A Security Vulnerability Analysis System for Android Application

讲座内容：Mobile security is a hot topic in recent years. Especially nowadays, everyone has at least one or more smart phones. While most mobile security researchers focus on malware analysis and malware detection, we focus on finding security vulnerabilities in mobile applications. We want to make more and more Android developers aware of the potential security holes in their Android applications and how each line of the codes they wrote may cause serious security holes. If these security issues are not fixed, any app on the phone can easily exploit user’s phone, stealing user’s private files and messages without user’s knowledge, compromising user’s account by the stolen access token, etc. And some exploits can be made remotely without installing malicious application on user’s phone. We propose a massive vulnerability analysis system to help Android developers reduce the risks of applications being exploited or hacked. Our system had helped us find one or more security vulnerabilities in Android applications or SDKs developed by Facebook, Microsoft, Google, Evernote, LINE Whos Call, Alibaba, Badoo, Sina Weibo, Baidu, Tencent and other renowned companies. We had reported our findings to these companies and gotten their confirmations and acknowledgements. These acknowledgements should fully prove our system can efficiently and accurately help find the vulnerabilities in those products that have not been discovered by other security researchers or their Android developers.