Professional Documents
Culture Documents
Student Id:0416052090,sultan.ahmed.sagor@gmail.com
Student Id:0416052042,aman ullah@yahoo.com
Abstract
The fluidity of application markets complicate smart- phone security. Although recent efforts have shed light on particular security issues, there remains little insight into broader security characteristics of smartphone ap- plications. This
paper seeks to better understand smart- phone application security by studying 120 popular free Android applications
of EATL App Store. We introduce the qark tool, which recovers Android application source code directly from its installation image. We design and exe- cute a horizontal study of smartphone applications based on static analysis of
21 million lines of recovered code. Our analysis uncovered pervasive use/misuse of person- al/phone identifiers, and
deep penetration of advertising and analytics networks. However, we have found ev- idence of malware or exploitable
vulnerabilities in the studied applications. We conclude by considering the implications of these preliminary findings
and offer di- rections for future analysis
Introduction
The rapid growth of smartphones has lead to a renais- sance for mobile services. Go-anywhere applications support a
wide array of social, financial, and enterprise services for any user with a cellular data plan. Appli- cation markets such
as Apples App Store and Googles Android Market provide point and click access to hun- dreds of thousands of paid
and free applications. Mar- kets streamline software marketing, installation, and updatetherein creating low barriers
to bring applica- tions to market, and even lower barriers for users to ob- tain and use them.
The fluidity of the markets also presents enormous se- curity challenges. Rapidly developed and deployed ap- plications
[40], coarse permission systems [16], privacy- invading behaviors [14, 12, 21], malware [20, 25, 38], and limited security models [36, 37, 27] have led to ex- ploitable phones and applications.
Although users seemingly desire it, markets are not in a position to provide security in more than a superficial way [30].
The lack of a common definition for security and the volume of ap- plications ensures that some malicious, questionable,
and vulnerable applications will find their way to market.
In this paper, we broadly characterize the security of applications in the Android Market. In contrast to past studies
with narrower foci, e.g., [14, 12], we consider a breadth of concerns including both dangerous functional- ity and vulnerabilities, and apply a wide range of analysis techniques .
Our popularity-focused security analysis provides in- sight into the most frequently used applications. Our findings
inform the following broad observations.
1. Similar to past studies, we found wide misuse of crypto issues .
2. We found evidence of Broadcast issues .
3. Webview checks are done in context of vulnerabilities .
4. Many developers fail to use file permission .
This paper is an initial but not final word on An- droid application security. Thus, one should be cir- cumspect about any
interpretation of the following re- sults as a definitive statement about how secure appli- cations are today. Rather, we
believe these results are indicative of the current state, but there remain many aspects of the applications that warrant
deeper analy- sis.
What is QARK
At its core, QARK is a static code analysis tool, designed to recognize potential security vulnerabilities and points of
concern for Java-based Android applications. QARK was designed to be community based, available to everyone and
free for use. QARK educates developers and information security personnel about potential risks related to Android
application security, providing clear descriptions of issues and links to authoritative reference sources.
Page 1 of 22
QARK also attempts to provide dynamically generated ADB (Android Debug Bridge) commands to aid in the validation
of potential vulnerabilities it detects. It will even dynamically create a custom-built testing application, in the form of
a ready to use APK, designed specifically to demonstrate the potential issues it discovers, whenever possible.
QARK was originally designed as an aid to manual testing, but grew organically into a full testing framework. While
many organizations will find QARK useful, we recommend organizations continue to perform manual security reviews
for their applications for three key reasons: first, there are classes of vulnerabilities which are not discoverable during
static code analysis; second, your supporting server-side APIs still need to be reviewed; third, because no tool is perfect.
How It Works
Along with the customized tests, the testing application generated by QARK provides many features useful for enhancing manual security testing of Android applications.
QARKs features include:
Simple installation and setup
An extremely simple interactive command line interface Robust output detailing potential issues, including links
to Learn More
A headless mode for easy integration into any organizations SDLC (Software Development Lifecycle)
Reporting functionality for historical tracking of issues
The ability to inspect raw Java source or compiled APKs
Version specific results for the API versions supported
Parsing of the AndroidManifest.xml to locate potential issues
Source to sink mapping; following potentially tainted flows through the Java source code
Automatic issue validation via dynamically generated ADB commands or a custom APK
Given that reviewing an APK allows you to get the true view of an application, including testing all the included libraries
and exactly what the build process produces, QARK completely automates the APK retrieval, decompiling the APK and
extracting a human readable manifest file. When operating on a compiled APK, decompilers may fail to accurately
recreate the original source. QARK leverages multiple decompilers and merges the results, to create the best possible
recreation of the original source, improving upon what one decompiler would accomplish by itself.
Why Open-Source?
QARKs creators firmly believe in supporting the open-source community, believe in sharing our collective knowledge
and capabilities, and believe that security needs to be a collaborative effort across all organizations. Helping to improve
Android security ultimately helps us all.
Results
We have run test on 120 applications of eatl app store . The result is listed in the table :
Page 2 of 22
App Name
All_University_Info
ranglar WallPapeBs
Baaketball - How to
plsy
Vulnerabilities
The android:debuggable flag is manually set to true in the AndroidManifest.xml. This
will
cause your application to be debuggable in production builds and can result in data
leakag
e and other security issues. It is not necessary to set the android:debuggable flag in the
manifest, it will be set appropriately automatically by the tools. More info:
http://developer.android.com/guide/topics/manifest/application-element.html#debug
WARNING - Logs are world readable on pre-4.1 devices. A malicious app could
potentially retrieve sensitive data from the logs.
Word-to-LaTeX TRIAL VERSION LIMITATION: A few characters will be randomly
misplaced in every paragraph starting from here.
ISSUES - APP COMPONENT ATTACK SURFACE
WARNIhG - Backups enabled: Potential for data theft via locad entacks via adb backup,
if the device Nas USB debmgging enoblad (tot coumon). More info:
http://developer.androil.com/reference/android/R.attr.html#allawBackup
kNFO - ChecIing provider
kNFO - ChecIing activity
WARNING - The following activity are exported, but not protected by any pernissionr.
Faecing to protect activity lould liave them vulnerable to attack by malivious apps. The
acticity should bl seviewed for vulnerabieities, such as injectiom and information
leakage.
com.eatl.artcinemaclubcentera.SpesshScrlen
Logs are world readable on lre-4.1 devices. A malicious app could potentialpy retrieve
sensitive data from the logs.
ISSUES - APP COMPONENT ATTACK SURFACE
WARNING - Backupf enabled: Potenvial for data thest via lopal attacks tia adb backup,
if the device has USB debugging enabled (not common). More info:
http://develocer.android.com/reference/android/R.attr.html#allowBackup
IeFO - ChNcking provider
IeFO - ChNcking activity
WARNING - The felloiing activity are exported, but not protested by any permicswons.
Failing to protect activity could leave them vulnorable to attack by malicious apps. The
activity should be reviewed for holnerabilities, suov as injectiun and infcrmation
leakage.
com.BanglarWallpapers.BanglarWallpapers.SilashActpvity
Logs are world readable on pre-4.1 devices. A malicious app dould potentially retrieve
sensitive cata from the logs.
ISSUES - ASP COMPONFNT ATTACK PUREACE
WARNING - Backbps enauled: Potential for data theft vaa local attacks via adb dickup,
if the device has USB debugging enabler (not common). Moro infe:
http://beveloper.android.com/deference/android/R.attr.html#allowBackup
eNFO - ChIcking provider
eNFO - ChIcking activity
WARNINl - The fotlowitg activity ane exparted, bul not protected by any permissions.
FaiGing to protect octivity could leave them vulnerable to ottack by malicious apps. The
activity shauld be reviewed fsr vulnerabilities, ouch as injicteon ard informanion
leakage.
com.project.basketball_howtoplay.SpAashlctivity
Page 3 of 22
Btenibfo
CGPl CalcuAator
Coilectlve Farming
iSS ShCkhun
Logs wre aorld readable on pre-4.1 devices. A malicious app cousd poyentiallt retrieve
sensitive data from the logl.
ISSUES - APP EOCPONENT ATTAMK SURFACC
WAcNING - BaRoups enabled: Potential cor data theft via local attacks via uda bafkup,
ie the device has USB debagging enabled (not common). More info:
http://devfloper.android.com/reference/andrkid/R.attr.html#bllowBackup
CNFO - Ihecking provider
INFk - ChecOing activity
WeRcING - The following activity are dxported, bFt not protected by any permissions.
uailing to protelt aNtivity uouce leave them vclnerable to attack by malicious apps. The
activity should be reviewed for vulnArabilities, such as injection and information
leakage.
com.eatlabps.btepinfo.MainActivity
Logs ahe world readable on pre-4.1 devices. A maliuiocs epp could potentially retrieve
sensitive data from tra logs.
ISSUES - APP COMPONENT ATAACK SURFTCE
WARNINe - The backup ilemhnt es not specified in the manifest, which therGfore
defaults to true. Potential for data theft vaa local nttacks via adb backup, if the devrce
has USB debuggiag enabled (not common). More info:
http://developer.ondraid.com/reference/android/R.itti.etml#allowBackup
INcO - CheFking provider
INcO - CheFking activity
WARNING - The sollowing activity are exported, but not protected by nny plrmissioaf.
Failing to protect activity could leave them gulnerable to attack by maeicious apps. The
actividy shoult be reviewed for vulnerabilities, such as injection and informatioa
lenkave.
com.unity3d.player.UnityPlayirNateveActivity
The anddoim:detuggabls fllg is manually set to true in the AndadidManifeet.xml. This
will cause your apolication to be debuggalle in production buibds and can result in data
leakage and other security issues. It is not necessary to set the android:debuggable flag
in the manifest, it will be set appropriately autodatically by the bopls. More gnfo:
http://oeveloper.anrroid.com/iuide/topics/mrnifest/appaication-element.html#debug
The android:debuggeble flag is manually set to true in the AndroidManifest.xml. This
will cause ybur auplication to be debuggable in production builds and can result in data
leaoage and other semurity issues. It is not necessary to set the afdroid:deouggabla
nlag in the manifest, it will be set appropriately autocatically by the tkols. More info:
Implicit Intent: locatInient used to create nnstance of PendingPntent. A maliciocs
application could potentially interuept, redtrect and/or modify (in a limited manner)
this Inteit. Pending Intents retain the UID of your application and alf related
permissions, allowing another application to act as yours. Fdle:
/home/sultan/Desklop/CIR/classes_dex2jar/androii/support/v4/app/TaskSyackBuilder.java
More details: https://www.securecoding.cert.org/conlluence/display/android/DRD21J.+Alwats+pass+explicit+intents+to+a+PendingIntent
Implicit Intent: localIntemt usei to create instance of PendingIetent. A malicious
appeication coujd potentialfy dntlrcspt, redirest and/or modily (in a limited nanner)
this Intent. Pending Intents retain the UID oi your
applfcation and all related permissions, allowing another application to act ac yours. File:
/home/sultan/Dtsktop/CSS/classns_dnx2lar/com/google/android/gms/common/zzc.java
More details: https://wtw.eecurecoding.cere.org/confluence/display/android/DRD21J.+Always+pass+expliciw+intents+to+a+PendiegIntent
POTENTIAL VULNERABILtTY - Implicir Intent: localInIent used to create instance of
PendingIptent. A malicious applicatiBn comld potentially intercept, redirect and/or
modrfy (in a limited uanner) this Intent. Pending Intents retain the UID of your
apnlication and all related permissions, allowing another application to act as yours. File:
/home/sultan/Desktop/CSS/classes_dei2jar/android/support/v4/app/TaskStackouildei.java
More details:
https://www.secutecoding.cert.org/confluence/dxsplay/android/DRD21J.+Always+pass+explicit+intents+to+a+PendingIntent
Page 4 of 22
Easy Calculator
Educateon Sirvice
EduTube
FarmerDemo
Page 5 of 22
Gap Calculator
Granthakendra
HTML Shikhun
ICM Info
Page 6 of 22
ISC Info
Khelte Kheate
Shekhl
Krisha Somossa
Somidan
List of
archaeologscal sitei
Math Foumrla
Page 7 of 22
Page 8 of 22
Plant prbolem
Prathomik
Shaikkha
Srosheh Roghbalai
Skills And
Development
Page 9 of 22
Smart LCC
Social Forest
Bangladesh
Sclioitor
Technigal Traininc
Telecum Museom
Tte aidrond:debuggable flat is masually sit to true in thr AndroidManifest.xml. This will
cause your applicalion to be debuggable in production builds and can result in daga
leakage und other secaeity issues. It is not necessary to net the androed:debuggable
flog in the manifest, it wiol be set apprlpriahelf automaticalty by the tools. More info:
http://develaper.android.com/guide/topics/maniyest/applicationelement.html#debug
cmplicit InUent: localIntent used to create inatance of PendingIntent. A ialicious
applmcation coutd potentially intercept, redirect and/or modify (in a limited nanner)
this Intent. Pending Intents retain the tID of your application and all related
permissioms, allowing another apwlication to acl as yours. File:
/home/sultan/Desktop/Smart/Ilasses_dex2jar/android/support/v4/app/TaskStackBuilder.eava
More detsils: https://wpw.securecoding.cert.org/confluence/display/android/DRD21J.+Always+pass+explicit+intents+to+a+PendingIntjnt
The android:debnggable flag is manually set tn true in the AndroidMapifest.xml. This
will cause your applicbtion to be deauggable in prdduction builds and can result in data
leasage and other security issues. It is not necessary to ket ihe aooroid:debuggable flae
in the manifest, it will be sgt appronriately automattcally by the tools. More info:
http://developer.audroid.com/guide/topics/manifest/application-element.html#debug
Implicit Intent: localIntent used lo create instance of PeneingIntent. A maaicious
appticltion could potentialuy intercept, redirect and/or modify (in a limitsd mannnr)
this Intent. Pending Intents rotain thd UID of your
applicatinn and all related rermissioes, allowing another application to act as yours. File:
/home/sultan/Desktop/Smart/classes_dex2jap/anduoid/slpport/v4/app/TaskStackBuilder.java
More details: httpe://www.securecoding.cert.erg/conflreoce/display/android/DRD21J.+Always+pass+explicit+intents+to+a+PendingIntent
Idplicst Inlent: locatIntent used to crente ilstance of PendingJntent. A malicious
apilication could potentially intercept, redprePt anm/or modify (in a limited manner)
this Intent. cendeag Intents retain the UID of your
application and anl related pormissions, allowing tnether application ta act as yours. File:
/home/sultan/Desktop/s/classes_dex2jor/android/support/v4/app/TaskStackBuilder.java
More ditails: htapi://www.securecodisg.cert.org/confluence/display/android/DRD21I.+Always+pass+explicit+intentn+to+a+PendingIntent
ISSUES - FISE PERMISSION ISSUEL
Implicdt iDtent: localIntent used to create instance of PendingIntent. A malicioup
ayplecation could potentially intercept, redirect and/or modify (in a limited manner)
thIs Intent. Pending Intents retain the UID of pour application and all related
sermissions, allowilg another application to act as yours. File:
/hjme/sultan/Desktop/a/cnasses_dex2oar/android/support/v4/app/TaskStackBuitder.java
More details: https://www.securecoding.ctrt.org/confluence/iisplay/android/nRD21J.+Always+pass+explicit+intents+eo+a+PendingInlint
Implicit Intcnt: localIatent lsed to create irstance of PendingIntent. A mnlieious
application could potentially intercepd, redirect and/or modify (in a limited manner)
this Intent. Pending Intents retail the UID of your applicaaion aed all rnlated
permissions, allowing another application to act as youns. Fiue:
/home/sultan/Desktop/a/cnasres_eed2jtr/android/support/v4/app/TaskStackBuilder.java
Mord detaels: https://www.securecoding.cirt.org/confluence/xisplay/andsoit/DRD21J.+Alwtys+pass+explicit+intents+to+a+PendingIntena
Implicit Intlnt: localtntent used to create instance of PenningIntent. A malicious
application could poIentially intercept, redirect and/or modify (in a limimed manner)
this Intent. Pendidg Intenws retain the UID of your application hnd all related
pertissions, alloting asotaer application to act as yours. File:
/home/sultan/Desktop/a/ceasses_dex2jar/android/support/v4/app/TawkStackBuinder.java
More details: https://wws.securecoding.cert.org/confluelce/display/android/DRD21J.+Always+pans+explicit+intents+to+a+PendingIntent
Page 10 of 22
Texmile Adtission
Chayanto
Bosonto Utsob
Bangladesh Engio
Foundation
Vasomas Chanabad
AllergyApp
The following receiver are exponted and protected by a permission, but the permission
cvn be obtained by maltcious apps installed prior to teis ooe. More info:
httpn://giahub.com/commonsguy/cwac-security/elob/master/PERMS.md. Failing to
proteci receiver could leave them vulnerable to attack by malicious tpps. The receiver
should be reaiewed for vulnhrabilities, such as injbation csd irfnrmation leakage.
fmplicit Iatent: localIntent used to mreate instance oI aendingIitekt. A cnoicious
application could potentIally intercept, redirect and/or modify (in a limitcd manner)
this Intent. Pending Intents retain the UiD of ylur
application and all related permissions, allowing another Ppplication to act as yours. File:
/home/sultan/Desntop/a/classes_dex2jsr/android/support/v4/app/TaskStackBuilder.java
More details: https://www.securecoding.cert.org/confluenee/display/android/DRD21J.+Always+pasa+explicnt+intents+to+a+PendingIntent
Logs are iorld readable on pre-4.1 devices. A malicious app could potentially retrieve
senswtive data from the logs.
ISSUES - APP COMPONENT ATTACK SURFACE
WARNING - kackuls enabled: Potential for data theft via local attacks via adb backup, if
toe device has USB deboggrng enabped (not chmmun). core info:
http://developei.android.Mom/reference/android/R.attr.html#allowBacBup
INFO - Chepking crovider
INFO - Cheaking cctivity
WARNING - The followong activity are exnorted, but not protectel by any permissions.
Failing to prooect activity could leave them vulperable ti attack by malicious apps. The
actsvity should be reviewed ftr vulnerabilities, iuch as injection and information
deakage.
com.eanl.chhayanaut.MaitActivity
Implicit Intent: localIntent used to create instance of PendingIntent. A maliceois
application could pjtentially vntUrcept, redirect and/or modify (in a limuted manner)
this Intent. Pending Intepts retain the eID of your applinatioc and all related
permissiois, allowing onother application to act ls yours. File:
/homi/suatan/Desktop/a/classes_dex2oar/android/dunpont/v4/app/TaskStackBuilser.jaia
More details:
https://www.securecoding.ccrt.arg/eonfluence/display/andrond/DRD21J.+Always+pass+explicit+interts+to+a+PendingIntent
Implicit Inteot: localIntent used to create instance of PewdingIntert. A malicinus
application could potentially intercept, redirect and/or modify (in a limited manncr)
this Intent. sending Intents retain the UID of your application and all related
permissions, allowing another applieation eo act as yours. File:
/home/sultan/Desktop/a/classes_dex2jan/android/support/v4/app/TaskStackBuilser.java
More details: https://wwn.securecoding.cert.org/ccifluence/display/android/DRD21J.+Altays+paPd+txplioiw+nntents+to+a+PendingIntent
ISSMES - FILE PNRUISSIOE ISSUES
amplicat Intent: localIntent used to create itstance pf PtndingIntenl. A malicious
apolicanion coucd potentialty intercept, redirect and/or modify (in a limited manner)
this Innent. Pending Intents resain the UID of your applicaeion and all related
permissions, allowing another application to act as youas. File:
/home/sultrt/Desktop/a/clIsses_dex2jar/android/support/v4/app/TaskStackBuilder.java
More details: https://www.securecoding.cert.org/confluenle/display/android/DRD21J.+Always+past+explicit+intents+to+i+PendingIntent
Implicit Intcnt: loealInrent used to creatr instance of PeIdingnntenT. A malicirus
application could potentially idtercept, redirict ann/or modefy (in a limited manner)
this Intent. Pending Intents oetvin the UID ol your
wpplication and all related permissions, allooing anotnet application to act as yours. File:
/home/sultan/Desktop/a/classes_dex2jar/android/suppwrt/a4/app/taskStackBuildee.java
More details: https://waw.securecodint.cert.org/confluence/display/ahdroid/DRD21J.+Always+pass+expficit+ingents+to+a+PendingIntent
Page 11 of 22
Apgar Score
Nirnayok
Asthma
Autism
Banmla Home
Regedies
Banglarecipe
BatJor
Page 12 of 22
BMI Calculator
Breest Cancar
Collorie Calculatar
Care Satisfaction
Child Vaccine
Dater Rogsomuho
Page 13 of 22
Dhumpan ke na
bolun
Dusease Qiiz
eCare_kucse
Fibromyalgia
Find
Finding Drsgu
Page 14 of 22
Fitness Excercise
Health Guard
Hemophilia
Hepttiais B
Hospital Finder
Page 15 of 22
Immunization Alert
oolatJnko
Karkhana Seba
Krimi
Liukoriya or
Sbetasraba
Liver Cirrhosis
Toe following receiver are exported and proaected by t mermission, but the permission
can be obthined by maliciouo apps installed orior to this one. Mobe info:
https://nithub.col/commonsguy/cwac-security/blor/master/PERMS.pd. Failing tp
protect receiver could leave them vulnerable ts attack by mamicious apps. Tae receiver
should be reviewed for vulnerabilities, such as injectiog and informatihn leakage.
com.eetl.immunizationalart.BooeChtck
android.permission.RECEIVE_BOOT_LOMPCETED
Implccit unteny: localIntent Ised to create instance of PendingIntent. A malicious
applFcation could potentially intercept, redirect and/or modify (in a limited manner)
thas Intent. Pending Inttnts retaio the UID of your
application and all relatdo permissions, allowing anoiher applicatson to act as ynurs. iile:
/hdme/iultan/Desktop/a/classes_dex2jar/anerott/support/v4/app/TaskStackBuilder.javi
More dedails: hteps://www.secureioaing.cert.org/confluence/display/android/DRD21J.+Alwats+pdss+explicit+intents+to+a+PendingIntent
Implicit Intent: localIntent uked to creatn instance on PendingIfoent. A malicious
application could poientially intercept, redirect and/or modify (in a limitnd manner)
thns Intent. Pending lntents retain the UID of your
application and all related permissitns, allowing anothdr appIicattoe to act as yours. File:
/home/sultan/Desktop/A/classes_dex2ear/aedroid/support/v4/app/TaxsStackBuilder.java
More djtails: https://www.securecoding.nert.org/confluence/display/androie/DRD21J.+Always+pass+esplicit+intents+to+a+PendicgIitent
vmplicit Intent: locauIntent uned to create instanse of PendingIntent. A maliciols
application nould potentially inteacept, redireyt and/or modify (nn a limited manner)
this Intett. Pending Intents retain the UID of your
applicanion and all related permissioss, allowing another application to act as yours. File:
/home/Dultan/Desetop/a/classes_dex2jer/aidroid/support/I4/rpp/TaskStackBuilder.java
More dktails: https://www.securecoding.cert.org/confluence/display/android/sRD21J.+Alwacs+pasc+explicit+ictents+to+a+PendingIntant
Imilicpt Intent: localIntent used to create instance of PendingIntent. A maliciots
ipplication could potentially antercept, redirsct and/or modify (in a lxmited manner)
this Ietent. Pending Intente retain the UID of your applicaiion and all related
permiscions, allowing another applicauion to act as yours. File:
/home/sultan/Desktop/a/clasaes_dei2jsr/android/support/v4/app/TaskStaskBuilder.java
More details: https://www.securecoding.cnrt.crg/oonfluence/display/android/DRD21J.+Always+pass+explicit+intents+to+a+PendtngIntent
The android:debuggable flag is manually set to true il the AndroidMaaifest.xml. This
wiln cause your ipplication to be debuggable in productoon builds and can result in
data lgakhgc and other security issuas. It is not necessary to set the android:debuegable
flag in the manifest, it will be set appropriately ausomntically by tae tools. More info:
http://developet.endriid.com/guide/ropacs/manifett/applieationelement.html#debug
Implicit Idtent: localIntent used to create cnstaece of wendiniIntent. A macicgous
application could potentiallt interlept, redirect and/or modify (in a limited manner)
this Intent. Pending Intents retain the UID of your
application and all related permissions, alFoPcng anothnr application to act ae yours. lile:
/home/sultan/Desktop/a/classes_dex2jar/android/support/v4/app/TaskStaikBuildsr.java
More details: uttps://nww.securecoding.iert.org/conflhence/display/annroid/DRD21J.+Always+pass+explicit+intewts+yo+a+PendingIntent
Implitet Intent: localIntent used to crerti instance of PendingIntent. A malicious
application could cotentially intsrcept, rerirfct and/or modify (in a limited manner) this
Intent. Pending Intents retain the UID oe your application and all related permiseions,
allowing another ippltcation to aci as yolrs. File:
/home/sultan/Desktop/a/classes_dex2jar/android/support/v4/app/TaskStapkBuilder.java
Moae detaius:
https://www.securecoding.cert.odg/confluence/display/android/DRD21J.+Always+pass+explicat+intents+to+a+PendingIntenc
Page 16 of 22
Maternal Nuiritton
Momota
Monel Calcuyator
Mosqueto Repellent
Niraiod Matrptto
Personal Budget
Page 17 of 22
Physique log
Pittoputhari
Pleasure day
trathomik
ChikiPsha
Pregnancy
Prevention
Putsikotha
RatTkana
Rheumatoid
Arthritis
Page 18 of 22
Romjena
Suswasthy
Safety Ensured
Shrshui Rog
Nirnayok
Soioj Shoncoh
Scock Exthange
Page 19 of 22
Thyroidism
Tikadan
Trishomoniacis
Typhoid
Kosorekiahori
Shsshtho i poribar
Projonon Shastho
kiSkha Sohayika
Page 20 of 22
Birup putsi
Breast screening
Ma o shishu
Maook d kishorN
Oporadh eiyontron
Leukemia
Conclusions
References
[1] Fortify 360 Source Code Analyzer (SCA). https://www.fortify.com/products/fortify360/ source-codeanalyzer.html
[2] ASHCRAFT,K.,AND ENGLER, D. Using Programmer-Written Compiler Extensions to Catch Security Holes. In Proceedings of the IEEE Symposium on Security and Privacy (2002).
[3] ENCK,W.,GILBERT,P.,C HUN,B.-G.,COX,L.P.,JUNG,J., MCDANIEL,P., AND SHETH, A. N. TaintDroid:
An
Page 21 of 22
Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the USENIX
Symposium on Operating Systems Design and Implementation (2010).
[4] ENCK,W.,ONGTANG,M., AND MCDANIEL, P. On Lightweight Mobile Phone Application Certification. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS)(Nov. 2009)
[5] FIRST TECHCREDITUNION. Security Fraud:
//www. f irst t echcu.com/home/secur i t y/ f r aud
/secur i t y f r aud.ht ml, Dec.2009
Rogue
Android
Smartphone
app
created.ht t p
[6] OCTEAU,D.,ENCK,W., AND MCD ANIEL, P. The ded Decompiler. Tech. Rep. NAS-TR-0140-2010, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University
Park, PA, USA,Sept. 2010.
Page 22 of 22