posted on 2013-10-24, 00:00authored byDaniele Gallingani
In this thesis I present the design and the implementation of a tool to analyze the paths that information exchanged by different process on the phone takes, in order to automatically detect vulnerabilities that may come out from bad programming practices or simple distractions while implementing Android applications.
The goal of this work is to produce a tool, targeted to every developer who wishes to test his application. It aims to be intuitive and simple to use.
The tool implements a static code analyzer able to take in input Android application packages and produce as output precise security reports on the analyzed application. The analysis performed focuses its attention to the facilities provided by Android to easily en- able applications subprocesses to communicate.
This work was originally ideated after some manual exploration in real Android ap- plications, downloaded from the store. This exploration confirmed that in several cases even the most simple isolation principles were violated, even by popular and broadly used applications.