A Case Study: An Android Security

Abstract

Software security has made great progress; code analysis tools perform extensive checks for code defects, it is useful to have a basic understanding of the different warnings and emphasize the bug. However, this is beyond the state of the art for many types of application security flaws. Thus, such tools frequently serve for an analyst to help them zero in on security relevant portions of code so they can find flaws more efficiently, rather than a tool that simply finds flaws automatically. In cooperation with a security expert, we carried out a case study with the mobile phone platform Android, and employed the reverse engineering tool-suite Bauhaus for this security assessment. During the investigation we found some inconsistencies in the implementation of the Android security concepts. Based on the lessons learned from the case study, we propose several research topics in the area of reverse engineering that would support a security analyst during security assessments.