Next Article in Journal
Proposal of an Implementation Methodology of ICT Processes
Previous Article in Journal
Paper-Based Flexible Electrode Using Chemically-Modified Graphene and Functionalized Multiwalled Carbon Nanotube Composites for Electrophysiological Signal Sensing
Previous Article in Special Issue
An Intelligent Spam Detection Model Based on Artificial Immune System
Open AccessArticle

AndroShield: Automated Android Applications Vulnerability Detection, a Hybrid Static and Dynamic Analysis Approach

by Amr Amin 1,†, Amgad Eldessouki 1,†, Menna Tullah Magdy 1,†, Nouran Abdeen 1,†, Hanan Hindy 1,2,* and Islam Hegazy 1,*
1
Faculty of Computer & Information Sciences, Ain Shams University, Cairo 11566, Egypt
2
Division of Cyber-Security, Abertay University, Dundee DD1 1HG, UK
*
Authors to whom correspondence should be addressed.
These authors contributed equally to this work.
Information 2019, 10(10), 326; https://doi.org/10.3390/info10100326
Received: 30 July 2019 / Revised: 14 October 2019 / Accepted: 18 October 2019 / Published: 22 October 2019
(This article belongs to the Special Issue Machine Learning for Cyber-Security)
The security of mobile applications has become a major research field which is associated with a lot of challenges. The high rate of developing mobile applications has resulted in less secure applications. This is due to what is called the “rush to release” as defined by Ponemon Institute. Security testing—which is considered one of the main phases of the development life cycle—is either not performed or given minimal time; hence, there is a need for security testing automation. One of the techniques used is Automated Vulnerability Detection. Vulnerability detection is one of the security tests that aims at pinpointing potential security leaks. Fixing those leaks results in protecting smart-phones and tablet mobile device users against attacks. This paper focuses on building a hybrid approach of static and dynamic analysis for detecting the vulnerabilities of Android applications. This approach is capsuled in a usable platform (web application) to make it easy to use for both public users and professional developers. Static analysis, on one hand, performs code analysis. It does not require running the application to detect vulnerabilities. Dynamic analysis, on the other hand, detects the vulnerabilities that are dependent on the run-time behaviour of the application and cannot be detected using static analysis. The model is evaluated against different applications with different security vulnerabilities. Compared with other detection platforms, our model detects information leaks as well as insecure network requests alongside other commonly detected flaws that harm users’ privacy. The code is available through a GitHub repository for public contribution. View Full-Text
Keywords: vulnerability detection; Android applications; static analysis; dynamic analysis; mobile security; user privacy vulnerability detection; Android applications; static analysis; dynamic analysis; mobile security; user privacy
Show Figures

Figure 1

MDPI and ACS Style

Amin, A.; Eldessouki, A.; Magdy, M.T.; Abdeen, N.; Hindy, H.; Hegazy, I. AndroShield: Automated Android Applications Vulnerability Detection, a Hybrid Static and Dynamic Analysis Approach. Information 2019, 10, 326.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop