Demystifying security and compatibility issues in Android Apps
Xiaoyu Sun
TL;DR
This paper explores the security and compatibility challenges in Android apps, highlighting the limitations of static analysis techniques in accurately detecting vulnerabilities and bugs.
Contribution
It provides an in-depth analysis of Android's security issues and evaluates the effectiveness of static analysis methods, proposing insights into their limitations.
Findings
Static analysis often yields false positives in vulnerability detection.
Handling complex features like reflection and obfuscation remains challenging for static techniques.
Security risks in Android apps are a significant economic concern.
Abstract
Never before has any OS been so popular as Android. Existing mobile phones are not simply devices for making phone calls and receiving SMS messages, but powerful communication and entertainment platforms for web surfing, social networking, etc. Even though the Android OS offers powerful communication and application execution capabilities, it is riddled with defects (e.g., security risks, and compatibility issues), new vulnerabilities come to light daily, and bugs cost the economy tens of billions of dollars annually. For example, malicious apps (e.g., back-doors, fraud apps, ransomware, spyware, etc.) are reported [Google, 2022] to exhibit malicious behaviours, including privacy stealing, unwanted programs installed, etc. To counteract these threats, many works have been proposed that rely on static analysis techniques to detect such issues. However, static techniques are not…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Digital and Cyber Forensics · Software Testing and Debugging Techniques