Макарян А.С., Карманов М.А. Аспекты анализа защищенности и уязвимостей мобильных приложений

ASPECTS OF ANALYZING THE SECURITY AND VULNERABILITIES OF MOBILE APPLICATIONS

Aleksandr Samvelovich Makaryan

Candidate of Sciences (Engineering),

Senior Lecturer, Department of Computer Technologies and Information Security,

Kuban State Technological University

This email address is being protected from spambots. You need JavaScript enabled to view it.

Moskovskaya St., 2, 350072 Krasnodar, Russian Federation

Mikhail Aleksandrovich Karmanov

Student,

Kuban State Technological University

This email address is being protected from spambots. You need JavaScript enabled to view it.

Moskovskaya St., 2, 350072 Krasnodar, Russian Federation

Abstract. The given article deals with the variants of mobile applications’ local data protection on devices with operation systems Android and iOS. The following programs have been investigated: messengers WhatsApp, Viber, Telegram, WeChat, Signal. The conducted analysis let define and classify the programs for protection mechanisms, the types of stored data, the required tools and technologies, as well as the techniques for improving the protection of the stored local data. As it turned out in the course of this research work, locally stored software data on the device is not given enough attention in terms of protection, as in some cases, this protection is based solely on the mechanisms of the operating system of the device. For more reliable protection of locally stored data of the application it is necessary to implement the following approaches in the application: encryption of both the database in full and some critical data in it separately by an additional layer of encryption; encryption of files that appear during the program execution (media files, for example); coding and representation of data in a program using proprietary algorithms; the use of confusing names of critical files and data (the key file should not be called “key”, as in the case of WhatsApp), and data traps; the encoding of the configuration files containing sensitive information to ensure the security of the data; making the functionality of the kernel cryptographic transformations in a separate plug-in library in order to make the study of the decompiled source code on the subject of these reforms meaningless.

Key words: security of applications, mobile devices, data protection, analysis, vulnerabilities.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Attachments:
Download this file (5_Makaryan, Karmanov.pdf) 5_Makaryan, Karmanov.pdf
URL: https://ti.jvolsu.com/index.php/en/component/attachments/download/568
521 DownloadsUpdate this file (5_Makaryan, Karmanov.pdf)