App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats
Autor(a) principal: | |
---|---|
Data de Publicação: | 2018 |
Tipo de documento: | Dissertação |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/10362/98808 |
Resumo: | Today’s smart-phones are ubiquitous in people’s lives, collecting and storing private and confidential data. At the same time, users are exposed to mobile apps with bad engineering practices and to malicious apps, both endangering the security of their data. This happens because app stores face considerable challenges, like the efficient analysis of the huge volume of apps received, the moving target nature of the threats and the lack of accuracy of users’ feedback. In this dissertation we present a study on the use of automated verification tools of applications at the app market level for improving the security of the end users. This study led to a platform that combines static analysis tools for Android apps with users’ feedback to determine the apps threat level. We implemented this platform as a module and evaluated it in Aptoide - an Android app store - to support the quality assurance decisions of app inspection, which might lead to the removal of the app from the store. The assessment shows that for the 19% of the APKs ranked with the highest threat level, the proposed module only failed in 2%. This means that, in a context of an app store that receives thousands of apps per day, the module is able to inform with considerable certainty which apps need to be inspected by the quality assurance team with urgency, because are likely a threat to consumers. Therefore, the proposed solution contributes to accelerate the app store response to mobile threats and, consequently, to the reduction of its impact on app consumers. Although the module improves and strengthens the application verification process by uncovering problems that were not previously exposed, after we made more tests we realised that the specification of these problems could be further adjusted. |
id |
RCAP_38e5880fbd7c4c8313bbd5faf12feb7c |
---|---|
oai_identifier_str |
oai:run.unl.pt:10362/98808 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threatsandroid appsapp store servicesmobile quality assurancesoftware testingstatic analysisDomínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e InformáticaToday’s smart-phones are ubiquitous in people’s lives, collecting and storing private and confidential data. At the same time, users are exposed to mobile apps with bad engineering practices and to malicious apps, both endangering the security of their data. This happens because app stores face considerable challenges, like the efficient analysis of the huge volume of apps received, the moving target nature of the threats and the lack of accuracy of users’ feedback. In this dissertation we present a study on the use of automated verification tools of applications at the app market level for improving the security of the end users. This study led to a platform that combines static analysis tools for Android apps with users’ feedback to determine the apps threat level. We implemented this platform as a module and evaluated it in Aptoide - an Android app store - to support the quality assurance decisions of app inspection, which might lead to the removal of the app from the store. The assessment shows that for the 19% of the APKs ranked with the highest threat level, the proposed module only failed in 2%. This means that, in a context of an app store that receives thousands of apps per day, the module is able to inform with considerable certainty which apps need to be inspected by the quality assurance team with urgency, because are likely a threat to consumers. Therefore, the proposed solution contributes to accelerate the app store response to mobile threats and, consequently, to the reduction of its impact on app consumers. Although the module improves and strengthens the application verification process by uncovering problems that were not previously exposed, after we made more tests we realised that the specification of these problems could be further adjusted.Ravara, AntónioCasal, JoãoRUNFernandes, Ana Patrícia Nunes2020-06-03T13:20:43Z2018-1220182018-12-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10362/98808enginfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-03-11T04:46:00Zoai:run.unl.pt:10362/98808Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T03:39:03.693596Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats |
title |
App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats |
spellingShingle |
App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats Fernandes, Ana Patrícia Nunes android apps app store services mobile quality assurance software testing static analysis Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
title_short |
App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats |
title_full |
App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats |
title_fullStr |
App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats |
title_full_unstemmed |
App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats |
title_sort |
App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats |
author |
Fernandes, Ana Patrícia Nunes |
author_facet |
Fernandes, Ana Patrícia Nunes |
author_role |
author |
dc.contributor.none.fl_str_mv |
Ravara, António Casal, João RUN |
dc.contributor.author.fl_str_mv |
Fernandes, Ana Patrícia Nunes |
dc.subject.por.fl_str_mv |
android apps app store services mobile quality assurance software testing static analysis Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
topic |
android apps app store services mobile quality assurance software testing static analysis Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
description |
Today’s smart-phones are ubiquitous in people’s lives, collecting and storing private and confidential data. At the same time, users are exposed to mobile apps with bad engineering practices and to malicious apps, both endangering the security of their data. This happens because app stores face considerable challenges, like the efficient analysis of the huge volume of apps received, the moving target nature of the threats and the lack of accuracy of users’ feedback. In this dissertation we present a study on the use of automated verification tools of applications at the app market level for improving the security of the end users. This study led to a platform that combines static analysis tools for Android apps with users’ feedback to determine the apps threat level. We implemented this platform as a module and evaluated it in Aptoide - an Android app store - to support the quality assurance decisions of app inspection, which might lead to the removal of the app from the store. The assessment shows that for the 19% of the APKs ranked with the highest threat level, the proposed module only failed in 2%. This means that, in a context of an app store that receives thousands of apps per day, the module is able to inform with considerable certainty which apps need to be inspected by the quality assurance team with urgency, because are likely a threat to consumers. Therefore, the proposed solution contributes to accelerate the app store response to mobile threats and, consequently, to the reduction of its impact on app consumers. Although the module improves and strengthens the application verification process by uncovering problems that were not previously exposed, after we made more tests we realised that the specification of these problems could be further adjusted. |
publishDate |
2018 |
dc.date.none.fl_str_mv |
2018-12 2018 2018-12-01T00:00:00Z 2020-06-03T13:20:43Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10362/98808 |
url |
http://hdl.handle.net/10362/98808 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799138006861348864 |