On Design and Implementation a Smart Contract-Based Investigation Report Management Framework for Smartphone Applications

To prevent users from downloading and installing malicious smartphone applications, several countries and organizations have developed security requirements for smartphone applications and associated vetting systems. Certified third parties can inspect whether an application satisfies applicable security requirements and issue inspection reports to notify users of potential risks. However, currently there is no standard method for users to obtain inspection results. Furthermore, as the advances of hacking techniques, a inspecter may discover that an application is vulnerable to a new type of attack and wish to notify application users immediately. To address the issue, this study proposes a Smart Contract-based Investigation Report Management framework for smartphone applications security (SCIRM) to enable smartphone application users to obtain security inspection reports of interested applications with smart contracts. Benefiting from blockchain technology, users can obtain historical inspection reports of an application and verify the integrity of the reports. In addition, this study utilizes smart contract technology to implement the interfaces so that smart contracts will enforce the related actions automatically. This study can hopefully contribute to enabling users to adopt appropriate countermeasures to potential application security risks as users can obtain up-to-dated security information about applications timely.