Browse > Article
http://dx.doi.org/10.13089/JKIISC.2013.23.6.1049

On Security of Android Smartphone Apps Employing Cryptography  

Park, Sang-Ho (Sejong University)
Kim, Hyeonjin (Attached Institute of ETRI)
Kwon, Taekyoung (Yonsei University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.23, no.6, 2013 , pp. 1049-1055 More about this Journal
Abstract
Smartphones are rapidly growing because of easy installation of the apps (application software) that users actually want. There are increasingly many apps that require cryptographic suites to be installed, for instance, for protecting account and financial data. Android platform provides protection mechanisms for memory and storage based on Linux kernel, but they are vulnerable to rooting attacks. In this paper, we analyze security mechanisms of Android platform and point out security problems. We show the security vulnerabilities of several commercial apps and suggest appropriate countermeasures.
Keywords
Android; Smartphone; Reverse-Engineering; Security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Jason Foy, "Understanding BlackBerry Balance," BlackBerryLive, 2013.
2 "A look inside Dexguard," http://www.android-decompiler.com/blog/2013/04/02/a-look-inside-dexguard/
3 Gartner, "Market Share Analysis: Mobile Phones, Worldwide, 2Q13," http://www.gartner.com/newsroom/id/2573415, Aug. 2013.
4 Gartner, "Market Share: Mobile Communication Devices by Region and Country, 3Q11," http://www.gartner.com/newsroom/id/1848514, Nov. 2011.
5 icrossing, "2013 Mobile Market Share," http://connect.icrossing.co.uk/2013-mobile-market-share-infographic_10062, Jan 2013.
6 Wikepedia, "Bring Your Own Device," http://en.wikipedia.org/wiki/Bring_your_own_device
7 News1, "From 15th, blocking smartphone features in the building of Ministry of National Defense," http://news1.kr/articles/1239175
8 BlackBerry, "Balance technology," http://us.blackberry.com/business/software/blackberry-balance.html
9 Samsung, "KNOX," https://www.samsungknox.com/en/
10 SELinux Wiki, "SEforAndroid," http://selinuxproject.org/page/SEAndroid
11 Centrify, "Samsung to OEM Centrify for Single Sign-On and Mobile Management," http://www.centrify.com/blogs/tomkemp/samsung_oems_centrify_for_sso_and_mdm.asp
12 Samsung, "Samsung KNOX available for use by consumers," http://www.samsung.com/us/news/21651
13 LG Electronics, "Guest Mode," http://www.lgmobile.co.kr/microsite/LGG2/features/features03.jsp
14 Google, "Android Security Overview," http://source.android.com/devices/tech/security/index.html
15 AhnLab, Inc., "10 Commandments of smartphone security policy," http://www.ahnlab.com/kr/site/securityinfo/secunews/secuNewsView.do?menu_dist=2&seq= 16012
16 Korea Internet & Security Agency, "10 safety regulations for smartphone users," http://boho.or.kr/kor/private/private_02.jsp
17 Financial Supervisory Service, "10 Commandments of smartphone banking," http://www.fss.or.kr/fss/kr/promo/bodobbs_view.jsp?page=1&seqno=14941
18 Smart Card Alliance, "Mobile/NFC Security Fundamentals," http://www.smartcardalliance.org/resources/webinars/Secure_Elements_101_FINAL3_032813.pdf
19 Wikipedia, "Android rooting," http://en.wikipedia.org/wiki/Android_rooting
20 dex2jar, https://code.google.com/p/dex-2jar/
21 jad, http://varaneckas.com/jad/
22 Wikipedia, "Obfuscation," http://en.wikipedia.org/wiki/Obfuscation_(software)
23 ProGuard, http://developer.android.com/tools/help/proguard.html