Featured Research

from universities, journals, and other organizations

More secure app-store for Android

Date:
November 7, 2013
Source:
Fraunhofer-Gesellschaft
Summary:
Apps often read the data from mobile user devices unnoticed by users. This represents a large security risk, especially for companies. A new App-Store filters out problematic Android applications automatically with the help of detection software.

Apps often read the data from mobile user devices unnoticed by users. This represents a large security risk, especially for companies. A new App-Store filters out problematic Android applications automatically with the help of detection software.

Apps. Everyone has them and everyone uses them. These small computer programs installed on our smartphones and tablet computers make work and play easier. With just the tip of a finger on the square icons, we know where and when the next rain clouds are expected, we can book train tickets while travelling, start gaming while mobile, or listen to our favorite music. For most of us, these little mobile helpers have become indispensible. A total of almost two million of them are already available today on the platforms of the two largest providers, Apple and Google. And the trend is rising.

Privacy risks and commercial harms

However, the miniprograms are not always benevolent. "The business model for free Apps often goes like this: you need pay nothing for my services, but in exchange I'm grabbing your data," reflects Dr. Julian Schütte of the Fraunhofer-Research Centre for Applied and Integrated Security AISEC in Garching near Munich. The Apps pick up the data usually without the knowledge of the user. The theft runs from address data, to emails and locat- ions, right through to identification numbers of the user devices. The App developers pass the data to third parties for geographical and personal advertising. "A fact that perhaps is viewed less critically or even as being useful, if the Apps are used privately. For compa- nies, by contrast, they conceal big risks. If email with commercially sensitive content, geographical information on employees, or confidential contact information is passed without knowledge, it is not just problematic for technical reasons of data privacy protection. It can also do commercial harm," warns Schütte.

To protect against this danger, corporate IT departments are increasing their monitoring of Apps used by employees. "With an established mobile operating system like 'iOS', Mobile Device Managers -- IT Department employees who administrate the pool of corporate cellphones -- already have quite good control over the software stored upon the devices. However, for latecomer and now market-leader 'Android', there is currently no tool with which corporate IT can prevent downloading of ‚wild' Apps, to our knowledge," as Schütte describes the challenge for corporations.

Scientists at AISEC have now closed this loophole. Their new App-Store filters out problematic Android Apps automatically and offers employees only mobile applications that conform to a corporation's own guidelines on IT security. "Administrators and Mobile Device Managers are able to determine themselves which Apps are permitted to be installed and which ones are not," as describes Schütte the added value.

Additional significant advantages of the AISEC solution: the analysis of the Apps is flexible and can be adapted to a wide range of company directives. In addition, the IT Department can also stipulate that Apps are only permitted to communicate through encryption. "That is no small feature during these times of NSA spying scandals," according to Schütte. And finally, the software does not just work for Apps offered today. "With the aid of our App-Store, companies are able to build markets with their own Apps that are clean from a security point of view," Schütte adds.

The security filter for Android Apps consists of an App installed on the user device that is directly connected to the IT architecture of the corporation through the analysis system called "App Ray" running in the backend. Searching for and downloading Apps takes place exclusively through this App. "Employees are automatically presented only with safe applications," explains Schütte. That is guaranteed by the centerpiece of the store -- the Backend Analysis Tool. It puts Apps through their paces automatically and then authorizes them for release or not. "With the help of App-Ray, we know where data flow to and from within an App, can investigate the files and source text they contain, chase down the technical details of all the data flows, run the App within a test environment and observe its behavior there. This creates a total security picture of every single mobile application available," as Schütte describes the MO. The AISEC solution works as a framework that integrates existing security features. Such as an analysis tool that investigates the Apps using forty different virus scanners simultaneously.

The researchers have already programmed a prototype of the secure App-Store.

A demo video of App-Ray can be viewed at the following web address: http://www.app-ray.de/


Story Source:

The above story is based on materials provided by Fraunhofer-Gesellschaft. Note: Materials may be edited for content and length.


Cite This Page:

Fraunhofer-Gesellschaft. "More secure app-store for Android." ScienceDaily. ScienceDaily, 7 November 2013. <www.sciencedaily.com/releases/2013/11/131107094414.htm>.
Fraunhofer-Gesellschaft. (2013, November 7). More secure app-store for Android. ScienceDaily. Retrieved October 20, 2014 from www.sciencedaily.com/releases/2013/11/131107094414.htm
Fraunhofer-Gesellschaft. "More secure app-store for Android." ScienceDaily. www.sciencedaily.com/releases/2013/11/131107094414.htm (accessed October 20, 2014).

Share This



More Computers & Math News

Monday, October 20, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Facebook Says The DEA's Fake Accounts Go Too Far

Facebook Says The DEA's Fake Accounts Go Too Far

Newsy (Oct. 19, 2014) — Facebook says the DEA violated its Terms of Service and that such impersonations damage the integrity of the site. Video provided by Newsy
Powered by NewsLook.com
Court Ruling Means Kids' Online Activity Could Be On Parents

Court Ruling Means Kids' Online Activity Could Be On Parents

Newsy (Oct. 17, 2014) — In a ruling attorneys for both sides agreed was a first of its kind, a Georgia appeals court said parents can be held liable for what kids put online. Video provided by Newsy
Powered by NewsLook.com
For Google, Even A $16.5 Billion Earnings Report Is A Miss

For Google, Even A $16.5 Billion Earnings Report Is A Miss

Newsy (Oct. 17, 2014) — Analysts were expecting more, but Google’s ad growth slowed on the quarter and the company is spending more of its money. Video provided by Newsy
Powered by NewsLook.com
Obama Signs Cybersecurity Order, Wants Safer Payments

Obama Signs Cybersecurity Order, Wants Safer Payments

Reuters - US Online Video (Oct. 17, 2014) — President Barack Obama announces details of a new executive order designed to make federal payments safer following recent massive data breaches. Rough Cut (no reporter narration). Video provided by Reuters
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
 
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:  

Breaking News:

Strange & Offbeat Stories

 

Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:  

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile iPhone Android Web
Follow Facebook Twitter Google+
Subscribe RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins