MASTER Assignment
HALY : AUTOMATED EVALUATION OF HARDENING TECHNIQUES IN ANDROID AND IOS APPS
Type : Master M-CS
Period: Jan, 2023 - July, 2023
Student : Beijnum, A.C.W. van (Wilco, Student M-CS)
Date Final project: July 5, 2023
Supervisors:
Abstract:
Although mobile operating systems employ a variety of features to sandbox and isolate apps, these are not always sufficient. Because of this, app developers are recommended to implement their own security checks. In this work, we investigate the prevalence of hardening techniques in mobile apps. We design and develop Haly, an open-source framework that can detect the implementation of eight hardening techniques in apps by combining automated static and dynamic analysis. We use Haly to analyze 1,836 popular Android and iOS apps and present the general prevalence of these hardening techniques, as well as prevalence in relation to several factors, such as app store category and access to privacy-sensitive permissions. Our research is the first work that combines research into the prevalence of multiple hardening techniques with analysis of multiple mobile platforms, namely Android and iOS. We conclude that hardening techniques are more prevalent on Android than on iOS, and that apps with more privacy-sensitive permissions implement more hardening techniques. Furthermore, we find that many apps implement hardening techniques on only one of the two OSes and that third-party libraries contribute significantly to the prevalence of hardening techniques.