Most of the current research on static analysis of Android applications for Security vetting either works on Java source code or the Dalvik bytecode. Nevertheless, Android allows developers to use C or C++ code in their programs compiled into various binary architectures. Moreover, Java and the native code components (C or C++) can collaborate using the Java Native Interface. Recent research shows that native codes are frequently used in both benign and malicious Android applications. Most of the present Android static analysis tools avert considering native codes in their analysis and applied trivial models for their data-flow analysis. As we know, only the open-source JN-SAF tool has tried to solve this issue statically. However, there are still challenges like libC functions and multi-threading in native codes that we want to address in this work. We presented SANT as an extension of JN-SAF for supporting Static Analysis of Native Threads. We considered modeling libC functions in our data-flow analysis to have a more precise analysis when dealing with Security vetting of native codes. We also used control flow and data dependence graphs in SANT to handle multiple concurrent threads and find implicit data-flow between them. Our experiments show that the conducted improvements outperform JN-SAF in real-world benchmark applications.

In this paper, we consider to seek vulnerabilities and we conduct possible attacks on the crucial and essential parts of Android OSs architecture including the framework and the Android kernel layers. As a regard, we explain the Binder component of Android OS from Security point of view. Then, we demonstrate how to penetrate into the Binder and control data exchange mechanism in Android OS by proposing a kernel level attack model based on the hooking method. In addition, we provide a method to detect these kinds of attacks on Android frameworks and the kernel layer. As a result, by implementing the attack model, it is illustrated that the Android processes are detectable and the data can be extracted from any process and system calls. On the other hand, by using our detection proposed method the possibility of using this attack approach in the installed applications on the Android smartphones will be sharply decreased.

In software programs, most of the time, there is a chance for occurrence of faults in general, and exception faults in particular. Localizing those pieces of code that are responsible for a particular fault is one of the most complicated tasks, and it can produce incorrect results if done manually. Semi-automated and fully-automated techniques have been introduced to overcome this issue. However, despite recent advances in fault localization techniques, they are not necessarily applicable to Android applications because of their special characteristics such as context-awareness, use of sensors, being executable on various mobile devices, limited hardware resources, etc. To this aim, in this paper, a semi-automated hybrid method is introduced that combines static and dynamic analyses to localize exception faults in Android applications. Our evaluations of nine open source Android applications of di erent sizes with various exceptions show that the technique proposed in this paper can correctly identify root causes of the occurred exceptions. These results indicate that our proposed approach is e ective in practice in localizing exception faults in Android applications.

Android is a widely used operating system that employs a permission-based access control model. The Android Permissions System (APS) is responsible for mediating application resource requests. APS is a critical component of the Android Security mechanism,hence, a failure in the design of APS can potentially lead to vulnerabilities that grant unauthorized access to resources by malicious applications. In this paper, we present a formal approach for modeling and verifying the Security properties of APS. We demonstrate the usability of the proposed approach by showcasing the detection of a well-known vulnerability found in Android’, s custom permissions.

Aims: Breast cancer is among the most common cancer types. This study aimed to develop an Android-based detection application for assessing breast cancer risk. Materials & Methods: This quasi-experimental study utilized a research and development approach, employing a pre- and post-test design with one group. The development and field-testing phase took place between July and August 2023, involving 59 women of childbearing age purposively selected within the operational vicinity of Puskesmas Simpang IV Sipin, Jambi City, Indonesia. The application successfully underwent testing, including evaluation by media and material validators. Subsequently, a comprehension test was conducted with three respondents individually, ten individuals in a small group, and 59 participants in a large group. In the field test, data are presented descriptively, including frequencies. The Wilcoxon test was utilized to determine a causal relationship between the product’s usage and the observed impact. Findings: The development of the breast cancer risk assessment application involved several key stages, including the identification stage (comprising problem analysis, context, and literature), the application model design stage, and the material and media validation stage. The media validation process was conducted twice, with the findings yielding a score of 67, averaging 3.35 (meeting valid criteria), while material validation received an average score of 3.0 (also meeting valid criteria). A Wilcoxon test conducted on the knowledge variable revealed a significant increase, with the mean value before the intervention at 8.44 and post-intervention rising to 12.29. Conclusion: Women of childbearing age readily accept Android-based breast cancer risk detection applications, and their usage has a positive impact on increasing their knowledge.