Evaluation of Cryptography Usage in Android Applications

Alexia Chatzikonstantinou; Christoforos Ntantogian; Georgios Karopoulos; Christos Xenakis

doi:10.4108/eai.3-12-2015.2262471

EAI Endorsed Transactions on Security and Safety (Dec 2016)

Evaluation of Cryptography Usage in Android Applications

Alexia Chatzikonstantinou,
Christoforos Ntantogian,
Georgios Karopoulos,
Christos Xenakis

Affiliations

Alexia Chatzikonstantinou: Mezza Group
Christoforos Ntantogian: University of Piraeus, Department of Digital Systems; [email protected]
Georgios Karopoulos: University of Athens, Department of Informatics and Telecommunications
Christos Xenakis: University of Piraeus, Department of Digital Systems

DOI: https://doi.org/10.4108/eai.3-12-2015.2262471
Journal volume & issue: Vol. 3, no. 9
pp. 1 – 8

Abstract

Read online

Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we downloaded 49 Android applications from the Google Play marketplace and performed static and dynamic analysis in an attempt to detect possible cryptographic misuses. The results showed that 87.8% of the applications present some kind of misuse, while for the rest of them no cryptography usage was detected during the analysis. Finally, we suggest countermeasures, mainly intended for developers, to alleviate the issues identified by the analysis.

Published in EAI Endorsed Transactions on Security and Safety

ISSN: 2032-9393 (Online)
Publisher: European Alliance for Innovation (EAI)
Country of publisher: Belgium
LCC subjects: Technology
Website: https://eudl.eu/journal/sesa

About the journal

Abstract

Keywords