English
Related papers

Related papers: CRYLOGGER: Detecting Crypto Misuses Dynamically

200 papers

Security of Android devices is now paramount, given their wide adoption among consumers. As researchers develop tools for statically or dynamically detecting suspicious apps, malware writers regularly update their attack mechanisms to hide…

Cryptography and Security · Computer Science 2022-10-21 Xiaoyu Sun , Xiao Chen , Li Li , Haipeng Cai , John Grundy , Jordan Samhi , Tegawendé F. Bissyandé , Jacques Klein

Mobile applications rely on complex backends that introduce significant security risks, yet developers often lack the tools to assess these risks effectively. This paper presents AndroScanner, an automated pipeline for detecting…

Cryptography and Security · Computer Science 2026-04-17 Harini Dandu

While extremely valuable to achieve advanced functions, mobile phone sensors can be abused by attackers to implement malicious activities in Android apps, as experimentally demonstrated by many state-of-the-art studies. There is hence a…

Cryptography and Security · Computer Science 2022-01-19 Xiaoyu Sun , Xiao Chen , Kui Liu , Sheng Wen , Li Li , John Grundy

Mobile developers face unique challenges when detecting and reporting crashes in apps due to their prevailing GUI event-driven nature and additional sources of inputs (e.g., sensor readings). To support developers in these tasks, we…

Software Engineering · Computer Science 2017-06-06 Kevin Moran , Mario Linares-Vásquez , Carlos Bernal-Cárdenas , Christopher Vendome , Denys Poshyvanyk

Ethereum has officially provided a set of system-level cryptographic APIs to enhance smart contracts with cryptographic capabilities. These APIs have been utilized in over 10% of Ethereum transactions, motivating developers to implement…

Cryptography and Security · Computer Science 2024-08-12 Jiashuo Zhang , Yiming Shen , Jiachi Chen , Jianzhong Su , Yanlin Wang , Ting Chen , Jianbo Gao , Zhong Chen

Dynamic analysis has emerged as a pivotal technique for testing Android apps, enabling the detection of bugs, malicious code, and vulnerabilities. A key metric in evaluating the efficacy of tools employed by both research and practitioner…

Software Engineering · Computer Science 2024-04-18 Jordan Samhi , Andreas Zeller

The Model Context Protocol (MCP) is rapidly emerging as the middleware for LLM-based applications, offering a standardized interface for tool integration. However, its built-in security mechanisms are minimal: while schemas and declarations…

Cryptography and Security · Computer Science 2025-12-04 Biwei Yan , Yue Zhang , Minghui Xu , Hao Wu , Yechao Zhang , Kun Li , Guoming Zhang , Xiuzhen Cheng

With the widespread adoption of cryptocurrencies, cryptojacking has become a significant security threat to crypto wallet users. This paper presents a front-end prototype of an AI-powered security dashboard, namely, CryptoGuard. Developed…

Cryptography and Security · Computer Science 2025-09-12 Amitabh Chakravorty , Jess Kropczynski , Nelly Elsayed

Unique challenges arise when testing mobile applications due to their prevailing event-driven nature and complex contextual features (e.g. sensors, notifications). Current automated input generation approaches for Android apps are typically…

Software Engineering · Computer Science 2018-01-22 Kevin Moran , Mario Linares-Vasquez , Carlos Bernal-Cardenas , Christopher Vendome , Denys Poshyvanyk

Mobile apps often embed authentication secrets, such as API keys, tokens, and client IDs, to integrate with cloud services. However, developers often hardcode these credentials into Android apps, exposing them to extraction through reverse…

Cryptography and Security · Computer Science 2025-10-22 Marco Alecci , Jordan Samhi , Tegawendé F. Bissyandé , Jacques Klein

Security Application Programming Interfaces (APIs) are crucial for ensuring software security. However, their misuse introduces vulnerabilities, potentially leading to severe data breaches and substantial financial loss. Complex API design,…

Cryptography and Security · Computer Science 2025-05-15 Zahra Mousavi , Chadni Islam , M. Ali Babar , Alsharif Abuadbba , Kristen Moore

Cryptojacking is the permissionless use of a target device to covertly mine cryptocurrencies. With cryptojacking, attackers use malicious JavaScript codes to force web browsers into solving proof-of-work puzzles, thus making money by…

Cryptography and Security · Computer Science 2023-04-27 Muhammad Saad , David Mohaisen

With the digital breakthrough, smart phones have become very essential component. Mobile devices are very attractive attack surface for cyber thieves as they hold personal details (accounts, locations, contacts, photos) and have potential…

Cryptography and Security · Computer Science 2017-09-22 Shweta Bhandari , Wafa Ben Jaballah , Vineeta Jain , Vijay Laxmi , Akka Zemmari , Manoj Singh Gaur , Mohamed Mosbah , Mauro Conti

Most contemporary mobile devices offer hardware-backed storage for cryptographic keys, user data, and other sensitive credentials. Such hardware protects credentials from extraction by an adversary who has compromised the main operating…

Cryptography and Security · Computer Science 2025-07-11 Jenny Blessing , Ross J. Anderson , Alastair R. Beresford

The area of software development and secure coding can benefit significantly from advancements in virtual assistants. Research has shown that many coders neglect security in favor of meeting deadlines. This shortcoming leaves systems…

Cryptography and Security · Computer Science 2021-05-14 Fitzroy D. Nembhard , Marco M. Carvalho

Android is the most used Operating System worldwide for mobile devices, with hundreds of thousands of apps downloaded daily. Although these apps are primarily written in Java and Kotlin, advanced functionalities such as graphics or…

Cryptography and Security · Computer Science 2024-12-03 Silvia Lucia Sanna , Diego Soi , Davide Maiorca , Giorgio Fumera , Giorgio Giacinto

Static detection technologies based on signature-based approaches that are widely used in Android platform to detect malicious applications. It can accurately detect malware by extracting signatures from test data and then comparing the…

Cryptography and Security · Computer Science 2017-09-27 Sanya Chaba , Rahul Kumar , Rohan Pant , Mayank Dave

[Background] Previous research has shown that developers commonly misuse cryptography APIs. [Aim] We have conducted an exploratory study to find out how crypto APIs are used in open-source Java projects, what types of misuses exist, and why…

Cryptography and Security · Computer Science 2020-09-03 Mohammadreza Hazhirpasand , Mohammad Ghafari , Oscar Nierstrasz

Android users are now suffering severe threats from unwanted behaviors of various apps. The analysis of apps' audit logs is one of the essential methods for some device manufacturers to unveil the underlying malice within apps. We propose…

Software Engineering · Computer Science 2020-12-01 Zhaoyi Meng , Yan Xiong , Wenchao Huang , Fuyou Miao , Jianmeng Huang

While the automated detection of cryptographic API misuses has progressed significantly, its precision diminishes for intricate targets due to the reliance on manually defined patterns. Large Language Models (LLMs) offer a promising…

Cryptography and Security · Computer Science 2026-03-19 Yifan Xia , Zichen Xie , Peiyu Liu , Kangjie Lu , Yan Liu , Wenhai Wang , Shouling Ji