Improving android application quality through extendable, automated security testing

Abstract

Users trust their most sensitive data to their mobile devices and installed applications. These applications continuously collect information about users and their interactions and store that data locally or share it over the network. App stores provide these applications for the user devices and act as trust gateways between the application developers and the end-users, providing the needed assurance to the user that the application to be installed can be trusted. However, this process is far from ideal, mainly because app stores usually validate developed applications submitted against antivirus and antimalware scrutiny but do not look at applications from a holistic security perspective. This chapter proposes, specifies, and tests a system developed to improve Android applications' security. This system is based on the automated testing of submitted apps and identifying potential security vulnerabilities to improve the apps development process, resulting in the overall improvement of the app ecosystem security both on the app stores and on the end user's devices. The source code of the system is available through a GitHub repository for public contribution.