Network Security Challenges in Android Applications

The digital world is in constant battle for improvement - especially in the security field. Taking into consideration the revelations from Edward Snowden about the mass surveillance programs conducted by governmental authorities, the number of users that raised awareness towards security is constantly increasing. More and more users agree that additional steps must be taken to ensure the fact that communication will remain private as intended in the first place. Taking in consideration the ongoing transition in the digital world, there are already more mobile phones than people on this planet. According to recent statistics there are around 7 billion active cell phones by 2014 out of which nearly 2 billion are smartphones. The use of smartphones by itself could open a great security hole. The most common problem when it comes to Android applications is the common misuse of the HTTPS protocol. Having this in mind, this paper addresses the current issues when it comes to misuse of the HTTPS protocol and proposes possible solutions to overcome this common problem. In this paper we evaluate the SSL implementation in a recent set of Android applications and present some of the most common missuses. The goal of this paper is to raise awareness to current and new developers to actually consider security as one of their main goals during the development life cycle of applications.

[1]  Aristide Fattori,et al.  CopperDroid: Automatic Reconstruction of Android Malware Behaviors , 2015, NDSS.

[2]  Ahmad-Reza Sadeghi,et al.  Towards Taming Privilege-Escalation Attacks on Android , 2012, NDSS.

[3]  Étienne Payet,et al.  Static Analysis of Android Programs , 2011, CADE.

[4]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[5]  Yu Chen,et al.  A study of SSL Proxy attacks on Android and iOS mobile applications , 2014, 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC).

[6]  Nicolas Christin,et al.  All Your Droid Are Belong to Us: A Survey of Current Android Attacks , 2011, WOOT.

[7]  Ahmad-Reza Sadeghi,et al.  Privilege Escalation Attacks on Android , 2010, ISC.

[8]  Mu Zhang,et al.  Android Application Security , 2016, SpringerBriefs in Computer Science.

[9]  Edgar R. Weippl,et al.  Enter Sandbox: Android Sandbox Comparison , 2014, ArXiv.

[10]  Chalise Birendra,et al.  Android Permission Model , 2016, ArXiv.

[11]  Yuval Elovici,et al.  Google Android: A Comprehensive Security Assessment , 2010, IEEE Security & Privacy.

[12]  Lujo Bauer,et al.  Android taint flow analysis for app sets , 2014, SOAP '14.

[13]  Sakshi Dhama An Overview of Security Challenges of Android Apps Permissions , 2014 .

[14]  Bernd Freisleben,et al.  Why eve and mallory love android: an analysis of android SSL (in)security , 2012, CCS.

[15]  Herbert Bos,et al.  Paranoid Android: versatile protection for smartphones , 2010, ACSAC '10.

[16]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.