Fraunhofer Institute researchers are developing three new tools to evaluate or enhance the security of mobile apps.
Appicaptor is a service to help businesses identify apps that threaten security or that could breach corporate data-protection policies.
App-Ray, which performs similar functions to Appicaptor, is available as either a hosted service or as a virtual machine IT departments can deploy on their own servers. "We find stuff that is not problematic per se, but may be a problem in a company environment," says Fraunhofer's Dennis Titze.
Meanwhile, CodeScan is still a prototype, and the researchers are adding to its ability to identify flaws in code through a combination of static and dynamic scanning. Fraunhofer's Eric Bodden says CodeScan runs within the Integrated Development Environment, and aims "to do that degree of analysis in a few milliseconds, as you save your code." CodeScan looks for flaws in the riskiest part of the code first, instead of performing a deep analysis of all the code, which saves time. "Most errors are in the misuse of APIs or in the area of data flow," Bodden notes.
He also says another big area of their research is privacy leaks, particularly sensitive data such as passwords.
From IDG News Service
View Full Article
Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA