Security Analysis of Native Cryptography in Android Apps

posted in #IT Security, Mobile & Cloud on the 10.02.2025

Although Android apps are primarily developed in Java and compatible languages for portability reasons, there is the possibility of implementing particularly performance-critical functionality in native languages. This option is increasingly being used to integrate native cryptographic libraries such as OpenSSL. However, a significant issue is that existing tools for detecting errors in the use of cryptography only consider Java code.

As part of this project, this problem is systematically analyzed and addressed with a solution. First, a brief overview of current tools is provided. Then, we evaluate the prevalence of apps among the most popular Android applications that cannot be analyzed by existing tools due to their use of native cryptography. Finally, we propose a concept for a solution that enables the automated detection of errors in the use of native cryptography.

Downloads

File Description File size
pdf Project Report Version 1.0
4 MB