Abstract
Due to people in companies use mobile devices to access corporate data, attackers targeting corporate data use vulnerabilities in mobile devices. Most vulnerabilities in applications are caused by the carelessness of developers, and confused deputy attacks and data leak attacks using inter-application vulnerabilities are possible. These vulnerabilities are difficult to find through the single-application diagnostic tool that is currently being studied. This paper proposes a process to automate the decompilation of all the applications on a user’s mobile device and a mechanism to find inter-application vulnerabilities. The mechanism generates a list and matrix, detailing the vulnerabilities in the mobile device. The proposed mechanism is validated through an experiment on an actual mobile device with four installed applications, and the results show that the mechanism can accurately capture all application risks as well as inter-application risks. Through this mechanism, users can expect to find the risks in their mobile devices in advance and prevent damage.
Highlights
Over 76% of the world’s population uses smartphones, and mobile devices offer phone, mail, and camera functions, and games, mobile payments, and wallets [1,2]
The Android architecture consists of a Linux kernel layer, hardware abstraction layer (HAL), native C/C++ libraries layer, Java Application Programming Interface (API) framework layer, and system apps layer
The TXT file with the same contents as the result screen for checking the list of vulnerable elements was obtained through List Mode, and the CVS file containing the matrix representing the risk between applications was obtained through Matrix Mode
Summary
Over 76% of the world’s population uses smartphones, and mobile devices offer phone, mail, and camera functions, and games, mobile payments, and wallets [1,2]. Applications that enable these features can be downloaded and installed from application stores [3]. Because of this convenience, mobile devices and applications are being used as a key means of accessing business information in enterprises. The importance of data security in mobile devices is steadily increasing
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have