Ayush Maharjan^1,2, Nahida Sultana Chowdhury^1,2* and Rajeev R Raje²

¹Modern Software Engineering, DMI, USA
²Indiana University Purdue University Indianapolis (IUPUI), USA

*Corresponding Author: Nahida Sultana Chowdhury, Software Engineer, DMI, Indianapolis, IN, USA.

Received: December 13, 2021; Published: January 18, 2022

Abstract

With the large number of Android apps available in app stores such as Google Play, it has become increasingly challenging to find the secure Apps. Therefore, it is very important for users to consider the security and privacy issues while selecting an app from any public app store. Many static analysis tools can identify security and privacy-related vulnerabilities in any mobile app code by highlighting potential flaws, often offering examples to resolve these flaws, and may even modify the code to remove the susceptibilities. This paper empirically compares three publicly available static analysis tools for Android Apps and investigates their pros and cons using the Ghera benchmark.

Keywords: Static Code Analysis; Android; Mobile App; Security; Privacy

References

1. Z Qu., et al. “Dydroid: Measuring dynamic code loading and its security implications in android applications”. In 2017 47^th Annual EEE/IFIP International Conference on Dependable Systems and Networks (DSN) (2017): 415-426.
2. K Hamandi., et al. “Android SMS malware: Vulnerability and mitigation”. In 2013 27^th International Conference on Advanced Information Networking and Applications Workshops (2013): 1004-1009.
3. S Fahl., et al. “Why eve and Mallory love android: An analysis of android ssl (in) security”. in Proceedings of the 2012 ACM Conference on Computer and Communications Security, ser. CCS’12. New York, NY, USA: Association for Computing Machinery (2012): 50-61.
4. “JAADAS Online”.
5. “QARK Online”.
6. “Androbugs Framework Online”.
7. “Mobile Security Framework Online”.
8. J Brittany., et al. “Why don’t software developers use static analysis tools to findbugs?” 35^th International Conference on Software Engineering (2013).
9. J Mitra and VP Ranganath. “Ghera: A repository of android app vulnerability benchmarks”. in Proceedings of Promise (2017).
10. A Maharjan. “Ranking of Android Apps based on Security Evidences”. MS Thesis, IUPUI (2020).
11. G Michael., et al. “Information-flow analysis of android applications in droid safe”. in NDSS Symposium, (2015).
12. W Fengguo., et al. “Aman-droid: A precise and general inter-component data flow analysis framework for security vetting of android apps”. ACM Transactions on Privacy and Security (2018).
13. “DIVA Android Online”.
14. “Purposefully Insecure and Vulnerable android Application”.
15. “DroidBench 2.0”.
16. N S Chowdhury and R R Raje. “A holistic ranking scheme for apps”. 21^st International Conference of Computer and Information Technology (2018).
17. N S Chowdhury and R R Raje. “Disparity between the programmatic views and the user perceptions of mobile apps”. 20^th International Conference of Computer and Information Technology (2017).
18. N S Chowdhury and R R Raje. “SERS: A security-related and evidence-based ranking scheme for mobile apps”. IEEE International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (2019).
19. “Apkpure”.
20. J Mitra and VP Ranganath. “Ghera Android App Vulnerabilities benchmark”.

Citation

Citation: Nahida Sultana Chowdhury., et al. “Evaluation of Static Analysis Tools for Mobile App Security". Acta Scientific Computer Sciences 4.2 (2022): 37-43.

Copyright

Copyright: © 2022 Nahida Sultana Chowdhury., et al. This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.