Analysis of Cryptographic Weaknesses
Due to the critical findings in numerous manual app analyzes, we have included additional test cases for cryptographic weaknesses in Appicaptor. Appicaptor now detects the usage of static values that should not be integrated into an app. This includes static cryptographic keys as well as cryptographic random generators with fixed seed values, which makes it very easy for attackers to break the encryption. In addition, static initialization vectors are detected in block ciphering, as this allows the attacker to draw conclusions about segments of encrypted messages.
The classification of apps with their described main function enables the security-relevant evaluation of the detected app properties. In the current Appicaptor version, we have further optimized the classification using the app description text. In addition, two new app types were added to the classification of apps. The new app type ImageCreator combines apps to create and edit images in a function model, and the type AudioProcessing allows you to specifically evaluate apps that process audio data.
In addition, the Appicaptor Web Interface now allows you to set an app type when uploading app binaries. Thus also for these apps the possibility of a specific evaluation of the app properties by the set app type exists. Existing, already uploaded app binaries are still evaluated with the type Generic and can be re-uploaded with the desired specific app type.