App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats

Detalhes bibliográficos
Autor(a) principal: Fernandes, Ana Patrícia Nunes
Data de Publicação: 2018
Tipo de documento: Dissertação
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10362/98808
Resumo: Today’s smart-phones are ubiquitous in people’s lives, collecting and storing private and confidential data. At the same time, users are exposed to mobile apps with bad engineering practices and to malicious apps, both endangering the security of their data. This happens because app stores face considerable challenges, like the efficient analysis of the huge volume of apps received, the moving target nature of the threats and the lack of accuracy of users’ feedback. In this dissertation we present a study on the use of automated verification tools of applications at the app market level for improving the security of the end users. This study led to a platform that combines static analysis tools for Android apps with users’ feedback to determine the apps threat level. We implemented this platform as a module and evaluated it in Aptoide - an Android app store - to support the quality assurance decisions of app inspection, which might lead to the removal of the app from the store. The assessment shows that for the 19% of the APKs ranked with the highest threat level, the proposed module only failed in 2%. This means that, in a context of an app store that receives thousands of apps per day, the module is able to inform with considerable certainty which apps need to be inspected by the quality assurance team with urgency, because are likely a threat to consumers. Therefore, the proposed solution contributes to accelerate the app store response to mobile threats and, consequently, to the reduction of its impact on app consumers. Although the module improves and strengthens the application verification process by uncovering problems that were not previously exposed, after we made more tests we realised that the specification of these problems could be further adjusted.
id RCAP_38e5880fbd7c4c8313bbd5faf12feb7c
oai_identifier_str oai:run.unl.pt:10362/98808
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threatsandroid appsapp store servicesmobile quality assurancesoftware testingstatic analysisDomínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e InformáticaToday’s smart-phones are ubiquitous in people’s lives, collecting and storing private and confidential data. At the same time, users are exposed to mobile apps with bad engineering practices and to malicious apps, both endangering the security of their data. This happens because app stores face considerable challenges, like the efficient analysis of the huge volume of apps received, the moving target nature of the threats and the lack of accuracy of users’ feedback. In this dissertation we present a study on the use of automated verification tools of applications at the app market level for improving the security of the end users. This study led to a platform that combines static analysis tools for Android apps with users’ feedback to determine the apps threat level. We implemented this platform as a module and evaluated it in Aptoide - an Android app store - to support the quality assurance decisions of app inspection, which might lead to the removal of the app from the store. The assessment shows that for the 19% of the APKs ranked with the highest threat level, the proposed module only failed in 2%. This means that, in a context of an app store that receives thousands of apps per day, the module is able to inform with considerable certainty which apps need to be inspected by the quality assurance team with urgency, because are likely a threat to consumers. Therefore, the proposed solution contributes to accelerate the app store response to mobile threats and, consequently, to the reduction of its impact on app consumers. Although the module improves and strengthens the application verification process by uncovering problems that were not previously exposed, after we made more tests we realised that the specification of these problems could be further adjusted.Ravara, AntónioCasal, JoãoRUNFernandes, Ana Patrícia Nunes2020-06-03T13:20:43Z2018-1220182018-12-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10362/98808enginfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-03-11T04:46:00Zoai:run.unl.pt:10362/98808Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T03:39:03.693596Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats
title App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats
spellingShingle App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats
Fernandes, Ana Patrícia Nunes
android apps
app store services
mobile quality assurance
software testing
static analysis
Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
title_short App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats
title_full App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats
title_fullStr App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats
title_full_unstemmed App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats
title_sort App Threat Analysis: Combining static analysis with users’ feedback to accelerate app store response to mobile threats
author Fernandes, Ana Patrícia Nunes
author_facet Fernandes, Ana Patrícia Nunes
author_role author
dc.contributor.none.fl_str_mv Ravara, António
Casal, João
RUN
dc.contributor.author.fl_str_mv Fernandes, Ana Patrícia Nunes
dc.subject.por.fl_str_mv android apps
app store services
mobile quality assurance
software testing
static analysis
Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
topic android apps
app store services
mobile quality assurance
software testing
static analysis
Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
description Today’s smart-phones are ubiquitous in people’s lives, collecting and storing private and confidential data. At the same time, users are exposed to mobile apps with bad engineering practices and to malicious apps, both endangering the security of their data. This happens because app stores face considerable challenges, like the efficient analysis of the huge volume of apps received, the moving target nature of the threats and the lack of accuracy of users’ feedback. In this dissertation we present a study on the use of automated verification tools of applications at the app market level for improving the security of the end users. This study led to a platform that combines static analysis tools for Android apps with users’ feedback to determine the apps threat level. We implemented this platform as a module and evaluated it in Aptoide - an Android app store - to support the quality assurance decisions of app inspection, which might lead to the removal of the app from the store. The assessment shows that for the 19% of the APKs ranked with the highest threat level, the proposed module only failed in 2%. This means that, in a context of an app store that receives thousands of apps per day, the module is able to inform with considerable certainty which apps need to be inspected by the quality assurance team with urgency, because are likely a threat to consumers. Therefore, the proposed solution contributes to accelerate the app store response to mobile threats and, consequently, to the reduction of its impact on app consumers. Although the module improves and strengthens the application verification process by uncovering problems that were not previously exposed, after we made more tests we realised that the specification of these problems could be further adjusted.
publishDate 2018
dc.date.none.fl_str_mv 2018-12
2018
2018-12-01T00:00:00Z
2020-06-03T13:20:43Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10362/98808
url http://hdl.handle.net/10362/98808
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799138006861348864

Registros relacionados