An Application Security Assessment of Popular Free Android Applications
Abstract
The number of applications for the Android platform found on Google Play is now over 1 million and there are over 1.5 billion downloads each month . With a low cost of entry the Android platform attracts developers many of which do not have the necessary competence or experience to develop secure applications. Weassess 20 Android applications using a custom testing methodology based on the OWASP Mobile Project and look for common vulnerabilities. We decompileapplications using Dare and review the source codemanually as well as using static and dynamic analysis to look for vulnerabilities.We also evaluate existing vulnerability classifications and argue which onesare most fitting to apply to Android vulnerabilities for educational and research purposes. We then categorize our findings according to OWASP MobileTop 10 and present mitigation strategies for each category as a whole. Finally,we argue the implications of the vulnerabilities to end-users.