About | Contact Us | Register | Login
ProceedingsSeriesJournalsSearchEAI
sesa 16(9): e4

Research Article

Evaluation of Cryptography Usage in Android Applications

Download5645 downloads
Cite
BibTeX Plain Text
  • @ARTICLE{10.4108/eai.3-12-2015.2262471,
        author={Alexia Chatzikonstantinou and Christoforos Ntantogian and Georgios Karopoulos and Christos Xenakis},
        title={Evaluation of Cryptography Usage in Android Applications},
        journal={EAI Endorsed Transactions on Security and Safety},
        volume={3},
        number={9},
        publisher={ACM},
        journal_a={SESA},
        year={2016},
        month={5},
        keywords={software security, android, cryptography misuse},
        doi={10.4108/eai.3-12-2015.2262471}
    }
    
  • Alexia Chatzikonstantinou
    Christoforos Ntantogian
    Georgios Karopoulos
    Christos Xenakis
    Year: 2016
    Evaluation of Cryptography Usage in Android Applications
    SESA
    EAI
    DOI: 10.4108/eai.3-12-2015.2262471
Alexia Chatzikonstantinou1, Christoforos Ntantogian2,*, Georgios Karopoulos3, Christos Xenakis2
  • 1: Mezza Group
  • 2: University of Piraeus, Department of Digital Systems
  • 3: University of Athens, Department of Informatics and Telecommunications
*Contact email: dadoyan@unipi.gr

Abstract

Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we downloaded 49 Android applications from the Google Play marketplace and performed static and dynamic analysis in an attempt to detect possible cryptographic misuses. The results showed that 87.8% of the applications present some kind of misuse, while for the rest of them no cryptography usage was detected during the analysis. Finally, we suggest countermeasures, mainly intended for developers, to alleviate the issues identified by the analysis.

Keywords
software security, android, cryptography misuse
Published
2016-05-24
Publisher
ACM
http://dx.doi.org/10.4108/eai.3-12-2015.2262471

Copyright © 2015 C. Ntantogian et al., licensed to EAI. This is an open access article distributed under the terms of the Creative Commons Attribution licence (http://creativecommons.org/licenses/by/3.0/), which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.

EBSCOProQuestDBLPDOAJPortico
EAI Logo

About EAI

  • Who We Are
  • Leadership
  • Research Areas
  • Partners
  • Media Center

Community

  • Membership
  • Conference
  • Recognition
  • Sponsor Us

Publish with EAI

  • Publishing
  • Journals
  • Proceedings
  • Books
  • EUDL