Symbolic execution and program testing
Communications of the ACM
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Dytan: a generic dynamic taint analysis framework
Proceedings of the 2007 international symposium on Software testing and analysis
Panorama: capturing system-wide information flow for malware detection and analysis
Proceedings of the 14th ACM conference on Computer and communications security
CloudAV: N-version antivirus in the network cloud
SS'08 Proceedings of the 17th conference on Security symposium
Automated software testing as a service
Proceedings of the 1st ACM symposium on Cloud computing
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Paranoid Android: versatile protection for smartphones
Proceedings of the 26th Annual Computer Security Applications Conference
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
S2E: a platform for in-vivo multi-path analysis of software systems
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
CloneCloud: elastic execution between mobile device and cloud
Proceedings of the sixth conference on Computer systems
Defending users against smartphone apps: techniques and future directions
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Identifying spam in the iOS app store
Proceedings of the 2nd Joint WICOW/AIRWeb Workshop on Web Quality
Towards a trustworthy service marketplace for the future internet
The Future Internet
User-aware privacy control via extended static-information-flow analysis
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Towards verifying android apps for the absence of no-sleep energy bugs
HotPower'12 Proceedings of the 2012 USENIX conference on Power-Aware Computing and Systems
Insights into layout patterns of mobile user interfaces by an automatic analysis of android apps
Proceedings of the 5th ACM SIGCHI symposium on Engineering interactive computing systems
Dynodroid: an input generation system for Android apps
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
DEMO: Enabling trusted stores for android
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
AppIntent: analyzing sensitive data transmission in android for privacy leakage detection
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Vetting undesirable behaviors in android apps with permission use analysis
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Unauthorized origin crossing on mobile platforms: threats and mitigation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
ACM SIGSOFT Software Engineering Notes
SEC'13 Proceedings of the 22nd USENIX conference on Security
SEC'13 Proceedings of the 22nd USENIX conference on Security
Systematic audit of third-party android phones
Proceedings of the 4th ACM conference on Data and application security and privacy
DECAF: detecting and characterizing ad fraud in mobile apps
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.00 |
Smartphones and "app" markets are raising concerns about how third-party applications may misuse or improperly handle users' privacy-sensitive data. Fortunately, unlike in the PC world, we have a unique opportunity to improve the security of mobile applications thanks to the centralized nature of app distribution through popular app markets. Thorough validation of apps applied as part of the app market admission process has the potential to significantly enhance mobile device security. In this paper, we propose AppInspector, an automated security validation system that analyzes apps and generates reports of potential security and privacy violations. We describe our vision for making smartphone apps more secure through automated validation and outline key challenges such as detecting and analyzing security and privacy violations, ensuring thorough test coverage, and scaling to large numbers of apps.