Skip to main content
SpringerLink
Log in

Mobile Application Security Using Static and Dynamic Analysis

  • Chapter
  • First Online:
Machine Intelligence and Big Data Analytics for Cybersecurity Applications

Part of the book series: Studies in Computational Intelligence ((SCI,volume 919))

Abstract

The mobile applications have overtaken web applications in the rapid growing of the mobile app market. As mobile application development environment is open source, it attracts new inexperienced developers to gain hands-on experience with application development. However, the data security and vulnerable coding practice are two major issues. Among all mobile operating systems including iOS (by Apple), Android (by Google) and Blackberry (RIM), Android remains the dominant OS on a global scale. The majority of malicious mobile attacks take advantage of vulnerabilities in mobile applications, such as sensitive data leakage via the inadvertent or side channel, unsecured sensitive data storage, data transition and many others. Most of these vulnerabilities can be detected during mobile application analysis phase. In this chapter, we explored some existing vulnerability detection tools available for static and dynamic analysis and hands-on exploration of using them to detect vulnerabilities. We suggest that there is a need of new tools within the development environment for security analysis in the process of application development.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://gs.statcounter.com/os-market-share/mobile/worldwide.

References

  1. Arzt S et al (2013) FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In: Proceedings of the 35th ACM SIGPLAN conference on programming language design and implementation - PLDI ’14, Edinburgh, United Kingdom, 2013, pp 259–269. https://doi.org/10.1145/2594291.2594299

  2. Arzt S, Dann A, Bodden E, Benz M, Amin A (2020) Sable/soot - FlowDroid. Secure software engineering group at Paderborn University and Fraunhofer IEM

    Google Scholar 

  3. CuckooDROiD (2004) Installation — CuckooDroid v1.0 Book. https://cuckoo-droid.readthedocs.io/en/latest/installation/. Accessed 24 May 2020

  4. CuckooDROiD (2014) What is Cuckoo? — CuckooDroid v1.0 Book. https://cuckoo-droid.readthedocs.io/en/latest/introduction/what/. Accessed 24 May 2020

  5. Lerch J, Arzt S, Laverdière MA, Benz M, jtoman (2020) Sable/heros. GitHub. https://github.com/Sable/heros. Accessed 24 May 2020

  6. 3 Reasons mobile app security should be a top priority. Zimperium Mobile Security Blog (14 April 2020). https://blog.zimperium.com/3-reasons-mobile-app-security-should-be-a-top-priority/. Accessed 23 May 23

  7. Alzubaidi A, Roy S, Kalita J (2019) A data reduction scheme for active authentication of legitimate smartphone owner using informative apps ranking. Digit Commun Networks 5(4):205–213. https://doi.org/10.1016/j.dcan.2018.09.001

    Article  Google Scholar 

  8. Atkinson JS, Mitchell JE, Rio M, Matich G (2018) Your WiFi is leaking: what do your mobile apps gossip about you? Future Gener Comput Syst 80:546–557. https://doi.org/10.1016/j.future.2016.05.030

    Article  Google Scholar 

  9. Kong P, Li L, Gao J, Liu K, Bissyandé TF, Klein J (2019) Automated testing of android apps: a systematic literature review. IEEE Trans Reliab 68(1):45–66. https://doi.org/10.1109/TR.2018.2865733

    Article  Google Scholar 

  10. Li L, Bissyandé TF, Octeau D, Klein J (2016) Reflection-aware static analysis of Android apps. In: 2016 31st IEEE/ACM international conference on automated software engineering (ASE), pp 756–761

    Google Scholar 

  11. Fratantonio Y, Bianchi A, Robertson W, Kirda E, Kruegel C, Vigna G (2016) TriggerScope: towards detecting logic bombs in android applications. In: 2016 IEEE Symposium on Security and Privacy (SP), May 2016, pp 377–396. https://doi.org/10.1109/sp.2016.30

  12. Reaves B et al (Oct 2016) *droid: assessment and evaluation of android application analysis tools. ACM Comput Surv 49(3):55:1–55:30. https://doi.org/10.1145/2996358

  13. Qiu L, Wang Y, Rubin J (2018) Analyzing the analyzers: FlowDroid/IccTA, AmanDroid, and DroidSafe. In: Proceedings of the 27th ACM SIGSOFT international symposium on software testing and analysis, Amsterdam, Netherlands, Jul 2018, pp 176–186. https://doi.org/10.1145/3213846.3213873

  14. Lhoták O, Bartel A, Arzt S, Benz M (2020) Sable/jasmin. Sable Research Group

    Google Scholar 

  15. Bodden E (14 Jan 2020) Example: using heros with soot. GitHub. https://github.com/Sable/heros. Accessed 24 May 2020

  16. Bhosale AS (2014) Precise static analysis of taint flow for android application sets. Carnegie Mellon University

    Google Scholar 

  17. Lantz P (2015) Droidbox 4.1.1. GitHub. https://github.com/pjlantz/droidbox. Accessed 24 May 2020

  18. Mila (19 Apr 2020) KPOT info stealer samples. Contagio. http://contagiodump.blogspot.com/2020/04/kpot-info-stealer-samples.html. Accessed 24 May 2020

  19. Abraham A, Schlecht D, Ma G, Dobrushin M, Nadal V (2020) Mobile security framework (MobSF). Mobile Security Framework

    Google Scholar 

  20. Ashour SA, Stotz J, Donlon (2020) Dex to Java decompiler

    Google Scholar 

  21. CuckooDROiD (2020) Dalvik monitoring framework for CuckooDroid

    Google Scholar 

  22. rovo89 Xposed Installer | xposed module repository. https://repo.xposed.info/module/de.robv.android.xposed.installer. Accessed 24 May 2020

  23. Spreitzenbarth M, Schreck T, Echtler F, Arp D, Hoffmann J (2015) Mobile-sandbox: combining static and dynamic analysis with machine-learning techniques. Int J Inf Secur 14(2):141–153. https://doi.org/10.1007/s10207-014-0250-0

    Article  Google Scholar 

  24. Einarsson A, Nielsen JD (17 Jul 2008) A survivor’s guide to java program analysis with Soot. https://www.brics.dk/SootGuide/. Accessed 24 May 2020

  25. Talukder M, Shahriar H, Haddad H (2019) Point-of-sale device attacks and mitigation approaches for cyber-physical systems. In: Cybersecurity and privacy in cyber physical systems, CRC Press, pp 368–383

    Google Scholar 

  26. Arzt S (2016) Static data flow analysis for android applications. Technische Universitat Darmstadt

    Google Scholar 

  27. Talukder MAI et al (Jul 2009) DroidPatrol: a static analysis plugin for secure mobile software development. In: 2019 IEEE 43rd annual computer software and applications conference (COMPSAC), vol 1, pp 565–569. https://doi.org/10.1109/compsac.2019.00087

Download references

Author information

Authors and Affiliations

  1. Department of Information Technology, Kennesaw State University, Kennesaw, USA

    Hossain Shahriar, Chi Zhang, Md Arabin Talukder & Saiful Islam

Authors
  1. Hossain Shahriar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chi Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Md Arabin Talukder
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Saiful Islam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hossain Shahriar .

Editor information

Editors and Affiliations

  1. Sultan Moulay Slimane University, Beni Mellal, Morocco

    Yassine Maleh

  2. Institute for Communication Systems, University of Surrey, Guildford, UK

    Mohammad Shojafar

  3. Charles Darwin University, Darwin, NT, Australia

    Mamoun Alazab

  4. Chouaib Doukkali University El Jadida, El Jadida, Morocco

    Youssef Baddi

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Shahriar, H., Zhang, C., Talukder, M.A., Islam, S. (2021). Mobile Application Security Using Static and Dynamic Analysis. In: Maleh, Y., Shojafar, M., Alazab, M., Baddi, Y. (eds) Machine Intelligence and Big Data Analytics for Cybersecurity Applications. Studies in Computational Intelligence, vol 919. Springer, Cham. https://doi.org/10.1007/978-3-030-57024-8_20

Download citation

Publish with us

Policies and ethics

Search

Navigation