A Framework for Automated Security Testing of Android Applications on the Cloud

App markets are stirring a paradigm shift in the way software is provisioned to the end users. The benefits of this model are plenty, including the ability to rapidly and effectively acquire, introduce, maintain, and enhance software used by the consumers. This paradigm shift, however, has given rise to a new set of security challenges. In parallel with the emergence of app markets, we have witnessed increased security threats that are exploiting this model of provisioning software. The key obstacle is the ability to rapidly assess the security and robustness of applications submitted to the market. The problem is that security testing is generally a manual, expensive, and cumbersome process. This is precisely the challenge that we have begun to address in a project targeted at the development of a framework that aids the analysts in testing the security of Android apps. The framework is comprised of a tool-suite that given an application automatically generates and executes numerous test cases, and provides a report of uncovered security vulnerabilities to the human analyst.