Visible to the public MAS: Mobile-Apps Assessment and Analysis System

TitleMAS: Mobile-Apps Assessment and Analysis System
Publication TypeConference Paper
Year of Publication2017
AuthorsTien, C. W., Huang, T. Y., Huang, T. C., Chung, W. H., Kuo, S. Y.
Conference Name2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)
Date PublishedJune 2017
ISBN Number978-1-5386-2272-8
KeywordsAndroid (operating system), Android app, Android apps, android encryption, automatic security validation system, dynamic analysis, Encryption, Google, Google Play store, Government, Guidelines, Human Behavior, human factors, MAS, Metrics, mobile applications, mobile apps assessment and analysis system, Mobile communication, mobile computing, mobile security, program diagnostics, pubcrawl, resilience, Resiliency, Scalability, security of data, Security Validation, static analysis, Taiwan government, Trusted Computing

Mobile apps are widely adopted in daily life, and contain increasing security flaws. Many regulatory agencies and organizations have announced security guidelines for app development. However, most security guidelines involving technicality and compliance with this requirement is not easily feasible. Thus, we propose Mobile Apps Assessment and Analysis System (MAS), an automatic security validation system to improve guideline compliance. MAS combines static and dynamic analysis techniques, which can be used to verify whether android apps meet the security guideline requirements. We implemented MAS in practice and verified 143 real-world apps produced by the Taiwan government. Besides, we also validated 15,000 popular apps collected from Google Play Store produced in three countries. We found that most apps contain at least three security issues. Finally, we summarize the results and list the most common security flaws for consideration in further app development.

Citation Keytien_mas:_2017