Context.
Android is now the most used operating system with 86% market shares. Thanks to an active developer community, the application ecosystem gets bigger everyday. For example, Google Play Store holds
3.3 million applications with a rate of more than 50 000 submissions a month. Estimations indicate that more than 75 billions applications were downloaded on the platform in 2016. Consequently, due to its widespread popularity, the Android platform has become a lucrative target for hackers.
Hence Android constitutes one of the first choice platform to propagate malware threats. Infection rate on Android devices is constantly increasing spawned out by a dramatic proliferation of malware. Nowadays there are no satisfactory solutions to stop the proliferation of malware over Android devices. It constitutes a severe threat to any businesses. It may interrupts and disables applications, retrieved and spoofed personal information and identity, access sensitive information, control all applications executing on users’ device, and even overcharge users for functionality that’s widely available. This thesis has two main axes :
Objectives.
It is becoming more and more difficult to design Android applications without secu- rity flaws. The underlying motivation is to evaluating the true robustness of applications to malware threats through the design of benchmarks and key indicators with the use of innovative measurements techniques based on machine learning coupled with Continuous Integration/Continuous Development techniques [1-4]. Automating the robustness evaluation of Android application while they are deve- loped is very challenging [6-8]. We argue to leverage devOps methodologies along with static and dynamic program analysis in cloud in-labs environment to determine security flaws to thereafter sending feedbacks to developpers.
[1] Why are many business instilling a DevOps culture into their organization?, by Diaz, J., López-Fernández, D., Perez, J., and González-Prieto, Á., 2020.
[2] How We Build Code at Netflix. M. McGarr, E. Bukoski, and B. Moyles. 2016.
[3] Software Engineering at Google, by Fergus Henderson, 2019.
[4] Surviving Software Dependencies, by Russ Cox, Communications of the ACM, September
2019.
[5] William Enck : Analysis of Access Control Enforcement in Android. SACMAT 2020 : 117-118 [6] Sigmund Albert Gorski III, Benjamin Andow, Adwait Nadkarni, Sunil Manandhar, William
Enck, Eric Bodden, Alexandre Bartel : ACMiner : Extraction and Analysis of Authorization Checks in Android’s Middleware. CODASPY 2019 : 25-36
[7] Bradley Reaves, Jasmine Bowers, Sigmund Albert Gorski III, Olabode Anise, Rahul Bobhate, Raymond Cho, Hiranava Das, Sharique Hussain, Hamza Karachiwala, Nolen Scaife, Byron Wright, Kevin R. B. Butler, William Enck, Patrick Traynor : *droid : Assessment and Evaluation of Android Application Analysis Tools. ACM Comput. Surv. 49(3) : 55:1-55:30 (2016)
[8] Luke Deshotels, Razvan Deaconescu, Mihai Chiroiu, Lucas Davi, William Enck, Ahmad-Reza Sadeghi : SandScout : Automatic Detection of Flaws in iOS Sandbox Profiles. CCS 2016 : 704-716