Authors:
Kris Heid
1
;
Tobias Tefke
1
;
2
;
Jens Heider
1
and
Ralf C. Staudemeyer
2
Affiliations:
1
Fraunhofer SIT, Rheinstr. 75, D-64295 Darmstadt, Germany
;
2
Schmalkalden University of Applied Sciences, Blechhammer, D-98574 Schmalkalden, Germany
Keyword(s):
Security and Privacy, Android, Software and Application Security, Data Security, Personal Data Leakage, File System Security, Dynamic Analysis.
Abstract:
Many Android apps handle and store sensible data on the smartphone, such as for example passwords, API keys or messages. This information must of course be protected and thus more and more protected storage options and storage isolation techniques were implemented in recent Android version. This results in good security and privacy mechanisms provided to Android developers. However, the question is how well these measures are implemented in todays apps. In this publication, we are presenting an automated dynamic analysis environment which we use to analyze the top 1000 Android apps. Filesystem API accesses of these apps are evaluated and judged how well Android’s protected storage locations are leveraged or abused.