Automated security testing of android applications for secure mobile development

Abstract

Mobile computing is on the rise. More and more users rely on mobile applications and mobile devices to execute the most basic tasks of their lives while depositing their most private and critical data on them. Mobile application stores act as the trust anchors that sit between applications developed by third parties and the user’s mobile devices. Therefore, app stores should provide the means to ensure that the apps installed by the users follow high security and quality standards, minimising the user’s data exposure risks. A critical path towards that security and quality standards is to early test and detect mobile application vulnerabilities resulting from incorrect development practices and to provide developers feedback about the problems found and some additional information on how to correct them. This paper presents a system, developed to help Android app stores (in this case, on the Aptoide app store) timely detect vulnerabilities on submitted apps and provide appropriate feedback to developers. The provide feedback makes developers aware of the secure development processes while improving the quality and security of their apps before they are made available to end-users and installed on their devices.