Program analysis for mobile application integrity and privacy enforcement

Abstract

Program analysis has become an essential tool to verify the correctness of programs before these are deployed to end users' computers and devices. Detecting security problems in today's mobile applications by just relying on manual code inspection is unrealistic. Testing is also limited because there is often no guarantee that all the possible paths of execution of an application are tested under all the possible inputs, and so false negatives may arise. Static analysis is a very promising solution but suffers from the dual problem of false positives. A combination of static and dynamic analysis mitigates the disadvantages that arise when static and dynamic analysis are executed individually and is, therefore, the recommended solution to detect and correct applicationlevel cyber security attacks in mobile applications. This tutorial presents both static and dynamic analysis approaches to enforce privacy of mobile applications, and includes a hands-on lab that teaches the audience how to use create a static-analysis solution that verifies the integrity and confidentiality of the data managed by the program itself.