Honey, I Shrunk Your App Security: The State of Android App Hardening

Conference contribution
(Conference Contribution)


Publication Details

Author(s): Haupert V, Maier D, Schneider N, Kirsch J, Müller T
Editor(s): Giuffrida Cristiano, Bardin Sébastien, Blanc Gregory
Title edited volumes: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Publisher: Springer International Publishing
Publishing place: Cham, Switzerland
Publication year: 2018
Title of series: Lecture Notes in Computer Science
Volume: LNCS
Journal issue: 10885
Conference Proceedings Title: Detection of Intrusions and Malware, and Vulnerability Assessment
Pages range: 69-91
ISBN: 9783319934105
ISSN: 0302-9743
Language: English


Abstract

The continued popularity of smartphones has led companies from all business sectors to use them for security-sensitive tasks like two-factor authentication. Android, however, suffers from a fragmented landscape of devices and versions, which leaves many devices unpatched by their manufacturers. This security gap has created a vital market of commercial solutions for Runtime Application Self-Protection (RASP) to harden apps and ensure their integrity even on compromised devices. In this paper, we assess the RASP market for Android by providing an overview of the available products and their features. Furthermore, we describe an in-depth case study for a leading RASP product—namely Promon Shield—which is being used by approximately 100 companies to protect over 100 million end users worldwide. We demonstrate two attacks against Promon Shield: The first removes the entire protection scheme statically from an app, while the second disables all security measures dynamically at runtime.


FAU Authors / FAU Editors

Haupert, Vincent
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)
Müller, Tilo Dr.-Ing.
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)


External institutions with authors

Technische Universität Berlin
Technische Universität München (TUM)


How to cite

APA:
Haupert, V., Maier, D., Schneider, N., Kirsch, J., & Müller, T. (2018). Honey, I Shrunk Your App Security: The State of Android App Hardening. In Giuffrida Cristiano, Bardin Sébastien, Blanc Gregory (Eds.), Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 69-91). Paris, FR: Cham, Switzerland: Springer International Publishing.

MLA:
Haupert, Vincent, et al. "Honey, I Shrunk Your App Security: The State of Android App Hardening." Proceedings of the DIMVA 2018, Paris Ed. Giuffrida Cristiano, Bardin Sébastien, Blanc Gregory, Cham, Switzerland: Springer International Publishing, 2018. 69-91.

BibTeX: 

Last updated on 2019-09-01 at 05:10