More secure App-Store for Android

November 07, 2013

Apps often read the data from mobile user devices unnoticed by users. This represents a large security risk, especially for companies. A new App-Store filters out problematic Android applications automatically with the help of detection software.

Apps. Everyone has them and everyone uses them. These small computer programs installed on our smartphones and tablet computers make work and play easier. With just the tip of a finger on the square icons, we know where and when the next rain clouds are expected, we can book train tickets while travelling, start gaming while mobile, or listen to our favorite music. For most of us, these little mobile helpers have become indispensible. A total of almost two million of them are already available today on the platforms of the two largest providers, Apple and Google. And the trend is rising.

Privacy risks and commercial harms

However, the miniprograms are not always benevolent. "The business model for free Apps often goes like this: you need pay nothing for my services, but in exchange I'm grabbing your data," reflects Dr. Julian Schütte of the Fraunhofer-Research Centre for Applied and Integrated Security AISEC in Garching near Munich. The Apps pick up the data usually without the knowledge of the user. The theft runs from address data, to emails and locat- ions, right through to identification numbers of the user devices. The App developers pass the data to third parties for geographical and personal advertising. "A fact that perhaps is viewed less critically or even as being useful, if the Apps are used privately. For compa- nies, by contrast, they conceal big risks. If email with commercially sensitive content, geographical information on employees, or confidential contact information is passed without knowledge, it is not just problematic for technical reasons of data privacy protection. It can also do commercial harm," warns Schütte.

To protect against this danger, corporate IT departments are increasing their monitoring of Apps used by employees. "With an established mobile operating system like 'iOS', Mobile Device Managers - IT Department employees who administrate the pool of corporate cellphones - already have quite good control over the software stored upon the devices. However, for latecomer and now market-leader 'Android', there is currently no tool with which corporate IT can prevent downloading of ,wild' Apps, to our knowledge," as Schütte describes the challenge for corporations.

Scientists at AISEC have now closed this loophole. Their new App-Store filters out problematic Android Apps automatically and offers employees only mobile applications that conform to a corporation's own guidelines on IT security. "Administrators and Mobile Device Managers are able to determine themselves which Apps are permitted to be installed and which ones are not," as describes Schütte the added value.

Additional significant advantages of the AISEC solution: the analysis of the Apps is flexible and can be adapted to a wide range of company directives. In addition, the IT Department can also stipulate that Apps are only permitted to communicate through encryption. "That is no small feature during these times of NSA spying scandals," according to Schütte. And finally, the software does not just work for Apps offered today. "With the aid of our App-Store, companies are able to build markets with their own Apps that are clean from a security point of view," Schütte adds.

The security filter for Android Apps consists of an App installed on the user device that is directly connected to the IT architecture of the corporation through the analysis system called "App Ray" running in the backend. Searching for and downloading Apps takes place exclusively through this App. "Employees are automatically presented only with safe applications," explains Schütte. That is guaranteed by the centerpiece of the store - the Backend Analysis Tool. It puts Apps through their paces automatically and then authorizes them for release or not. "With the help of App-Ray, we know where data flow to and from within an App, can investigate the files and source text they contain, chase down the technical details of all the data flows, run the App within a test environment and observe its behavior there. This creates a total security picture of every single mobile application available," as Schütte describes the MO. The AISEC solution works as a framework that integrates existing security features. Such as an analysis tool that investigates the Apps using forty different virus scanners simultaneously.
-end-
The researchers have already programmed a prototype of the secure App-Store. A demo video of App-Ray can be viewed at the following web address: http://www.app-ray.de/

Fraunhofer-Gesellschaft

Related Data Articles from Brightsurf:

Keep the data coming
A continuous data supply ensures data-intensive simulations can run at maximum speed.

Astronomers are bulging with data
For the first time, over 250 million stars in our galaxy's bulge have been surveyed in near-ultraviolet, optical, and near-infrared light, opening the door for astronomers to reexamine key questions about the Milky Way's formation and history.

Novel method for measuring spatial dependencies turns less data into more data
Researcher makes 'little data' act big through, the application of mathematical techniques normally used for time-series, to spatial processes.

Ups and downs in COVID-19 data may be caused by data reporting practices
As data accumulates on COVID-19 cases and deaths, researchers have observed patterns of peaks and valleys that repeat on a near-weekly basis.

Data centers use less energy than you think
Using the most detailed model to date of global data center energy use, researchers found that massive efficiency gains by data centers have kept energy use roughly flat over the past decade.

Storing data in music
Researchers at ETH Zurich have developed a technique for embedding data in music and transmitting it to a smartphone.

Life data economics: calling for new models to assess the value of human data
After the collapse of the blockchain bubble a number of research organisations are developing platforms to enable individual ownership of life data and establish the data valuation and pricing models.

Geoscience data group urges all scientific disciplines to make data open and accessible
Institutions, science funders, data repositories, publishers, researchers and scientific societies from all scientific disciplines must work together to ensure all scientific data are easy to find, access and use, according to a new commentary in Nature by members of the Enabling FAIR Data Steering Committee.

Democratizing data science
MIT researchers are hoping to advance the democratization of data science with a new tool for nonstatisticians that automatically generates models for analyzing raw data.

Getting the most out of atmospheric data analysis
An international team including researchers from Kanazawa University used a new approach to analyze an atmospheric data set spanning 18 years for the investigation of new-particle formation.

Read More: Data News and Data Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.