International Journal of Internet, Broadcasting and Communication

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on the Mobile Application Security Threats and Vulnerability Analysis Cases

  • Kim, Hee Wan (Division of Computer Science & Engineering, Sahmyook University)
  • Received : 2020.09.18
  • Accepted : 2020.11.02
  • Published : 2020.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

Security threats are increasing with interest due to the mass spread of smart devices, and vulnerabilities in developed applications are being exposed while mobile malicious codes are spreading. The government and companies provide various applications for the public, and for reliability and security of applications, security checks are required during application development. In this paper, among the security threats that can occur in the mobile service environment, we set up the vulnerability analysis items to respond to security threats when developing Android-based applications. Based on the set analysis items, vulnerability analysis was performed by examining three applications of public institutions and private companies currently operating as mobile applications. As a result of application security checks used by three public institutions and companies, authority management and open module stability management were well managed. However, it was confirmed that many security vulnerabilities were found in input value verification, outside transmit data management, and data management. It is believed that it will contribute to improving the safety of mobile applications through the case of vulnerability analysis for Android application security.

Keywords

References

  1. Korea Information Society Agency, Yearbook information society statistics. 2019, Seoul : Ministry of Science and Technology Information and Communication
  2. J. H. Park, Mobile computing permeates mobile offices, expanding application fields, IT Daily, 2019.4.30., http://www.itdaily.kr/news/articleView.html-idxno=94456
  3. Timothy A. Chadza, Francisco J. Aparicio-Navarro, Konstantinos G. Kyriakopoulos, Jonathon A. Chambers, "A Look Into the Information Your Smartphone Leaks," 2017 International Symposium on Networks, Computers and Communications(ISNCC), pp. 1-6, May. 2017. DOI: https://doi.org/10.1109/isncc.2017.8072022
  4. Jagdish Prasad Achara, Vincent Roca, Claude Castelluccia, and Aurelien Francillon, "Mobileappscrutinator: A simple yet efficient dynamic analysis approach for detecting privacy leaks across mobile OSs," The 32nd Annual Computer Security Applications Conference (ACSAC), 2016.
  5. S. W. Ko, and S. G. Joung, "Implementation example of mobile application analysis and verification solution", Korea Institute of Information Security and Cryptology, Vol. 23, No. 2, pp. 21-28, April. 2013.
  6. S. H. Park, H. J. Kim, and T. K. Kwon, "OnSecurity of Android Smartphone Apps Employing Cryptography", Journal of The Korea Institute of Information Security & Cryptology, Vol. 23, No. 6, Dec. 2013. DOI: https://doi.org/10.13089/jkiisc.2013.23.6.1049
  7. S. J. Kim, and J. B. Hur, "Mobile Application Privacy Leak Detection and Security Enhancement Research," Journal of The Korea Institute of Information Security & Cryptology, VOL.29, NO.1, Feb. 2019. DOI: https://doi.org/10.13089/JKIISC.2019.29.1.195
  8. J. Y. Shin, D.S. Kim, K. J. Han, and H. W. Kim, "A Study on the Security Checklist Improvements to improve the Security in the Mobile Applications Development," Journal of Digital Convergence, Vol. 12, No. 8, pp. 113-127, 2014. DOI: https://doi.org/10.14400/jdc.2014.12.8.113
  9. Lookout, "Introducing the App Genome Project", Jul. 2010
  10. Veracode, "Mobile App Top 10 List", Dec 2010, https://www.veracode.com/blog/2010/12/mobile-app-top-10-list
  11. Korea Internet & Security Agency, Mobile public service security vulnerability check guide, Ministry of Public Administration and Security, 2016.