The Project for CS858 - Android Security
This project recreated some aspects of research done by Oltrogge et al. in analyzing the general security of apps created by online app generators on a smaller scale using manual analysis. We developed three and generated three apps with different levels of runtime permissions and decompiled them to get to the resources that were needed. By comparing the android manifest and Dex bytecode of the apps, we discovered that firstly, the apps generated with OAGs use more permissions than they need to function correctly; secondly, they use boilerplate code that would lead to reconfiguration attacks and more critical vulnerabilities, and finally, there is the usage of components that exceed the need of the particular apps that we created. Due to the use of boilerplate code and the prevalence of apps generated by OAGs in the market, vulnerabilities caused by these app generators have a significant impact. However, this fact can- not be denied that online app generators ease the process and reduce costs in developing mobile applications. They can be used with more trust if they adhere to security best practices.