loading
Documents

Research.Publish.Connect.

Paper

Author: Johannes Feichtner

Affiliation: Institute of Applied Information Processing and Communications (IAIK), Graz University of Technology, Austria, Secure Information Technology Center – Austria (A-SIT) and Austria

ISBN: 978-989-758-378-0

Keyword(s): Static Analysis, Slicing, Android, iOS, Cryptography, Application Security.

Abstract: Many applications for Android and iOS process sensitive data and, therefore, rely on cryptographic APIs natively provided by the operating system. For this to be effective, essential rules need to be obeyed, as otherwise the attainable level of security would be weakened or entirely defeated. In this paper, we inspect the differences between Android and iOS concerning the proper usage of platform-specific APIs for cryptography. For both platforms, we present concrete strategies to detect critical mistakes and introduce a new framework for Android that excels in pinpointing the origin of problematic security attributes. Applied on real-world apps with cryptography, we find that out of 775 investigated apps that vendors distribute for both Android and iOS, 604 apps for iOS (78%) and 538 apps for Android (69%) suffer from at least one security misconception.

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.206.48.142

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Feichtner, J. (2019). A Comparative Study of Misapplied Crypto in Android and iOS Applications.In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT, ISBN 978-989-758-378-0, pages 96-108. DOI: 10.5220/0007915300960108

@conference{secrypt19,
author={Johannes Feichtner.},
title={A Comparative Study of Misapplied Crypto in Android and iOS Applications},
booktitle={Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT,},
year={2019},
pages={96-108},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007915300960108},
isbn={978-989-758-378-0},
}

TY - CONF

JO - Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT,
TI - A Comparative Study of Misapplied Crypto in Android and iOS Applications
SN - 978-989-758-378-0
AU - Feichtner, J.
PY - 2019
SP - 96
EP - 108
DO - 10.5220/0007915300960108

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.