Change search
ReferencesLink to record
Permanent link

Direct link
Application Whitelisting: Smartphones in High Security Environments
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
2013 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Today, smartphones are in widespread use by consumers, commercial companies and government authorities. Unfortunately, there are many examples of applications carrying out malicious activities, such as stealing information or subscribing to premium-rate services. In this thesis work, a novel application whitelisting process (AWP) is proposed. It defines processes for application security audits and whitelisting i.e. methods on how to classify, evaluate and test a given application to make sure that it with a level of assurance does not have malicious intentions. In a risk analysis of users in high security environments, the results showed that confidentiality and availability is the top most important security aspects to protect in this environment. The applications in the whitelisting process should therefore be tested for known malware and adware as well as permissions that can be used to send private information to remote servers. Additionally, testing should also be carried out for information leakage through intents and content resolvers. Because whitelisting is locking down the freedom and usability that comes with a smartphone, three different leveled whitelists are proposed to satisfy users and organizations with different security needs. A prototype was developed to prove the overall usability of the design. The result of scanning 200 applications from Google Play showed that 12% of all applications can be placed in the highest leveled whitelist. The results also suggest that 17.5 % of all applications on Google Play are malware or potentially unwanted applications. The results points to that using this novel whitelisting process, about 30% of all applications can be automated into whitelists and will not need manual analysis.

Place, publisher, year, edition, pages
2013. , 62 p.
Keyword [en]
Application whitelisting process, Android, malware, obfuscation
National Category
Computer Science
URN: urn:nbn:se:liu:diva-96005ISRN: LIU-IDA/LITH-EX-A--13/018—SEOAI: diva2:640193
External cooperation
Sectra Communications AB
Subject / course
Information Technology
Available from: 2013-08-16 Created: 2013-08-12 Last updated: 2013-08-19Bibliographically approved

Open Access in DiVA

Application Whitelisting(1785 kB)624 downloads
File information
File name FULLTEXT01.pdfFile size 1785 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
Database and information techniquesThe Institute of Technology
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 624 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 483 hits
ReferencesLink to record
Permanent link

Direct link