On the Evolution of Security Issues in Android App Versions

机译：关于Android应用程序版本安全问题的演变

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Since its launch in 2008, the Android platform has seen a lot of development and improvements to this day. Android developer studios had to refine their understanding and available codebases considerably in the past decade since Android's conception. For example, they had to handle monumental changes in the OS, like the introduction of ART or the continually evolving permission system. With this study, we look into the code-base of 1,250 apps from 57 different development studios and analyze the evolution of security-related issues in past versions of an app. To analyze a total of 11,002 APKs, we build on popular vulnerability assessment tools like QARK and drozer and extend them with our own security checks. We discover that the attack surface of an app usually grows over time, including issues that are open for a long time or remain unclosed. Considering the false positive rate of automated vulnerability scanners like QARK or drozer, the total number of vulnerabilities in an app must be taken with care, but nevertheless our study substantiates that the number of security issues typically grows with code complexity and size, rather than shrinking over time.

机译：自2008年推出以来，Android平台对这一天有很多发展和改进。 Android Developer Studios在Android的概念自从Android的概念之后，过去十年里必须在过去的十年中优化他们的理解和可用的码条。例如，他们必须处理操作系统的纪念变化，如艺术的引入或不断发展的许可系统。通过本研究，我们研究了57个不同的开发工作室的1,250个应用程序的代码库，并分析了过去版本的安全相关问题的演变。要分析总共11,002个APK，我们建立在像Qark和Drozer这样的流行漏洞评估工具上，并通过我们自己的安全检查扩展它们。我们发现应用程序的攻击面通常会随着时间的推移而增长，包括长期开放的问题或保持未填写的问题。考虑到Qark或Drozer等自动漏洞扫描仪的虚假阳性率，必须小心采取应用程序中的漏洞总数，但我们的研究证实，安全问题的数量通常以代码复杂性和大小而增长，而不是缩小随着时间的推移。

著录项

来源
《International Conference on Applied Cryptography and Network Security;ACNS Workshop on Application Intelligence and Blockchain Security;ACNS Workshop on Secure Cryptographic Implementation;ACNS Workshop on Cloud Security and Privacy;ACNS Workshop on Articial Intelligence and Industrial IoT Security;ACNS Workshop on Security in Machine Learning and its Applications;ACNS Workshop on Articial Intelligence in Hardware Security;ACNS Workshop on Security in Mobile Technologies》|2020年|584p|共19页
会议地点
作者
Anatoli Kalysch; Joschua Schilling; Tilo Muller;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TP309-53;
关键词
App security; Mobile security; IPC; UI security;

机译：应用安全;移动安全;IPC;UI安全性;

相似文献

外文文献
中文文献
专利

1. Comparison and Security App of ANDROID OS using different versions: an Overview [J] . Javeria Amin International Journal of Advanced Networking and Applications . 2015,第7017期

机译：使用不同版本的ANDROID操作系统的比较和安全应用程序：概述
2. Introduction to the special issue:SAAP-2017 (Static Analysis of Android Apps: Security and Privacy) [J] . Journal of Visual Languages & Computing . 2019,第Juna期

机译：特刊简介：SAAP-2017（Android应用的静态分析：安全性和隐私性）
3. Characterizing the evolution of statically-detectable performance issues of Android apps [J] . Teerath Das, Massimiliano Di Penta, Ivano Malavolta Empirical Software Engineering . 2020,第4期

机译：表征Android应用程序的静态可检测性能问题的演变
4. On the Evolution of Security Issues in Android App Versions [C] . Anatoli Kalysch, Joschua Schilling, Tilo Mueller International conference on applied cryptography and network security satellite workshops;Workshop on application intelligence and blockchain security;Workshop on artificial intelligence in hardware security;Workshop on artificial intelligence and industrial IoT security;Workshop on cloud security and privacy;Workshop on secure cryptographic implementation;Workshop on security in mobile technologies;Workshop on security in machine learning and its applications . 2020

机译：关于Android应用程序版本安全问题的演变
5. A study of security issues of mobile apps in the android platform using machine learning approaches. [D] . Cen, Lei. 2016

机译：使用机器学习方法研究android平台中移动应用程序的安全性问题。
6. Security Concerns in Android mHealth Apps [O] . Dongjing He, Muhammad Naveed, Carl A. Gunter, 2014

机译：Android mHealth应用中的安全问题
7. ACC/AHA/ESC guidelines for the management of patients with atrial fibrillation31This document was approved by the American College of Cardiology Board of Trustees in August 2001, the American Heart Association Science Advisory and Coordinating Committee in August 2001, and the European Society of Cardiology Board and Committee for Practice Guidelines and Policy Conferences in August 2001.32When citing this document, the American College of Cardiology, the American Heart Association, and the European Society of Cardiology would appreciate the following citation format: Fuster V, Rydén LE, Asinger RW, Cannom DS, Crijns HJ, Frye RL, Halperin JL, Kay GN, Klein WW, Lévy S, McNamara RL, Prystowsky EN, Wann LS, Wyse DG. ACC/AHA/ESC guidelines for the management of patients with atrial fibrillation: a report of the American College of Cardiology/American Heart Association Task Force on Practice Guidelines and the European Society of Cardiology Committee for Practice Guidelines and Policy Conferences (Committee to Develop Guidelines for the Management of Patients With Atrial Fibrillation). J Am Coll Cardiol 2001;38:XX-XX.33This document is available on the World Wide Web sites of the American College of Cardiology (www.acc.org), the American Heart Association (www.americanheart.org), the European Society of Cardiology (www.escardio.org), and the North American Society of Pacing and Electrophysiology (www.naspe.org). Single reprints of this document (the complete Guidelines) to be published in the mid-October issue of the European Heart Journal are available by calling +44.207.424.4200 or +44.207.424.4389, faxing +44.207.424.4433, or writing Harcourt Publishers Ltd, European Heart Journal, ESC Guidelines – Reprints, 32 Jamestown Road, London, NW1 7BY, United Kingdom. Single reprints of the shorter version (Executive Summary and Summary of Recommendations) published in the October issue of the Journal of the American College of Cardiology and the October issue of Circulation, are available for $5.00 each by calling 800-253-4636 (US only) or by writing the Resource Center, American College of Cardiology, 9111 Old Georgetown Road, Bethesda, Maryland 20814. To purchase bulk reprints specify version and reprint number (Executive Summary 71-0208; full text 71-0209) up to 999 copies, call 800-611-6083 (US only) or fax 413-665-2671; 1000 or more copies, call 214-706-1466, fax 214-691-6342; or E-mail: pubauth@heart.org. A report of the American College of Cardiology/American Heart Association Task Force on Practice Guidelines and the European Society of Cardiology Committee for Practice Guidelines and Policy Conferences (Committee to Develop Guidelines for the Management of Patients With Atrial Fibrillation) Developed in Collaboration With the North American Society of Pacing and Electrophysiology [O] . Fuster Valentin, Rydén Lars E., Asinger Richard W., 2001

机译：ACC / AHA / ESC治疗房颤患者指南31该文件于2001年8月获得美国心脏病学会董事会，2001年8月美国心脏协会科学咨询与协调委员会以及欧洲心脏病学会的批准以及实践指南和政策委员会会议（2001年8月）。32引用本文件时，美国心脏病学会，美国心脏协会和欧洲心脏病学会将赞赏以下引用格式：Fuster V，RydénLE，Asinger RW，Cannom DS，Crijns HJ，Frye RL，Halperin JL，Kay GN，Klein WW，LévyS，McNamara RL，Prystowsky EN，Wann LS，Wyse DG。 ACC / AHA / ESC治疗房颤患者的指南：美国心脏病学会/美国心脏协会实践指南工作组和欧洲心脏病学会实践指南委员会和政策会议的报告（制定指南委员会）用于房颤患者的治疗）。 J Am Coll Cardiol 2001; 38：XX-XX.33本文件可在美国心脏病学会（www.acc.org），美国心脏协会（www.americanheart.org），欧洲的万维网站点上找到心脏病学会（www.escardio.org）和北美起搏和电生理学会（www.naspe.org）。可致电+44.207.424.4200或+44.207.424.4389，传真+44.207.424.4433或写信给Harcourt Publishers，以获取本文档（完整的准则）的单份重印本（完整的准则），该印刷本将于10月中旬出版。欧洲心脏杂志，ESC指南–转载，英国伦敦詹姆斯敦路32号，NW1 7BY。短版（执行摘要和建议摘要）的单版重印在《美国心脏病学会杂志》十月刊和《循环》十月刊上，致电800-253-4636（仅美国），每本售价5.00美元。）或写信给美国心脏病学院资源中心，地址是：马里兰州贝塞斯达市Old Georgetown Road 9111，邮编20814。要购买批量转载，请指定版本和转载编号（执行摘要71-0208；全文71-0209），最多999份，致电800-611-6083（仅限美国）或传真413-665-2671； 1000或更多副本，请致电214-706-1466，传真214-691-6342;或电子邮件：pubauth@heart.org。美国心脏病学会/美国心脏协会实践指南工作组和欧洲心脏病学会实践指南和政策会议（制定房颤患者治疗指南委员会）的报告是与北方合作开发的美国起搏与电生理学会

On the Evolution of Security Issues in Android App Versions

摘要

著录项

相似文献

相关主题

期刊订阅