2014 Poster Sessions : A Website in Your Pocket: A Large Scale Security Analysis of Mobile Web Apps

Student Name : Patrick Mutchler
Advisor : John Mitchell
Research Areas: Theory
Abstract:
Sophisticated computing on mobile devices is rapidly becoming the norm. In this work, we identify security concerns and vulnerabilities specific to mobile apps that access the web using an embedded browser (mobile web apps), as distinct from app security and web security. We analyze a large dataset of 737,828 Android apps, representing a snapshot of all of the free apps available on the Google Play store as of October 2013. We find that a large number of apps contain severe vulnerabilities. In particular, because of a security oversight in older versions of Android and slow adoption of safe versions, 37,418 apps are vulnerable to a remote code execution exploit when run on any Android device and 45,689 apps are vulnerable to a remote code execution exploit when run on 73% of the in-use Android devices.

Bio:
Patrick Mutchler is a 3rd year PhD student in the Stanford Security Lab. His work focuses on applying program analysis to web and mobile security.