揭示Android安全测试：技术、挑战和缓解策略的全面概述

IF 4.9 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computers & Electrical Engineering Pub Date : 2025-08-22 DOI:10.1016/j.compeleceng.2025.110620

Durga Viswanath Palutla , Sriramulu Bojjagani , Sai Charan Reddy Mula , Ravi Uyyala , Neeraj Kumar Sharma , Mahesh Kumar Morampudi , Muhammad Khurram Khan

{"title":"揭示Android安全测试：技术、挑战和缓解策略的全面概述","authors":"Durga Viswanath Palutla , Sriramulu Bojjagani , Sai Charan Reddy Mula , Ravi Uyyala , Neeraj Kumar Sharma , Mahesh Kumar Morampudi , Muhammad Khurram Khan","doi":"10.1016/j.compeleceng.2025.110620","DOIUrl":null,"url":null,"abstract":"<div><div>With the rapid growth of Android applications, ensuring robust security has become a critical concern. Traditional Vulnerability Assessment and Penetration Testing (VAPT) approaches, though effective across platforms, often fall short in addressing Android-specific security challenges. This paper presents a comprehensive review of security testing methods tailored to the Android ecosystem, including static and dynamic analysis, hybrid approaches, network communication testing, reverse engineering, malware detection, and permission-based assessments. Android’s open-source nature, device fragmentation, and inconsistent security policies introduce unique vulnerabilities that require specialized testing strategies. By examining current tools, methodologies, and best practices, this review identifies recurring gaps in the Android application security testing process. It highlights the need for more adaptable and thorough testing frameworks. The insights provided are valuable to developers, researchers, and security professionals aiming to strengthen Android app security. Ultimately, this work underscores the importance of tailoring security assessment practices to the evolving threat landscape of the Android platform, thereby contributing to the development of safer and more resilient applications.</div></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"127 ","pages":"Article 110620"},"PeriodicalIF":4.9000,"publicationDate":"2025-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Unveiling Android security testing: A Comprehensive overview of techniques, challenges, and mitigation strategies\",\"authors\":\"Durga Viswanath Palutla , Sriramulu Bojjagani , Sai Charan Reddy Mula , Ravi Uyyala , Neeraj Kumar Sharma , Mahesh Kumar Morampudi , Muhammad Khurram Khan\",\"doi\":\"10.1016/j.compeleceng.2025.110620\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>With the rapid growth of Android applications, ensuring robust security has become a critical concern. Traditional Vulnerability Assessment and Penetration Testing (VAPT) approaches, though effective across platforms, often fall short in addressing Android-specific security challenges. This paper presents a comprehensive review of security testing methods tailored to the Android ecosystem, including static and dynamic analysis, hybrid approaches, network communication testing, reverse engineering, malware detection, and permission-based assessments. Android’s open-source nature, device fragmentation, and inconsistent security policies introduce unique vulnerabilities that require specialized testing strategies. By examining current tools, methodologies, and best practices, this review identifies recurring gaps in the Android application security testing process. It highlights the need for more adaptable and thorough testing frameworks. The insights provided are valuable to developers, researchers, and security professionals aiming to strengthen Android app security. Ultimately, this work underscores the importance of tailoring security assessment practices to the evolving threat landscape of the Android platform, thereby contributing to the development of safer and more resilient applications.</div></div>\",\"PeriodicalId\":50630,\"journal\":{\"name\":\"Computers & Electrical Engineering\",\"volume\":\"127 \",\"pages\":\"Article 110620\"},\"PeriodicalIF\":4.9000,\"publicationDate\":\"2025-08-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Electrical Engineering\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0045790625005634\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790625005634","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

随着Android应用程序的快速增长，确保强大的安全性已成为一个关键问题。传统的漏洞评估和渗透测试（VAPT）方法虽然在跨平台上是有效的，但在解决android特定的安全挑战方面往往不足。本文全面回顾了针对Android生态系统的安全测试方法，包括静态和动态分析、混合方法、网络通信测试、逆向工程、恶意软件检测和基于权限的评估。Android的开源特性、设备碎片化和不一致的安全策略带来了独特的漏洞，需要专门的测试策略。通过检查当前的工具、方法和最佳实践，本文确定了Android应用程序安全测试过程中反复出现的漏洞。它强调了对更具适应性和更全面的测试框架的需求。本文提供的见解对旨在加强Android应用程序安全性的开发者、研究人员和安全专业人员非常有价值。最终，这项工作强调了针对Android平台不断变化的威胁环境量身定制安全评估实践的重要性，从而有助于开发更安全、更有弹性的应用程序。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Unveiling Android security testing: A Comprehensive overview of techniques, challenges, and mitigation strategies

With the rapid growth of Android applications, ensuring robust security has become a critical concern. Traditional Vulnerability Assessment and Penetration Testing (VAPT) approaches, though effective across platforms, often fall short in addressing Android-specific security challenges. This paper presents a comprehensive review of security testing methods tailored to the Android ecosystem, including static and dynamic analysis, hybrid approaches, network communication testing, reverse engineering, malware detection, and permission-based assessments. Android’s open-source nature, device fragmentation, and inconsistent security policies introduce unique vulnerabilities that require specialized testing strategies. By examining current tools, methodologies, and best practices, this review identifies recurring gaps in the Android application security testing process. It highlights the need for more adaptable and thorough testing frameworks. The insights provided are valuable to developers, researchers, and security professionals aiming to strengthen Android app security. Ultimately, this work underscores the importance of tailoring security assessment practices to the evolving threat landscape of the Android platform, thereby contributing to the development of safer and more resilient applications.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Electrical Engineering 工程技术-工程：电子与电气

CiteScore

9.20

自引率

7.00%

发文量

661

审稿时长

47 days

期刊介绍： The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.