A certification process for android applications

Harsha K. Kalutarage, Padmanabhan Krishnan, Siraj Ahmed Shaikh

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

The last decade has seen the emergence of mobile platform for software applications. An important factor in the remarkable growth in this area is the development of Android and a community of mobile application developers sharing open sourced and free software. While the emphasis for Android has been openness and user control, this brings with it challenges of validating and securing mobile apps. Development of dedicated tools and techniques to test mobile apps for functional and nonfunctional properties has been limited so far. Such an effort is made more difficult given frequent version updates for Android in its short history (over ten in ten years). The need for better security and assurance for mobile apps, on the other hand, is ever so more as apps providing important services such as banking, navigation, and identity management emerge. This paper attempts to converge on current concepts and practices of testing mobile apps. We provide a structured checklist approach to vulnerability assessment and permission mapping of mobile apps, which is underpinned by a set of available tools, and ultimately contribute to a framework for certification of mobile apps. The proposed certification process combines diverse sources and has a focus on automation.

Original languageEnglish
Title of host publicationInformation Technology and Open Source
Subtitle of host publicationApplications for Education, Innovation, and Sustainability - SEFM 2012 Satellite Events, InSuEdu, MoKMaSD, and OpenCert, Revised Selected Papers
PublisherSpringer
Pages288-303
Number of pages16
ISBN (Print)9783642543371
DOIs
Publication statusPublished - 1 Jan 2014
Event10th International Conference on Software Engineering and Formal Methods, SEFM 2012, 1st International Symposium on InSuEdu 2012, 1st International Symposium on MoKMaSD 2012, 6th International Workshop on Foundations and Techniques for OpenCert 2012 - Thessaloniki, Greece
Duration: 1 Oct 20125 Oct 2012
https://dl.acm.org/citation.cfm?id=2404232&picked=prox

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7991 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference10th International Conference on Software Engineering and Formal Methods, SEFM 2012, 1st International Symposium on InSuEdu 2012, 1st International Symposium on MoKMaSD 2012, 6th International Workshop on Foundations and Techniques for OpenCert 2012
CountryGreece
CityThessaloniki
Period1/10/125/10/12
Internet address

Fingerprint

Certification
Application programs
Identity Management
Software
Banking
Mobile Applications
Vulnerability
Automation
Navigation
Sharing
Update
Converge
Testing

Cite this

Kalutarage, H. K., Krishnan, P., & Shaikh, S. A. (2014). A certification process for android applications. In Information Technology and Open Source: Applications for Education, Innovation, and Sustainability - SEFM 2012 Satellite Events, InSuEdu, MoKMaSD, and OpenCert, Revised Selected Papers (pp. 288-303). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7991 LNCS). Springer. https://doi.org/10.1007/978-3-642-54338-8_24
Kalutarage, Harsha K. ; Krishnan, Padmanabhan ; Shaikh, Siraj Ahmed. / A certification process for android applications. Information Technology and Open Source: Applications for Education, Innovation, and Sustainability - SEFM 2012 Satellite Events, InSuEdu, MoKMaSD, and OpenCert, Revised Selected Papers. Springer, 2014. pp. 288-303 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{9822891b5fb5436e9ae6df9b350b2b96,
title = "A certification process for android applications",
abstract = "The last decade has seen the emergence of mobile platform for software applications. An important factor in the remarkable growth in this area is the development of Android and a community of mobile application developers sharing open sourced and free software. While the emphasis for Android has been openness and user control, this brings with it challenges of validating and securing mobile apps. Development of dedicated tools and techniques to test mobile apps for functional and nonfunctional properties has been limited so far. Such an effort is made more difficult given frequent version updates for Android in its short history (over ten in ten years). The need for better security and assurance for mobile apps, on the other hand, is ever so more as apps providing important services such as banking, navigation, and identity management emerge. This paper attempts to converge on current concepts and practices of testing mobile apps. We provide a structured checklist approach to vulnerability assessment and permission mapping of mobile apps, which is underpinned by a set of available tools, and ultimately contribute to a framework for certification of mobile apps. The proposed certification process combines diverse sources and has a focus on automation.",
author = "Kalutarage, {Harsha K.} and Padmanabhan Krishnan and Shaikh, {Siraj Ahmed}",
year = "2014",
month = "1",
day = "1",
doi = "10.1007/978-3-642-54338-8_24",
language = "English",
isbn = "9783642543371",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer",
pages = "288--303",
booktitle = "Information Technology and Open Source",
address = "Germany",

}

Kalutarage, HK, Krishnan, P & Shaikh, SA 2014, A certification process for android applications. in Information Technology and Open Source: Applications for Education, Innovation, and Sustainability - SEFM 2012 Satellite Events, InSuEdu, MoKMaSD, and OpenCert, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7991 LNCS, Springer, pp. 288-303, 10th International Conference on Software Engineering and Formal Methods, SEFM 2012, 1st International Symposium on InSuEdu 2012, 1st International Symposium on MoKMaSD 2012, 6th International Workshop on Foundations and Techniques for OpenCert 2012, Thessaloniki, Greece, 1/10/12. https://doi.org/10.1007/978-3-642-54338-8_24

A certification process for android applications. / Kalutarage, Harsha K.; Krishnan, Padmanabhan; Shaikh, Siraj Ahmed.

Information Technology and Open Source: Applications for Education, Innovation, and Sustainability - SEFM 2012 Satellite Events, InSuEdu, MoKMaSD, and OpenCert, Revised Selected Papers. Springer, 2014. p. 288-303 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7991 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

TY - GEN

T1 - A certification process for android applications

AU - Kalutarage, Harsha K.

AU - Krishnan, Padmanabhan

AU - Shaikh, Siraj Ahmed

PY - 2014/1/1

Y1 - 2014/1/1

N2 - The last decade has seen the emergence of mobile platform for software applications. An important factor in the remarkable growth in this area is the development of Android and a community of mobile application developers sharing open sourced and free software. While the emphasis for Android has been openness and user control, this brings with it challenges of validating and securing mobile apps. Development of dedicated tools and techniques to test mobile apps for functional and nonfunctional properties has been limited so far. Such an effort is made more difficult given frequent version updates for Android in its short history (over ten in ten years). The need for better security and assurance for mobile apps, on the other hand, is ever so more as apps providing important services such as banking, navigation, and identity management emerge. This paper attempts to converge on current concepts and practices of testing mobile apps. We provide a structured checklist approach to vulnerability assessment and permission mapping of mobile apps, which is underpinned by a set of available tools, and ultimately contribute to a framework for certification of mobile apps. The proposed certification process combines diverse sources and has a focus on automation.

AB - The last decade has seen the emergence of mobile platform for software applications. An important factor in the remarkable growth in this area is the development of Android and a community of mobile application developers sharing open sourced and free software. While the emphasis for Android has been openness and user control, this brings with it challenges of validating and securing mobile apps. Development of dedicated tools and techniques to test mobile apps for functional and nonfunctional properties has been limited so far. Such an effort is made more difficult given frequent version updates for Android in its short history (over ten in ten years). The need for better security and assurance for mobile apps, on the other hand, is ever so more as apps providing important services such as banking, navigation, and identity management emerge. This paper attempts to converge on current concepts and practices of testing mobile apps. We provide a structured checklist approach to vulnerability assessment and permission mapping of mobile apps, which is underpinned by a set of available tools, and ultimately contribute to a framework for certification of mobile apps. The proposed certification process combines diverse sources and has a focus on automation.

UR - http://www.scopus.com/inward/record.url?scp=84958534756&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-54338-8_24

DO - 10.1007/978-3-642-54338-8_24

M3 - Conference contribution

SN - 9783642543371

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 288

EP - 303

BT - Information Technology and Open Source

PB - Springer

ER -

Kalutarage HK, Krishnan P, Shaikh SA. A certification process for android applications. In Information Technology and Open Source: Applications for Education, Innovation, and Sustainability - SEFM 2012 Satellite Events, InSuEdu, MoKMaSD, and OpenCert, Revised Selected Papers. Springer. 2014. p. 288-303. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-54338-8_24