App security testing tool

Jul 22, 2013

"Please contact the administrator." This error message usually flashes up on the monitor when employees want to install new software on their office computer. The reason is simple. Companies want to protect themselves and their computers against viruses and other malware, and make sure that confidential business information does not go astray. What is standard practice with fixed desktop computers is rather more difficult to implement with mobile smartphones.

It is almost impossible to stop employees installing a range of apps on their smartphones, particularly when the handsets belong to them, but operate on the business network. But just how trustworthy are those apps? Are they carrying malware that can steal documents and passwords, or damage machines and servers? What about security? Is important information being transferred without encryption? How are business documents saved? Can unintended viewers get hold of them if somebody happens to lose their smartphone?

Individual test reports

In the future the Appicaptor test framework, developed by researchers at the Fraunhofer Institute for Secure Information Technology SIT in Darmstadt, will provide answers to these questions. The system provides companies with individual reports for every app and operating system. "Our Appicaptor framework consists of different analytic methods and tools," says Dr. Jens Heider, Head of Department at the SIT's Testlab Mobile Security. "It can analyze apps working on both Android and iOS-based smartphones, so it's able to work regardless of platform. It can also be built on to suit special requirements." Appicaptor screens for and automatically, and displays a warning if it finds anything. But a clean bill of health after one scan does not mean everything is fine for the long haul, so the software scans at regular intervals, as apps are modified and reconfigured frequently. Using Appicaptor, companies can put together an app-whitelist - a list of apps that employees are free to install on their smartphones. Or they can draw up a blacklist of apps that are dangerous and that employees must avoid at all costs.

"Appicaptor is not a piece of test software, but a flexible testing platform that brings together different testing tools," Heider says. The scientists put a lot of development work into making results intelligible. At first, only IT specialists were able to interpret Appicaptor's output. Now the software generates warnings that lay users can act on, such as "Security risk: This app is saving data without encryption." Another hurdle the researchers had to overcome was the impenetrability of iOS. Apple is very secretive about the structure of the system. This meant that the scientists had to delve deep to find out how it worked and decide which threats to the platform to screen for.

The framework is already in operation, but it is in constant development and being adapted to work with new operating systems. Researchers are currently testing and optimizing it with industry partners. This testing phase will continue until fall of this year. One result so far is that businesses often want a bespoke test case. Another requirement is that the system must be compatible with companies' own app stores and mobile device management systems. As a result, the SIT is only offering Appicaptor as a business services product. In spite of this, private users will probably benefit from the results gleaned. "We anticipate that apps will become better as a result of increasing checks, and security gaps will be less and less of a problem."

Explore further: Feature stops apps from stealing phone users' passwords

add to favorites email to friend print save as pdf

Related Stories

Two cellphones in one

Oct 07, 2011

More and more companies are providing their employees with smartphones. While companies seek the best security available for their data, employees would also like to install apps of their own. Security experts have now developed ...

Android mug shots have no lock and key

Mar 04, 2012

( -- If Google loyalists will persist that this Internet Goliath can do no evil, they at least need to admit, based on new evidence this week, that Google can do a lot of mindless harm. A security ...

Recommended for you

Android gains in US, basic phones almost extinct

Apr 18, 2014

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

Hackathon team's GoogolPlex gives Siri extra powers

Apr 17, 2014

( —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Microsoft CEO is driving data-culture mindset

Apr 16, 2014

( —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

User comments : 0

More news stories

Ex-Apple chief plans mobile phone for India

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

Airbnb rental site raises $450 mn

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Health care site flagged in Heartbleed review

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...

A homemade solar lamp for developing countries

( —The solar lamp developed by the start-up LEDsafari is a more effective, safer, and less expensive form of illumination than the traditional oil lamp currently used by more than one billion people ...

NASA's space station Robonaut finally getting legs

Robonaut, the first out-of-this-world humanoid, is finally getting its space legs. For three years, Robonaut has had to manage from the waist up. This new pair of legs means the experimental robot—now stuck ...

Filipino tests negative for Middle East virus

A Filipino nurse who tested positive for the Middle East virus has been found free of infection in a subsequent examination after he returned home, Philippine health officials said Saturday.

Egypt archaeologists find ancient writer's tomb

Egypt's minister of antiquities says a team of Spanish archaeologists has discovered two tombs in the southern part of the country, one of them belonging to a writer and containing a trove of artifacts including reed pens ...