Security Analysis of Native Cryptography in Android Apps
Although Android apps are primarily developed in Java and compatible languages for portability reasons, there is the possibility of implementing particularly performance-critical functionality in native languages. This option is increasingly being used to integrate native cryptographic libraries such as OpenSSL. However, a significant issue is that existing tools for detecting errors in the use of cryptography only consider Java code.
As part of this project, this problem is systematically analyzed and addressed with a solution. First, a brief overview of current tools is provided. Then, we evaluate the prevalence of apps among the most popular Android applications that cannot be analyzed by existing tools due to their use of native cryptography. Finally, we propose a concept for a solution that enables the automated detection of errors in the use of native cryptography.
Downloads
| File | Description | File size |
|---|---|---|
Project Report
|
|
4 MB |