New Appicaptor Release

We have released a new version of Appicaptor that we were working on over the last months. Based on our research it comes with multiple improvements, such as a new analysis engine for Android apps as well as many iOS and Android test case refinements and extensions.
For example:

  • Processing of privacy policies (GDPR) extended (iOS and Android)
  • Search for insecure SSL/TLS usage improved (Android)
  • Analysis depth increased for Objective-C binary code (iOS)
  • Analysis of static constants for cryptographic functions extended (Android)
  • Detection of privacy relevant resource accesses reworked (iOS and Android)
  • Library detection enhanced: tracking-, advertisement- and development libraries (Android)
  • Detection of privacy critical tacking services extended by more than 100 additional providers (iOS and Android)
  • Web front-end usability improved for simple result access (iOS and Android)

Appicaptor will utilize its new analysis engine from now. Detailed internal tests showed that the new engine is reliable and provides dependable test results.

Presentation at it-sa 2018

Appicaptor was part of the largest IT security fair named it-sa “Home of IT-Security” in Nuremberg, Germany. Besides presenting the benefits of Appicaptor at our Fraunhofer booth, the Head of our Department, Dr. Jens Heider, presented the key aspects of automated app analysis for enterprise protection to the target audience.

Firstly, the talk focused on vulnerabilities that are based on overseeable but critical implementation errors that open the attack surface for substantial risks for smartphone managed data.

In the second part he presented strategies how enterprises can deal with the App dilemma: how to enable employee’s app usage without putting the company’s security at incalculable risk.

Here you can find his talk (in German).

Enhanced App-Rating Overview

Screenshot of the new Appicaptor app detail view for an example app
Screenshot of the new Appicaptor app detail view for an example app

Today we have changed the detail view of Appicaptor app analysis results to provide an improved overview. The new overview section summarizes the related meta-data, violations of security requirements and general risks for enterprise usage. The blacklisted or compliant symbols now provide the rating at a glance and the compact summary is more clearly separated from the more detailed analysis data.

The well-tried list of detailed information on the app’s security quality is presented below the overview section, following the similar design of the new PDF-Report that was already introduced earlier.

This design change is a next step of the migration to our new Appicaptor version that will provide new analysis engines for iOS and Android. These allow for an even deeper detection of bad app security quality.

The new version will be shown at it-sa fair 9 – 11 October 2018 in Nuremberg, Germany.