Honey, I Shrunk Your App Security: The State of Android App Hardening

Haupert V, Maier D, Schneider N, Kirsch J, Müller T (2018)

Publication Language: English

Publication Type: Conference contribution, Conference Contribution

Publication year: 2018

Publisher: Springer International Publishing

Edited Volumes: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Series: Lecture Notes in Computer Science

City/Town: Cham, Switzerland

Book Volume: LNCS

Pages Range: 69-91

Conference Proceedings Title: Detection of Intrusions and Malware, and Vulnerability Assessment

Event location: Paris FR

Journal Issue: 10885

ISBN: 9783319934105

URI: https://www.cs1.tf.fau.de/nomorp

DOI: 10.1007/978-3-319-93411-2_4

Open Access Link: https://faui1-files.cs.fau.de/filepool/projects/nomorp/nomorp-paper-dimva2018.pdf

Abstract

The continued popularity of smartphones has led companies from all business sectors to use them for security-sensitive tasks like two-factor authentication. Android, however, suffers from a fragmented landscape of devices and versions, which leaves many devices unpatched by their manufacturers. This security gap has created a vital market of commercial solutions for Runtime Application Self-Protection (RASP) to harden apps and ensure their integrity even on compromised devices. In this paper, we assess the RASP market for Android by providing an overview of the available products and their features. Furthermore, we describe an in-depth case study for a leading RASP product—namely Promon Shield—which is being used by approximately 100 companies to protect over 100 million end users worldwide. We demonstrate two attacks against Promon Shield: The first removes the entire protection scheme statically from an app, while the second disables all security measures dynamically at runtime.

Authors with CRIS profile

Vincent Haupert Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Tilo Müller Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)

Involved external institutions

Technische Universität München (TUM) DE Germany (DE) Technische Universität Berlin DE Germany (DE)

How to cite

APA:

Haupert, V., Maier, D., Schneider, N., Kirsch, J., & Müller, T. (2018). Honey, I Shrunk Your App Security: The State of Android App Hardening. In Giuffrida Cristiano, Bardin Sébastien, Blanc Gregory (Eds.), Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 69-91). Paris, FR: Cham, Switzerland: Springer International Publishing.

MLA:

Haupert, Vincent, et al. "Honey, I Shrunk Your App Security: The State of Android App Hardening." Proceedings of the DIMVA 2018, Paris Ed. Giuffrida Cristiano, Bardin Sébastien, Blanc Gregory, Cham, Switzerland: Springer International Publishing, 2018. 69-91.

BibTeX: Download