Evaluation of Cryptography Usage in Android Applications

Authors

  • Alexia Chatzikonstantinou Mezza Group
  • Christoforos Ntantogian University of Piraeus image/svg+xml
  • Georgios Karopoulos National and Kapodistrian University of Athens image/svg+xml
  • Christos Xenakis National and Kapodistrian University of Athens image/svg+xml

DOI:

https://doi.org/10.4108/eai.3-12-2015.2262471

Keywords:

software security, android, cryptography misuse

Abstract

Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we downloaded 49 Android applications from the Google Play marketplace and performed static and dynamic analysis in an attempt to detect possible cryptographic misuses. The results showed that 87.8% of the applications present some kind of misuse, while for the rest of them no cryptography usage was detected during the analysis. Finally, we suggest countermeasures, mainly intended for developers, to alleviate the issues identified by the analysis.

Downloads

Published

24-05-2016

How to Cite

Chatzikonstantinou, A. ., Ntantogian, C. ., Karopoulos, G. ., & Xenakis, C. . (2016). Evaluation of Cryptography Usage in Android Applications. EAI Endorsed Transactions on Security and Safety, 3(9), e4. https://doi.org/10.4108/eai.3-12-2015.2262471

Funding data