Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Research & Tools for Secure Android Development

DZone's Guide to

Research & Tools for Secure Android Development

· Java Zone
Free Resource

Learn how to troubleshoot and diagnose some of the most common performance issues in Java today. Brought to you in partnership with AppDynamics.

Android apps face some security issues, such as the possibility of activity hijacking (in which not-so-friendly apps waylay intents meant for other apps and can potentially harvest private data). So, if you're concerned about security, you could always just download a snazzy-looking anti-virus app and hope for the best, or you could make sure the apps you develop are secure.

From Will Klieber and Lori Flynn at Carnegie Mellon comes a look at some interesting research into security analysis for Android development in a project called Mobile SCALe. According to Klieber, a key to understanding these types of Android security issues is being able to track the flow of data. It's important to know what's going where, and the trustworthiness and security of each location:

Sometimes the flow of information can be from a highly sensitive source to a place that’s not authorized to receive the data. So, the source can be high privilege and the sink can be low privilege. Integrity concerns can also be analyzed using the concept of information flow. Sometimes untrusted data is sent to a place that’s supposed to store only high-trusted data that’s been sent by an authorized source. If data travels from a low-trust source to a high-trust sink, that’s also a problem.

To help with this kind of analysis, the researchers developed a tool called DidFail, which stands for Droid Intent Data Flow Analysis for Information Leakage:

[DidFail] combines and augments the existing Android dataflow analyses of FlowDroid (which identifies intra-component taint flows) and Epicc (which identifies properties of intents such as its action string) to track both inter-component and intra-component dataflow in a set of Android applications.

Leaving vulnerabilities exposed in an Android app is fairly easy to do, so this kind of research, along with tools like DidFail, is integral to keeping the platform reliable and secure. Check out Klieber and Flynn's full write-up for more details on the project.


Understand the needs and benefits around implementing the right monitoring solution for a growing containerized market. Brought to you in partnership with AppDynamics.

Topics:

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}