Beijing Key Lab of Intelligent Telecommunication Software and Multimedia, Beijing University of Posts and Telecommunications, Beijing, 100876, China.
Department of Computer Science, Framingham State University, 100 State St, Framingham, Massachusetts, MA 01702, USA.
Abstract:
Android applications are associated with a large amount of sensitive data, therefore application developers use encryption algorithms to provide user data encryption, authentication and data integrity protection. However, application developers do not have the knowledge of cryptography, thus the cryptographic algorithm may not be used correctly. As a result, security vulnerabilities are generated. Based on the previous studies, this paper summarizes the characteristics of password misuse vulnerability of Android application software, establishes an evaluation model to rate the security level of the risk of password misuse vulnerability and develops a repair strategy for password misuse vulnerability. And on this basis, this paper designs and implements a secure container for Android application software password misuse vulnerability: CM-Droid.
