A Plugin for Kotlin based Android Apps to Detect Security Breaches through Dataflow.

Md Arabin Islam Talukder, Sumaiya Farzana Mishu,Hossain Shahriar,ABM Kamrul Islam Riad,Fan Wu,Akond Rahman


引用 0|浏览28
Android developers have already adopted Kotlin as their preferred language. Kotlin is more well-accepted than Java because of its simplicity, readability, and new features like scope functions, extension functions, null safety, etc. Google has introduced several new libraries such as RoomDb, Jetpack-Compose, as well as dependency injection frameworks like Dagger-Hilt to enhance Android Development. The question is how secure these libraries are? Are there tools available to analyze new Libraries? DroidPatrol [1] is our existing static analysis plugin that works on Android Apps written in Java. To support Kotlin code analysis we were continuously working on upgrading our plugin. Finally, we released DroidPatrol 2.0 [2] which is compatible to perform static analysis of Android apps developed in Kotlin. It also works on Java-based Android app developed in Java. In this latest edition, we restructured the architecture of the plugin to optimize its efficiency. We also found a vulnerability in RoomDb. The latest version is developed in Kotlin, and we used IntelliJ Idea. Lastly, version 2.0 is independent of Android Studio editions meaning that any version of Android Studio is compatible.
Android,Software Security,SQL-Injection,RoomDb,Dependency Injection,Static Analysis,Kotlin,Plugin,Data Flow Analysis,Call graph,Mobile Security
AI 理解论文