Vlad Bordianu Bitdefender
Razvan Benchea Bitdefender
Dragos Gavrilut Bitdefender
The growing number of applications in the Android and Apple markets has led to programmers incorporating more features into their applications in order to make them more competitive. However, as described in this paper, this may come with a high risk. By analysing over 120,000 applications from the Google market and over 160,000 from the Apple market, we discovered a lot of security issues that can be found on an everyday app. Many popular applications from these markets hide a lot of security breaches, from sending data over an unsecured connection (such as user accounts or passwords) to GPS tracking or uploading highly sensitive data like contact lists or phone numbers. This behaviour may be intended or may result from the use of a third-party advertising framework employed by the author in order to increase the revenue of the application. This paper draws attention to the security flaws of applications in both the Android and Apple markets by providing statistics and well documented examples, as well as the methods used to extract this information.
VB2013 takes place 2-4 October 2013 in Berlin, Germany.
The full programme for VB2013, including abstracts for each paper, can be viewed here.