An empirical evaluation of cryptography usage in Android applications
Χατζηκωνσταντίνου, Αλεξία Κ.
SubjectAndroid (Electronic resource) ; Mobile computing -- Security measures ; Operating systems (Computers) -- Security measures ; Cryptography
It is fact that cryptography is already highly used in applications involving sensitive data, for example, credentials, credit card pins and other personal information. Nonetheless, developers frequently lack specialized cryptography knowledge. In this master thesis, 49 android applications are analyzed in order to determine -via static and dynamic analyses- the specific cryptographic misuses that result in data breaches. The results show that the 85, 71% of the applications examined (i.e. 42 out of the 49 applications) make at least one cryptographic misuse. Thus, a list of cryptographic rules that are based on the thesis analysis in order to improve the overall cryptographic security in Android applications is suggested.