Vulnerability Detection In Recent Android Apps: An Empirical Study

With the continuous and rapid increase in quantity and diversity of Smartphone application usage, the storage of sensitive personal and even financial information of the users is also being augmented. It creates motivation for developers of malicious applications to put more effort on discovering ways to identify and exploit the vulnerabilities of utility applications and grab the sensitive information of the users. Android applications, being more open in nature and popular among armature individual developers, fall victim to the malwares quite frequently. Recently, the Govt. of Bangladesh has taken initiative to encourage and patronize young developers to develop utility apps for free public use in the context of Bangladesh (app source: EATL1). While the motivation is great, i.e., benefiting common people, the way these are developed and released have reasons to suspect that recent vulnerabilities may exist due. This may harm the users and ruin the good initiative. In this paper, we have carried out an empirical study on a selected set of these apps to detect eight common vulnerabilities. We have carefully chosen three quality tools that cover testing of all these vulnerabilities. We reported the detected results showing vulnerabilities in the tested apps, presented statistics of the vulnerabilities and discussed countermeasures. We believe this study would benefit the developers and indirectly the potential users of these applications.