Suman Jana: 2014 Security Workshop

 

Monday, April 14, 2014
Location: Fisher Conference Center, Arrillaga Alumni Center

"A Website in Your Pocket: Large Scale Security Analysis of Mobile Web Apps"
4:00pm

Abstract:

Sophisticated computing on mobile devices is rapidly be- coming the norm. In this paper, we identify security concerns and vulnerabilities specific to mobile apps that access the web using an embedded browser (mobile web apps), as distinct from app security and web security. We analyze a large dataset of 737,828 Android apps, representing a snapshot of all of the free apps available on the Google Play store as of October 2013. We find that a large number of apps contain severe vulnerabilities. In particular, because of a security oversight in older ver- sions of Android and slow adoption of safe versions, 37,418 apps are vulnerable to a remote code execution exploit when run on any Android device and 45,689 apps are vulnerable to a remote code execution exploit when run on 73% of the in-use Android devices. Finally, we offer recommendations for developers who wish to avoid these vulnerabilities.


Bio:

Patrick Mutchler is a 3rd year Ph.D. candidate at Stanford University. His research focuses on applying program analysis to web and mobile security. He is advised by John Mitchell.