Thesis (M.S.)--Boston UniversityAndroid is a major mobile operating system pre-installed and shipped with more than 60% of smart-phones in the market. The open source nature of android en- courages developers to innovate wide-range of applications. Meantime, the sweeping android acceptance with individuals and industries caught the attention of malicious software writers, which led to a sharp increase of security threats. Such threats raise a deeper concern in financial and healthcare applications that are inherently bound to handle private and sensitive information.
The research provides a deeper analysis on security vulnerabilities of android applications in finance and healthcare category, from official Google app store. It is proposed and implemented a security analysis framework that takes account of a wide range of vulnerability metrics to provide unified and quantified method of measuring android applications vulnerability. The framework implementation automated the process of crawling google's app store, downloading applications package to a repository and conducting vulnerability analysis. It automatically extracts security parameters, measures vulnerability metrics and generates vulnerability report. The security parameters were extracted from manifest, de-compiled source code and app store meta-data.
The analysis, on the top 632 free apps from finance and medical category revealed that on average financial apps found to be more vulnerable than medical apps. Medical apps have the maximum value for all types of vulnerabilities. Furthermore, a descriptive statistical analysis on the vulnerability metrics revealed that there is a linear relationship between implicitly open components and the number of times they access sensitive android resources
