Acta Scientific Computer Sciences

Research Article Volume 4 Issue 2

Evaluation of Static Analysis Tools for Mobile App Security

Ayush Maharjan1,2, Nahida Sultana Chowdhury1,2* and Rajeev R Raje2

1Modern Software Engineering, DMI, USA
2Indiana University Purdue University Indianapolis (IUPUI), USA

*Corresponding Author: Nahida Sultana Chowdhury, Software Engineer, DMI, Indianapolis, IN, USA.

Received: December 13, 2021; Published: January 18, 2022

Abstract

With the large number of Android apps available in app stores such as Google Play, it has become increasingly challenging to find the secure Apps. Therefore, it is very important for users to consider the security and privacy issues while selecting an app from any public app store. Many static analysis tools can identify security and privacy-related vulnerabilities in any mobile app code by highlighting potential flaws, often offering examples to resolve these flaws, and may even modify the code to remove the susceptibilities. This paper empirically compares three publicly available static analysis tools for Android Apps and investigates their pros and cons using the Ghera benchmark.


Keywords: Static Code Analysis; Android; Mobile App; Security; Privacy

References

  1. Z Qu., et al. “Dydroid: Measuring dynamic code loading and its security implications in android applications”. In 2017 47th Annual EEE/IFIP International Conference on Dependable Systems and Networks (DSN) (2017): 415-426.
  2. K Hamandi., et al. “Android SMS malware: Vulnerability and mitigation”. In 2013 27th International Conference on Advanced Information Networking and Applications Workshops (2013): 1004-1009.
  3. S Fahl., et al. “Why eve and Mallory love android: An analysis of android ssl (in) security”. in Proceedings of the 2012 ACM Conference on Computer and Communications Security, ser. CCS’12. New York, NY, USA: Association for Computing Machinery (2012): 50-61.
  4. “JAADAS Online”.
  5. “QARK Online”.
  6. “Androbugs Framework Online”.
  7. “Mobile Security Framework Online”.
  8. J Brittany., et al. “Why don’t software developers use static analysis tools to findbugs?” 35th International Conference on Software Engineering (2013).
  9. J Mitra and VP Ranganath. “Ghera: A repository of android app vulnerability benchmarks”. in Proceedings of Promise (2017).
  10. A Maharjan. “Ranking of Android Apps based on Security Evidences”. MS Thesis, IUPUI (2020).
  11. G Michael., et al. “Information-flow analysis of android applications in droid safe”. in NDSS Symposium, (2015).
  12. W Fengguo., et al. “Aman-droid: A precise and general inter-component data flow analysis framework for security vetting of android apps”. ACM Transactions on Privacy and Security (2018).
  13. “DIVA Android Online”.
  14. “Purposefully Insecure and Vulnerable android Application”.
  15. “DroidBench 2.0”.
  16. N S Chowdhury and R R Raje. “A holistic ranking scheme for apps”. 21st International Conference of Computer and Information Technology (2018).
  17. N S Chowdhury and R R Raje. “Disparity between the programmatic views and the user perceptions of mobile apps”. 20th International Conference of Computer and Information Technology (2017).
  18. N S Chowdhury and R R Raje. “SERS: A security-related and evidence-based ranking scheme for mobile apps”. IEEE International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (2019).
  19. “Apkpure”.
  20. J Mitra and VP Ranganath. “Ghera Android App Vulnerabilities benchmark”.

Citation

Citation: Nahida Sultana Chowdhury., et al. “Evaluation of Static Analysis Tools for Mobile App Security". Acta Scientific Computer Sciences 4.2 (2022): 37-43.

Copyright

Copyright: © 2022 Nahida Sultana Chowdhury., et al. This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.




Metrics

Acceptance rate35%
Acceptance to publication20-30 days

Indexed In




News and Events


  • Certification for Review
    Acta Scientific certifies the Editors/reviewers for their review done towards the assigned articles of the respective journals.
  • Submission Timeline for Upcoming Issue
    The last date for submission of articles for regular Issues is December 25, 2024.
  • Publication Certificate
    Authors will be issued a "Publication Certificate" as a mark of appreciation for publishing their work.
  • Best Article of the Issue
    The Editors will elect one Best Article after each issue release. The authors of this article will be provided with a certificate of "Best Article of the Issue"

Contact US