Certified security for mobile applications
The smartphone supports us both, at work and in everyday life. Especially the amount of apps provided in the app stores facilitate many activities immensely. Many apps reach the masses, but risks can also arise. These arise mainly through the many applications of unknown origin. Developers of the apps can integrate malware here, which users then download and install together with the app. These vulnerabilities of apps can be used by attackers as entry points to gain access to company data. The existing security screening procedures often have gaps and can be easily circumvented. ZertApps tackles this problem.
Before a new app is published, a deep security analysis is performed. What is special about these is that they go beyond the state of the art and are optimized combinations of static dynamic analyzes. In addition, platform-specific security models (primarily Android) and platform-independent HTML5 and Java environments, which are used in hybrid apps, are also included. Thus, different safety models can be combined and a large area covered. If the app is classified as safe according to the security analysis, it will be certified and can be safely downloaded.
The topic of “security analyses of mobile applications” should be dealt with fundamentally and comprehensively using ZertApps. The goal was to develop an analysis and certification platform that can test security from development to deployment.
Project duration: 01.01.2014 – 31.12.2015
Participating project partners:
- datenschutz cert GmbH
- SAP AG
- Fraunhofer-Institut für Sichere Informationstechnologie
- TU Darmstadt
- OTARIS Interactive Services GmbH
This project was supported by the Federal Ministry of Education and Research.