Tag: News

Posted on

Unwanted Functionality Apps in Google Play Store

Once again, a list of apps in Google Play Store with unwanted functionality was published. This list holds apps forcibly displaying ads on the user’s lock screen, triggering video and audio advertisements even while the phone was asleep, and displaying out-of-app ads that interfere with a user’s interaction with other applications on their device. This unwanted functionality did not immediately appear after app installation, but became visible at least 24 hours after the application was launched. Some apps wait patiently 2 weeks after installation to impede the occurring disturbances to be brought into connection with the liable app.

We have checked the published list and found 7 unique apps on it that have been analyzed in the last months by Appicaptor. All of them were blacklisted by Appicaptor’s standard policy intended for medium security requirements. The rating is based on generic rules regarding a correlation between the app model, extracted by machine learning from the app’s description text, and static analyzed properties of app content.

Although the unwanted functionality has not being directly identified by Appicaptor, we are pleased to see that Appicaptor’s standard policy had identified these apps as not compliant with business requirements. This shows the informative value of the standard Appicaptor policy set that is continuously revised and updated over the last years.

Posted on

New Appicaptor Release

We have released a new version of Appicaptor that we were working on over the last months. Based on our research it comes with multiple improvements, such as a new analysis engine for Android apps as well as many iOS and Android test case refinements and extensions.
For example:

  • Processing of privacy policies (GDPR) extended (iOS and Android)
  • Search for insecure SSL/TLS usage improved (Android)
  • Analysis depth increased for Objective-C binary code (iOS)
  • Analysis of static constants for cryptographic functions extended (Android)
  • Detection of privacy relevant resource accesses reworked (iOS and Android)
  • Library detection enhanced: tracking-, advertisement- and development libraries (Android)
  • Detection of privacy critical tacking services extended by more than 100 additional providers (iOS and Android)
  • Web front-end usability improved for simple result access (iOS and Android)

Appicaptor will utilize its new analysis engine from now. Detailed internal tests showed that the new engine is reliable and provides dependable test results.

Posted on

Presentation at it-sa 2018

Appicaptor was part of the largest IT security fair named it-sa “Home of IT-Security” in Nuremberg, Germany. Besides presenting the benefits of Appicaptor at our Fraunhofer booth, the Head of our Department, Dr. Jens Heider, presented the key aspects of automated app analysis for enterprise protection to the target audience.

Firstly, the talk focused on vulnerabilities that are based on overseeable but critical implementation errors that open the attack surface for substantial risks for smartphone managed data.

In the second part he presented strategies how enterprises can deal with the App dilemma: how to enable employee’s app usage without putting the company’s security at incalculable risk.

Here you can find his talk (in German).

Posted on

Enhanced App-Rating Overview

Screenshot of the new Appicaptor app detail view for an example app
Screenshot of the new Appicaptor app detail view for an example app

Today we have changed the detail view of Appicaptor app analysis results to provide an improved overview. The new overview section summarizes the related meta-data, violations of security requirements and general risks for enterprise usage. The blacklisted or compliant symbols now provide the rating at a glance and the compact summary is more clearly separated from the more detailed analysis data.

The well-tried list of detailed information on the app’s security quality is presented below the overview section, following the similar design of the new PDF-Report that was already introduced earlier.

This design change is a next step of the migration to our new Appicaptor version that will provide new analysis engines for iOS and Android. These allow for an even deeper detection of bad app security quality.

The new version will be shown at it-sa fair 9 – 11 October 2018 in Nuremberg, Germany.