A study of android application security

William Enck, Damien Octeau, Patrick McDaniel, Swarat Chaudhuri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

603 Scopus citations

Abstract

The fluidity of application markets complicate smartphone security. Although recent efforts have shed light on particular security issues, there remains little insight into broader security characteristics of smartphone applications. This paper seeks to better understand smartphone application security by studying 1,100 popular free Android applications. We introduce the ded decompiler, which recovers Android application source code directly from its installation image. We design and execute a horizontal study of smartphone applications based on static analysis of 21 million lines of recovered code. Our analysis uncovered pervasive use/misuse of personal/ phone identifiers, and deep penetration of advertising and analytics networks. However, we did not find evidence of malware or exploitable vulnerabilities in the studied applications. We conclude by considering the implications of these preliminary findings and offer directions for future analysis.

Original languageEnglish (US)
Title of host publicationProceedings of the 20th USENIX Security Symposium
PublisherUSENIX Association
Pages315-330
Number of pages16
ISBN (Electronic)9781931971874
StatePublished - Jan 1 2011
Event20th USENIX Security Symposium - San Francisco, United States
Duration: Aug 8 2011Aug 12 2011

Publication series

NameProceedings of the 20th USENIX Security Symposium

Conference

Conference20th USENIX Security Symposium
Country/TerritoryUnited States
CitySan Francisco
Period8/8/118/12/11

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'A study of android application security'. Together they form a unique fingerprint.

Cite this