Aspects of Analyzing the Security and Vulnerabilities of Mobile Applications

NBI Technologies Pub Date : 2018-08-01 DOI:10.15688/NBIT.JVOLSU.2018.1.5

A. Makaryan, M. Karmanov

{"title":"Aspects of Analyzing the Security and Vulnerabilities of Mobile Applications","authors":"A. Makaryan, M. Karmanov","doi":"10.15688/NBIT.JVOLSU.2018.1.5","DOIUrl":null,"url":null,"abstract":"The given article deals with the variants of mobile applications’ local data protection on devices with operation systems Android and iOS. The following programs have been investigated: messengers WhatsApp, Viber, Telegram, WeChat, Signal. The conducted analysis let define and classify the programs for protection mechanisms, the types of stored data, the required tools and technologies, as well as the techniques for improving the protection of the stored local data. As it turned out in the course of this research work, locally stored software data on the device is not given enough attention in terms of protection, as in some cases, this protection is based solely on the mechanisms of the operating system of the device. For more reliable protection of locally stored data of the application it is necessary to implement the following approaches in the application: encryption of both the database in full and some critical data in it separately by an additional layer of encryption; encryption of files that appear during the program execution (media files, for example); coding and representation of data in a program using proprietary algorithms; the use of confusing names of critical files and data (the key file should not be called “key”, as in the case of WhatsApp), and data traps; the encoding of the configuration files containing sensitive information to ensure the security of the data; making the functionality of the kernel cryptographic transformations in a separate plug-in library in order to make the study of the decompiled source code on the subject of these reforms meaningless.","PeriodicalId":205855,"journal":{"name":"NBI Technologies","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"NBI Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.15688/NBIT.JVOLSU.2018.1.5","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The given article deals with the variants of mobile applications’ local data protection on devices with operation systems Android and iOS. The following programs have been investigated: messengers WhatsApp, Viber, Telegram, WeChat, Signal. The conducted analysis let define and classify the programs for protection mechanisms, the types of stored data, the required tools and technologies, as well as the techniques for improving the protection of the stored local data. As it turned out in the course of this research work, locally stored software data on the device is not given enough attention in terms of protection, as in some cases, this protection is based solely on the mechanisms of the operating system of the device. For more reliable protection of locally stored data of the application it is necessary to implement the following approaches in the application: encryption of both the database in full and some critical data in it separately by an additional layer of encryption; encryption of files that appear during the program execution (media files, for example); coding and representation of data in a program using proprietary algorithms; the use of confusing names of critical files and data (the key file should not be called “key”, as in the case of WhatsApp), and data traps; the encoding of the configuration files containing sensitive information to ensure the security of the data; making the functionality of the kernel cryptographic transformations in a separate plug-in library in order to make the study of the decompiled source code on the subject of these reforms meaningless.

查看原文本刊更多论文

移动应用安全漏洞分析的几个方面

本文将讨论Android和iOS操作系统设备上移动应用程序的本地数据保护。以下程序已被调查:信使WhatsApp, Viber, Telegram，微信，Signal。通过分析，可以定义和分类保护机制的程序、存储数据的类型、所需的工具和技术，以及改进存储的本地数据保护的技术。在本研究过程中发现，设备本地存储的软件数据在保护方面没有得到足够的重视，在某些情况下，这种保护仅仅基于设备操作系统的机制。为了更可靠地保护应用程序的本地存储数据，有必要在应用程序中实现以下方法:通过额外的加密层对数据库和其中的一些关键数据进行完全加密;对程序执行期间出现的文件(例如媒体文件)进行加密;使用专有算法在程序中对数据进行编码和表示;使用令人困惑的关键文件和数据名称(关键文件不应该被称为“key”，就像WhatsApp的情况一样)，以及数据陷阱;对包含敏感信息的配置文件进行编码，确保数据的安全性;将内核加密转换的功能放在一个单独的插件库中，以便使对这些转换主题的反编译源代码的研究变得毫无意义。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

NBI Technologies

自引率

0.00%

发文量