Python language. In the model, we assess the Android Application Package (APK) files and try to detect the security vulnerabilities through forensic analysis. The model was tested for a number of APK files and found to be working satisfactory. The model developed will aid in the verification of security vulnerabilities by security scanners, reducing false positives and ensuring the reproducibility of security vulnerabilities at scale.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Mobile App Security Assessment Using Forensic Analysis of APK Files

  • Basil Eldho,
  • Sakina Salmani

摘要

In the last few years, mobiles and mobile-based tools and applications have become so widespread that mobile apps are used in all phases of life such as messaging, entertainment, healthcare, and all kinds of financial transactions. Further, as more applications are moved to mobile apps (e.g., Android and iOS), the security has become a major issue. As mobile applications transition to cloud-based platforms and necessitate remote access, the spectrum of potential attacks has broadened. The increase in security vulnerabilities and threats poses a significant challenge for organizations in terms of management and mitigation. Consequently, it is crucial for both organizations and individuals to enhance their security measures. It is imperative that scientists and engineers allocate more time to the detection, verification, and mitigation of security vulnerabilities on a grand scale. This encompasses the code base, infrastructure, and corporate assets. A variety of security tools for detection and reporting are available in the market. Nevertheless, these systems often generate a high number of false positives that subsequently require manual verification by security engineers. To deal with these challenges, in this study a mobile app security assessment model called Mobile App Security Assessment Tool (MASAT) is developed in Python language. In the model, we assess the Android Application Package (APK) files and try to detect the security vulnerabilities through forensic analysis. The model was tested for a number of APK files and found to be working satisfactory. The model developed will aid in the verification of security vulnerabilities by security scanners, reducing false positives and ensuring the reproducibility of security vulnerabilities at scale.