Analysis of Feature-Completeness in Android Cross-Platform Frameworks

In cross-platform mobile development research, we frequently encounter mentions of limitations and constraints potentially imposed by technical tools and development frameworks.This is especially prominent in the context of programmatic device- and platform feature access, including features such as GPS, Internet and device camera access.Although the majority of the literature does not empirically validate these claims, they have reached acceptance in both practitioners' communities and academic research.By downloading a sample of 300,000 Android applications available on the Google Play Store and analysing them, we set forth to find which platform- and device features are the most commonly included in deployed apps.Based on the results, we map the features to their availability in five major cross-platform development frameworks, thus provide an overview of feature completeness and potential shortcomings in these popular frameworks.Our findings indicate that the scrutinised frameworks range from 86.37% to 95.46% feature-completeness and can thus facilitate the development of mobile apps relying on features that are commonly found in our assessed sample of Android apps

Comprehensive Analysis of Innovative Cross-Platform App Development Frameworks

Mobile apps are increasingly realized by using a cross-platform development framework. Using such frameworks, code is written once but the app can be deployed to multiple platforms. Despite progress in research on cross-platform techniques, results (i.e. apps) are not always satisfactory. They are subject to tedious tailoring and the development effort tends to be notable. In these cases, either pure web apps (realized through web browsers) or native apps (realized for each platform separately) are chosen. Recent activities have led to new approaches. In this paper, we have a closer look at three of these, namely React Native, the Ionic Framework, and Fuse. We present a comprehensive analysis of the three approaches. Our work is based on a real-world use case, which allows us to provide generalizable advice. Our findings suggest that there is no clear winner; the frameworks incorporate notable ideas and general progress in the field can be asserted

The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis

In recent years, mobile devices (e.g., smartphones and tablets) have met an increasing commercial success and have become a fundamental element of the everyday life for billions of people all around the world. Mobile devices are used not only for traditional communication activities (e.g., voice calls and messages) but also for more advanced tasks made possible by an enormous amount of multi-purpose applications (e.g., finance, gaming, and shopping). As a result, those devices generate a significant network traffic (a consistent part of the overall Internet traffic). For this reason, the research community has been investigating security and privacy issues that are related to the network traffic generated by mobile devices, which could be analyzed to obtain information useful for a variety of goals (ranging from device security and network optimization, to fine-grained user profiling). In this paper, we review the works that contributed to the state of the art of network traffic analysis targeting mobile devices. In particular, we present a systematic classification of the works in the literature according to three criteria: (i) the goal of the analysis; (ii) the point where the network traffic is captured; and (iii) the targeted mobile platforms. In this survey, we consider points of capturing such as Wi-Fi Access Points, software simulation, and inside real mobile devices or emulators. For the surveyed works, we review and compare analysis techniques, validation methods, and achieved results. We also discuss possible countermeasures, challenges and possible directions for future research on mobile traffic analysis and other emerging domains (e.g., Internet of Things). We believe our survey will be a reference work for researchers and practitioners in this research field.Comment: 55 page

Security Code Smells in Android ICC

Android Inter-Component Communication (ICC) is complex, largely unconstrained, and hard for developers to understand. As a consequence, ICC is a common source of security vulnerability in Android apps. To promote secure programming practices, we have reviewed related research, and identified avoidable ICC vulnerabilities in Android-run devices and the security code smells that indicate their presence. We explain the vulnerabilities and their corresponding smells, and we discuss how they can be eliminated or mitigated during development. We present a lightweight static analysis tool on top of Android Lint that analyzes the code under development and provides just-in-time feedback within the IDE about the presence of such smells in the code. Moreover, with the help of this tool we study the prevalence of security code smells in more than 700 open-source apps, and manually inspect around 15% of the apps to assess the extent to which identifying such smells uncovers ICC security vulnerabilities.Comment: Accepted on 28 Nov 2018, Empirical Software Engineering Journal (EMSE), 201

Conception and Implementation of a Location-based Augmented Reality Kernel

The availability of sophisticated mobile applications on many platforms constitutes a challenging task. In order to cover the most relevant mobile operating systems and make the best use of their underlying features, the native development on the target platform still others the most diverse possibilities. Aside from the most widely spread mobile operating systems - namely Android and iOS - the Windows Phone platform oters a unique design language and many developer tools and technologies for building Windows Store apps. Making use of the capabilities of modern smartphones enables the development and use of desktop-like applications. The built-in sensors, cameras and powerful processing units of such a device other a versatile platform to build against. As a result, many mobile applications and technologies have emerged. However, information on profound insight into the development of such an application is hard to find. In this work, the development of AREA on the Windows Phone 8.1 platform is presented. AREA is a location-based mobile Augmented Reality engine and already available on Android and iOS. By porting the engine to yet another mobile platform, more third-party mobile business applications can integrate AREA and make use of its efficient and modular design. This work also points out the differences in implementation between the Windows Phone version and its counterparts on Android and iOS. Insights into the architecture and some references to the mathematical basis are also provided

Man-machine partial program analysis for malware detection

With the meteoric rise in popularity of the Android platform, there is an urgent need to combat the accompanying proliferation of malware. Existing work addresses the area of consumer malware detection, but cannot detect novel, sophisticated, domain-specific malware that is targeted specifically at one aspect of an organization (eg. ground operations of the US Military). Adversaries can exploit domain knowledge to camoflauge malice within the legitimate behaviors of an app and behind a domain-specific trigger, rendering traditional approaches such as signature-matching, machine learning, and dynamic monitoring ineffective. Manual code inspections are also inadequate, scaling poorly and introducing human error. Yet, there is a dire need to detect this kind of malware before it causes catastrophic loss of life and property. This dissertation presents the Security Toolbox, our novel solution for this challenging new problem posed by DARPA\u27s Automated Program Analysis for Cybersecurity (APAC) program. We employ a human-in-the-loop approach to amplify the natural intelligence of our analysts. Our automation detects interesting program behaviors and exposes them in an analysis Dashboard, allowing the analyst to brainstorm flaw hypotheses and ask new questions, which in turn can be answered by our automated analysis primitives. The Security Toolbox is built on top of Atlas, a novel program analysis platform made by EnSoft. Atlas uses a graph-based mathematical abstraction of software to produce a unified property multigraph, exposes a powerful API for writing analyzers using graph traversals, and provides both automated and interactive capabilities to facilitate program comprehension. The Security Toolbox is also powered by FlowMiner, a novel solution to mine fine-grained, compact data flow summaries of Java libraries. FlowMiner allows the Security Toolbox to complete a scalable and accurate partial program analysis of an application without including all of the libraries that it uses (eg. Android). This dissertation presents the Security Toolbox, Atlas, and FlowMiner. We provide empirical evidence of the effectiveness of the Security Toolbox for detecting novel, sophisticated, domain-specific Android malware, demonstrating that our approach outperforms other cutting-edge research tools and state-of-the-art commercial programs in both time and accuracy metrics. We also evaluate the effectiveness of Atlas as a program analysis platform and FlowMiner as a library summary tool

Comparative Analysis Between Native and Hybrid Mobile Applications

With the growth of technology in the mobile area, the app market has been bringing solutions to many problems and making life easier for many people, whether in the business, technology, administrative and many others. It is necessary to understand that to build an app, there are many technologies for different purposes, and developers need to know which one is best applied in every situation. Therefore, the objective of this research is to bring an analysis about the native and hybrid development, showing its main features and information regarding the usability and functionality of two existing applications, which were built within the standards of each tool, based on two features of ISO / IEC 25010: 2011 regarding Software Product Quality. An exploratory research was conducted to bring comparative data regarding applications, and based on the results obtained, it was observed that it is possible to develop similar applications in interface, quality and functionality, even if they are built with different technologies. As a result, native technology is often used to build more robust functionality-based applications that follow the interface standard of each platform, and hybrids are a lower-cost alternative, as well as fact that its source code is fully reusable for use on other platforms

An Approach to Secure Mobile Enterprise Architectures

Due to increased security awareness of enterprises for mobile applications operating with sensitive or personal data as well as extended regulations form legislative (the principle of proportionality) various approaches, how to implement (extended) two-factor authentication, multi-factor authentication or virtual private network within enterprise mobile environments to ensure delivery of secure applications, have been developed. Within mobile applications it will not be sufficient to rely on security measures of the individual components or interested parties, an overall concept of a security solution has to be established which requires the interaction of several technologies, standards and system components. These include the physical fuses on the device itself as well as on the network layer (such as integrated security components), security measures (such as employee agreements, contract clauses), insurance coverage, but also software technical protection at the application level (e.g. password protection, encryption, secure container). The purpose of this paper is to summarize the challenges and practical successes, providing best practices to fulfill appropriate risk coverage of mobile applications. I present a use case, in order to proof the concept in actual work settings, and to demonstrate the adaptability of the approach.Comment: 8 pages, 9 figures, tutorial pape