sPECTRA: A precise framEwork for analyzing CrypTographic vulneRabilities in Android apps

Gajrani, Jyoti; Tripathi, Meenakshi; Laxmi, Vijay; Gaur, Manoj Singh; Conti, Mauro; Rajarajan, Muttukrishnan

doi:10.1109/ccnc.2017.7983245

Cited by 4 publications

(1 citation statement)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Gajrani, Tripathi, Laxmi, Gaur, Conti, and Rajarajan [12] introduce sPECTRA as an automated framework for analyzing wide range of cryptographic vulnerabilities in Android finding that 90% of the applications analyzed had cryptographic weaknesses.…”

Section: Mobile Application Cryptography Studiesmentioning

confidence: 99%

A Case Study of Mobile Health Applications: The OWASP Risk of Insufficient Cryptography

Schmeelk

Tao

2022

j. of Comput. sci. res.

View full text Add to dashboard Cite

Mobile devices are being deployed rapidly for both private and professional reasons. One area of that has been growing is in releasing healthcare applications into the mobile marketplaces for health management. These applications help individuals track their own biorhythms and contain sensitive information. This case study examines the source code of mobile applications released to GitHub for the Risk of Insufficient Cryptography in the Top Ten Mobile Open Web Application Security Project risks. We first develop and justify a mobile OWASP Cryptographic knowledgegraph for detecting security weaknesses specific to mobile applications which can be extended to other domains involving cryptography. We then analyze the source code of 203 open source healthcare mobile applications and report on their usage of cryptography in the applications. Our findings show that none of the open source healthcare applications correctly applied cryptography in all elements of their applications. As humans adopt healthcare applications for managing their health routines, it is essential that they consider the privacy and security risks they are accepting when sharing their data. Furthermore, many open source applications and developers have certain environmental parameters which do not mandate adherence to regulations. In addition to creating new free tools for security risk identifications during software development such as standalone or compiler-embedded, the article suggests awareness and training modules for developers prior to marketplace software release.

show abstract

Section: Mobile Application Cryptography Studiesmentioning

confidence: 99%