English
Related papers

Related papers: CrySL: Validating Correct Usage of Cryptographic A…

200 papers

This paper presents a measurement study of information leakage and SSL vulnerabilities in popular Android apps. We perform static and dynamic analysis on 100 apps, downloaded at least 10M times, that request full network access. Our…

Cryptography and Security · Computer Science 2015-05-05 Lucky Onwuzurike , Emiliano De Cristofaro

Application Programming Interfaces (APIs) are crucial to software development, enabling integration of existing systems with new applications by reusing tried and tested code, saving development time and increasing software safety. In…

Software Engineering · Computer Science 2026-04-10 Ponnampalam Pirapuraj , Tamal Mondal , Sharanya Gupta , Akash Lal , Somak Aditya , Jyothi Vedurada

The packaging model of Android apps requires the entire code necessary for the execution of an app to be shipped into one single apk file. Thus, an analysis of Android apps often visits code which is not part of the functionality delivered…

Software Engineering · Computer Science 2015-11-23 Li Li , Tegawendé F. Bissyandé , Jacques Klein , Yves Le Traon

Context: Cryptographic APIs are often misused in real-world applications. Therefore, many cryptographic API misuse detection tools have been introduced. However, there exists no established reference benchmark for a fair and comprehensive…

Software Engineering · Computer Science 2022-04-14 Michael Schlichtig , Anna-Katharina Wickert , Stefan Krüger , Eric Bodden , Mira Mezini

The increasing frequency of attacks on Android applications coupled with the recent popularity of large language models (LLMs) necessitates a comprehensive understanding of the capabilities of the latter in identifying potential…

Cryptography and Security · Computer Science 2025-03-18 Vasileios Kouliaridis , Georgios Karopoulos , Georgios Kambourakis

Research has shown that cryptography concepts are hard to understand for developers, and secure use of cryptography APIs is challenging for mainstream developers. We have developed a fluent API named FluentCrypto to ease the secure and…

Cryptography and Security · Computer Science 2021-08-17 Simon Kafader , Mohammad Ghafari

Most contemporary mobile devices offer hardware-backed storage for cryptographic keys, user data, and other sensitive credentials. Such hardware protects credentials from extraction by an adversary who has compromised the main operating…

Cryptography and Security · Computer Science 2025-07-11 Jenny Blessing , Ross J. Anderson , Alastair R. Beresford

Android allows apps to communicate with its system services via system service helpers so that these apps can use various functions provided by the system services. Meanwhile, the system services rely on their service helpers to enforce…

Cryptography and Security · Computer Science 2022-03-25 Yi He , Yacong Gu , Purui Su , Kun Sun , Yajin Zhou , Zhi Wang , Qi Li

Due to Android's open source feature and low barriers to entry for developers, millions of developers and third-party organizations have been attracted into the Android ecosystem. However, over 90 percent of mobile malware are found…

Cryptography and Security · Computer Science 2019-06-26 Bin Zhao

This work presents a new tool to verify the correctness of cryptographic implementations with respect to cache attacks. Our methodology discovers vulnerabilities that are hard to find with other techniques, observed as exploitable leakage.…

Cryptography and Security · Computer Science 2017-09-07 Gorka Irazoqui , Kai Cong , Xiaofei Guo , Hareesh Khattri , Arun Kanuparthi , Thomas Eisenbarth , Berk Sunar

The Android ecosystem is vulnerable to issues such as app repackaging, counterfeiting, and piracy, threatening both developers and users. To mitigate these risks, developers often employ code obfuscation techniques. However, while effective…

Cryptography and Security · Computer Science 2025-02-10 Akila Niroshan , Suranga Seneviratne , Aruna Seneviratne

The Android system manages access to sensitive APIs by permission enforcement. An application (app) must declare proper permissions before invoking specific Android APIs. However, there is no official documentation providing the complete…

Cryptography and Security · Computer Science 2021-11-17 Chaoran Li , Xiao Chen , Ruoxi Sun , Jason Xue , Sheng Wen , Muhammad Ejaz Ahmed , Seyit Camtepe , Yang Xiang

Logging is a common practice in traditional software development. Several research works have been done to investigate the different characteristics of logging practices in traditional software systems (e.g., Android applications, JAVA…

Software Engineering · Computer Science 2023-01-12 Patrick Loic Foalem , Foutse Khomh , Heng Li

Java programming language has been long used to develop native Android mobile applications. In the last few years many companies and freelancers have switched into using Kotlin partially or entirely. As such, many projects are released as…

Cryptography and Security · Computer Science 2021-05-21 Fadi Mohsen , Loran Oosterhaven , Fatih Turkmen

Rust is an emerging, strongly-typed programming language focusing on efficiency and memory safety. With increasing projects adopting Rust, knowing how to use Unsafe Rust is crucial for Rust security. We observed that the description of…

Software Engineering · Computer Science 2023-08-10 Mohan Cui , Suran Sun , Hui Xu , Yangfan Zhou

Access to privacy-sensitive information on Android is a growing concern in the mobile community. Albeit Google Play recently introduced some privacy guidelines, it is still an open problem to soundly verify whether apps actually comply with…

Cryptography and Security · Computer Science 2021-12-13 Luca Verderame , Davide Caputo , Andrea Romdhana , Alessio Merlo

The ubiquity of smartphones, and their very broad capabilities and usage, make the security of these devices tremendously important. Unfortunately, despite all progress in security and privacy mechanisms, vulnerabilities continue to…

Cryptography and Security · Computer Science 2020-06-03 Mohammad Ghafari , Pascal Gadient , Oscar Nierstrasz

Many Android applications embed webpages via WebView components and execute JavaScript code within Android. Hybrid applications leverage dedicated APIs to load a resource and render it in a WebView. Furthermore, Android objects can be…

Cryptography and Security · Computer Science 2020-08-06 Abhishek Tiwari , Jyoti Prakash , Sascha Gross , Christian Hammer

Software libraries implement APIs that deliver reusable functionalities. To correctly use these functionalities, software applications must satisfy certain correctness policies, for instance policies about the order some API methods can be…

Software Engineering · Computer Science 2020-10-14 Oliviero Riganelli , Daniela Micucci , Leonardo Mariani

The proper use of Android app permissions is crucial to the success and security of these apps. Users must agree to permission requests when installing or running their apps. Despite official Android platform documentation on proper…

Cryptography and Security · Computer Science 2025-08-05 Ali Alkinoon , Trung Cuong Dang , Ahod Alghuried , Abdulaziz Alghamdi , Soohyeon Choi , Manar Mohaisen , An Wang , Saeed Salem , David Mohaisen