English
Related papers

Related papers: CrySL: Validating Correct Usage of Cryptographic A…

200 papers

The increasing trend of using Large Language Models (LLMs) for code generation raises the question of their capability to generate trustworthy code. While many researchers are exploring the utility of code generation for uncovering software…

Cryptography and Security · Computer Science 2024-04-08 Zahra Mousavi , Chadni Islam , Kristen Moore , Alsharif Abuadbba , Muhammad Ali Babar

Computing platforms such as smartphones frequently access Web content using many separate applications rather than a single Web browser application. These applications often deal with sensitive user information such as financial data or…

Cryptography and Security · Computer Science 2014-10-29 Vasant Tendulkar , William Enck

Context: Poor usability of cryptographic APIs is a severe source of vulnerabilities. Aim: We wanted to find out what kind of cryptographic libraries are present in Rust and how usable they are. Method: We explored Rust's cryptographic…

Cryptography and Security · Computer Science 2018-07-19 Kai Mindermann , Philipp Keck , Stefan Wagner

Android is the most used Operating System worldwide for mobile devices, with hundreds of thousands of apps downloaded daily. Although these apps are primarily written in Java and Kotlin, advanced functionalities such as graphics or…

Cryptography and Security · Computer Science 2024-12-03 Silvia Lucia Sanna , Diego Soi , Davide Maiorca , Giorgio Fumera , Giorgio Giacinto

The Android framework provides a rich set of APIs that can be exploited by developers to build their apps. However, the rapid evolution of these APIs jointly with the specific characteristics of the lifecycle of the Android components…

Software Engineering · Computer Science 2022-02-25 Oliviero Riganelli , Ionut Daniel Fagadau , Daniela Micucci , Leonardo Mariani

Recent studies have shown that developers have difficulties in using cryptographic APIs, which often led to security flaws. We are interested to tackle this matter by looking into what types of problems exist in various crypto libraries. We…

Cryptography and Security · Computer Science 2021-11-03 Mohammadreza Hazhirpasand , Oscar Nierstrasz , Mohammad Ghafari

Cryptojacking applications pose a serious threat to mobile devices. Due to the extensive computations, they deplete the battery fast and can even damage the device. In this work we make a step towards combating this threat. We collected and…

Cryptography and Security · Computer Science 2020-02-25 Stanislav Dashevskyi , Yury Zhauniarovich , Olga Gadyatskaya , Aleksandr Pilgun , Hamza Ouhssain

Mobile apps often embed authentication secrets, such as API keys, tokens, and client IDs, to integrate with cloud services. However, developers often hardcode these credentials into Android apps, exposing them to extraction through reverse…

Cryptography and Security · Computer Science 2025-10-22 Marco Alecci , Jordan Samhi , Tegawendé F. Bissyandé , Jacques Klein

Web communication has become an indispensable characteristic of mobile apps. However, it is not clear what data the apps transmit, to whom, and what consequences such transmissions have. We analyzed the web communications found in mobile…

Cryptography and Security · Computer Science 2020-06-03 Pascal Gadient , Mohammad Ghafari , Marc-Andrea Tarnutzer , Oscar Nierstrasz

Developers are increasingly integrating Language Models (LMs) into their mobile apps to provide features such as chat-based assistants. To prevent LM misuse, they impose various restrictions, including limits on the number of queries, input…

Cryptography and Security · Computer Science 2025-05-14 Muhammad Ibrahim , Gűliz Seray Tuncay , Z. Berkay Celik , Aravind Machiry , Antonio Bianchi

The security of the Internet rests on a small number of open-source cryptographic libraries: a vulnerability in any one of them threatens to compromise a significant percentage of web traffic. Despite this potential for security impact, the…

Cryptography and Security · Computer Science 2021-07-13 Jenny Blessing , Michael A. Specter , Daniel J. Weitzner

Prior research has shown that cryptography is hard to use for developers. We aim to understand what cryptography issues developers face in practice. We clustered 91954 cryptography-related questions on the Stack Overflow website, and…

Cryptography and Security · Computer Science 2021-08-17 Mohammadreza Hazhirpasand , Oscar Nierstrasz , Mohammadhossein Shabani , Mohammad Ghafari

The Java libraries JCA and JSSE offer cryptographic APIs to facilitate secure coding. When developers misuse some of the APIs, their code becomes vulnerable to cyber-attacks. To eliminate such vulnerabilities, people built tools to detect…

Cryptography and Security · Computer Science 2022-05-02 Ying Zhang , Ya Xiao , Md Mahir Asef Kabir , Danfeng , Yao , Na Meng

Android is nowadays the most popular operating system in the world, not only in the realm of mobile devices, but also when considering desktop and laptop computers. Such a popularity makes it an attractive target for security attacks, also…

Android apps are built on APIs that abstract core Android system functionalities. These APIs are officially documented in multiple files distributed with the Android source code or SDK, which we collectively refer to as Android API Lists…

Software Engineering · Computer Science 2026-04-17 Sinan Wang , Qi Zhang , Jiacheng Li , Lili Wei , Yida Tao , Yepang Liu

Android is designed with a number of built-in security features such as app sandboxing and permission-based access controls. Android supports multiple communication methods for apps to cooperate. This creates a security risk of app…

Cryptography and Security · Computer Science 2017-06-09 Jorge Blasco , Thomas M. Chen , Igor Muttik , Markus Roggenbach

The Model Context Protocol (MCP) is rapidly emerging as the middleware for LLM-based applications, offering a standardized interface for tool integration. However, its built-in security mechanisms are minimal: while schemas and declarations…

Cryptography and Security · Computer Science 2025-12-04 Biwei Yan , Yue Zhang , Minghui Xu , Hao Wu , Yechao Zhang , Kun Li , Guoming Zhang , Xiuzhen Cheng

Application Programming Interface (API) incompatibility is a long-standing issue in Android application development. The rapid evolution of Android APIs results in a significant number of API additions, removals, and changes between…

Software Engineering · Computer Science 2024-06-27 Shidong Pan , Tianchen Guo , Lihong Zhang , Pei Liu , Zhenchang Xing , Xiaoyu Sun

We develop DroidCCT, a distributed test framework to evaluate the scale of a wide range of failures/bugs in cryptography for end users. DroidCCT relies on passive analysis of artifacts from the execution of cryptographic operations in the…

Mobile apps are predominantly integrated with cloud services to benefit from enhanced functionalities. Adopting authentication using secrets such as API keys is crucial to ensure secure mobile-cloud interactions. However, developers often…

Cryptography and Security · Computer Science 2025-11-11 Kevin Li , Lin Ling , Jinqiu Yang , Lili Wei