Mobile Application Security Using Static and Dynamic Analysis

Hossain Shahriar, Kennesaw State University
Chi Zhang, Kennesaw State University
Md Arabin Talukder, Kennesaw State University
Saiful Islam, Kennesaw State University

Abstract

The mobile applications have overtaken web applications in the rapid growing of the mobile app market. As mobile application development environment is open source, it attracts new inexperienced developers to gain hands-on experience with application development. However, the data security and vulnerable coding practice are two major issues. Among all mobile operating systems including iOS (by Apple), Android (by Google) and Blackberry (RIM), Android remains the dominant OS on a global scale. The majority of malicious mobile attacks take advantage of vulnerabilities in mobile applications, such as sensitive data leakage via the inadvertent or side channel, unsecured sensitive data storage, data transition and many others. Most of these vulnerabilities can be detected during mobile application analysis phase. In this chapter, we explored some existing vulnerability detection tools available for static and dynamic analysis and hands-on exploration of using them to detect vulnerabilities. We suggest that there is a need of new tools within the development environment for security analysis in the process of application development.