Paper Info
Title
Spectra: A Precise Framework For Analyzing Cryptographic Vulnerabilities In Android Apps
Abstract
The majority of Android applications (apps) deals with user's personal data. Users trust these apps and allow them to access all sensitive data. Cryptography, when employed in an appropriate way, can be used to prevent misuse of data. Unfortunately, cryptographic libraries also include vulnerable cryptographic services. Since Android app developers may not be cryptographic experts, this makes apps become the target of various attacks due to cryptographic vulnerabilities.In this work, we present sPECTRA: an automated framework for analyzing wide range of cryptographic vulnerabilities in Android apps at large scale. sPECTRA is more precise and accurate in comparison to state-of-the-art approaches as it reduces both false negatives and false positives. The inclusion of Intelligent UI exploration during dynamic analysis makes sPECTRA deployable to analyze apps at large scale. Moreover, sPECTRA works on apk files without the need of any source code.We evaluate sPECTRA on 7,000 apps collected from 7 most popular Android app stores. Results indicate that 90% of apps are exploitable because of cryptographic vulnerabilities. We made sPECTRA available as an open source(1).
Year
Venue
Keywords
2017
2017 14TH IEEE ANNUAL CONSUMER COMMUNICATIONS & NETWORKING CONFERENCE (CCNC)
cryptographic, APIs, vulnerabilities, Android, attacks
Field
DocType
ISSN
Android app,World Wide Web,Android (operating system),Computer science,Computer security,Source code,Cryptography,Cryptographic primitive,Encryption,False positive paradox,Vulnerability
Conference
2331-9852
Citations 
PageRank 
References 
3
0.42
9
Authors
6
Name
Order
Citations
PageRank
Jyoti Gajrani1162.70
Meenakshi Tripathi2478.95
Vijay Laxmi347857.09
Manoj S. Gaur450163.38
Mauro Conti52430203.80
Muttukrishnan Rajarajan659361.50