Security Testing of Android Applications Using Drozer

Security Testing of Android Applications Using Drozer

연구 분야: Strategies

학회: International Conference on Computational Sciences and Sustainable Technologies

Android applications are extensively utilized however, many of them include security flaws and malware that serve as entry points for hackers. Drozer is used in the current study to evaluate the security of four vulnerable Android applications namely AndroGoat, Diva, Insecure Bank v2 & BeetleBug. The information security knowledge of undergraduate students in Oman was evaluated, in the current study, using an online questionnaire. Where, A virtual emulation environment was employed to run a penetration test and examine the attack surfaces of four vulnerable Android applications. Participants in the study showed high level of security awareness when it comes to managing the applications and their permissions as well as posting personal information. The studied packages included a range of exporting components (Activities, content providers, services and broadcast receivers) that are not particularly covered by constraints, making them susceptible to hacking and data exploitation and potentially posing a security risk. Reducing attack surfaces in apps requires taking measures like defining permissions, executing authentication procedures during intents transition, securing databases, and cleaning data after usage. Using four unsecure Android applications, this study categorized Android vulnerabilities based on the OWASP mobile 2016 risks. This research is recognized as an adjunct model that security experts, researchers, and students may use to identify vulnerabilities and assure application security.