Evaluation of Cryptography Usage in Android Applications

Evaluation of Cryptography Usage in Android Applications

Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we do...

Full description

Bibliographic Details
Main Authors: Alexia Chatzikonstantinou, Christoforos Ntantogian, Georgios Karopoulos, Christos Xenakis
Format: Article
Language:English
Published: European Alliance for Innovation (EAI) 2016-12-01
Series:EAI Endorsed Transactions on Security and Safety
Subjects:
software security
android
cryptography misuse
Online Access:http://eudl.eu/doi/10.4108/eai.3-12-2015.2262471
id doaj-art-eef47dd40e864be2a3b2784c3eee3ba7
recordtype oai_dc
spelling doaj-art-eef47dd40e864be2a3b2784c3eee3ba72018-09-02T22:37:58ZengEuropean Alliance for Innovation (EAI)EAI Endorsed Transactions on Security and Safety2032-93932016-12-01391810.4108/eai.3-12-2015.2262471Evaluation of Cryptography Usage in Android ApplicationsAlexia Chatzikonstantinou0Christoforos Ntantogian1Georgios Karopoulos2Christos Xenakis3Mezza GroupUniversity of Piraeus, Department of Digital Systems; dadoyan@unipi.grUniversity of Athens, Department of Informatics and TelecommunicationsUniversity of Piraeus, Department of Digital SystemsMobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we downloaded 49 Android applications from the Google Play marketplace and performed static and dynamic analysis in an attempt to detect possible cryptographic misuses. The results showed that 87.8% of the applications present some kind of misuse, while for the rest of them no cryptography usage was detected during the analysis. Finally, we suggest countermeasures, mainly intended for developers, to alleviate the issues identified by the analysis.http://eudl.eu/doi/10.4108/eai.3-12-2015.2262471software securityandroidcryptography misuse
institution Open Data Bank
collection Open Access Journals
building Directory of Open Access Journals
language English
format Article
author Alexia Chatzikonstantinou
Christoforos Ntantogian
Georgios Karopoulos
Christos Xenakis
spellingShingle Alexia Chatzikonstantinou
Christoforos Ntantogian
Georgios Karopoulos
Christos Xenakis
Evaluation of Cryptography Usage in Android Applications
EAI Endorsed Transactions on Security and Safety
software security
android
cryptography misuse
author_facet Alexia Chatzikonstantinou
Christoforos Ntantogian
Georgios Karopoulos
Christos Xenakis
author_sort Alexia Chatzikonstantinou
title Evaluation of Cryptography Usage in Android Applications
title_short Evaluation of Cryptography Usage in Android Applications
title_full Evaluation of Cryptography Usage in Android Applications
title_fullStr Evaluation of Cryptography Usage in Android Applications
title_full_unstemmed Evaluation of Cryptography Usage in Android Applications
title_sort evaluation of cryptography usage in android applications
publisher European Alliance for Innovation (EAI)
series EAI Endorsed Transactions on Security and Safety
issn 2032-9393
publishDate 2016-12-01
description Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we downloaded 49 Android applications from the Google Play marketplace and performed static and dynamic analysis in an attempt to detect possible cryptographic misuses. The results showed that 87.8% of the applications present some kind of misuse, while for the rest of them no cryptography usage was detected during the analysis. Finally, we suggest countermeasures, mainly intended for developers, to alleviate the issues identified by the analysis.
topic software security
android
cryptography misuse
url http://eudl.eu/doi/10.4108/eai.3-12-2015.2262471
_version_ 1612621892181557248

Similar Items