Identifying Cryptographic Functionality in Android Applications

Alexander Oprisnik; Daniel Hein; Peter Teufl

doi:10.5220/0005056301510162

Identifying Cryptographic Functionality in Android Applications

Alexander Oprisnik, Daniel Hein, Peter Teufl

2014

Abstract

Mobile devices in corporate IT infrastructures are frequently used to process security-critical data. Over the past few years powerful security features have been added to mobile platforms. However, for legal and organisational reasons it is difficult to pervasively enforce using these features in consumer applications or Bring-Your-Own-Device (BYOD) scenarios. Thus application developers need to integrate custom implementations of security features such as encryption in security-critical applications. Our manual analysis of container applications and password managers has shown that custom implementations of cryptographic functionality often suffer from critical mistakes. During manual analysis, finding the custom cryptographic code was especially time consuming. Therefore, we present the Semdroid framework for simplifying application analysis of Android applications. Here, we use Semdroid to apply machine-learning techniques for detecting non-standard symmetric and asymmetric cryptography implementations. The identified code fragments can be used as starting points for subsequent manual analysis. Thus manual analysis time is greatly reduced. The capabilities of Semdroid have been evaluated on 98 password-safe applications downloaded from Google Play. Our evaluation shows the applicability of Semdroid and its potential to significantly improve future application analysis processes.

Download

Paper Citation

in Harvard Style

Oprisnik A., Hein D. and Teufl P. (2014). Identifying Cryptographic Functionality in Android Applications . In Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014) ISBN 978-989-758-045-1, pages 151-162. DOI: 10.5220/0005056301510162

in Bibtex Style

@conference{secrypt14,
author={Alexander Oprisnik and Daniel Hein and Peter Teufl},
title={Identifying Cryptographic Functionality in Android Applications},
booktitle={Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)},
year={2014},
pages={151-162},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005056301510162},
isbn={978-989-758-045-1},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)
TI - Identifying Cryptographic Functionality in Android Applications
SN - 978-989-758-045-1
AU - Oprisnik A.
AU - Hein D.
AU - Teufl P.
PY - 2014
SP - 151
EP - 162
DO - 10.5220/0005056301510162