Presented at
AppSec USA 2015,
Sept. 24, 2015, 3 p.m.
(55 minutes).
SecureMe - Droid is an Android security application that notifies the user of publicly known vulnerabilities found in the installed version of applications on the user's device. The application has been built on a client-server model so that user's device has to perform least CPU operations and the network traffic is also limited.
The current version of SecureMe - Droid uses only NVD CVE XML database to find vulnerabilities and security weaknesses in apps using its application name, package name and version number.
SecureMe - Droid has an easy to use interface which allows user to configure the scanning options, check installed applications for vulnerabilities along with other application behavior actions.
Android broadcast action "android.intent.action.PACKAGE_ADDED" is released when a new Android application package is installed and "android.intent.action.PACKAGE_REPLACED" is released when an existing Android application package is either upgraded or replaced. Do not that these broadcast actions are automatically generated and released by Android itself when a new Android app is installed/ upgraded/replaced.
SecureMe - Droid passively listens for these two broadcast actions to identify when a new application has been installed or an existing application is upgraded or replaced.
Settings allow to tweak the app notifications and search depth according to user's choice. The app allows the user to choose from Intense (2010-2014) to Low (only 2014) CVE database to search for vulnerabilities and weaknesses. Default search depth is Medium (2012-2014).
User can check single, multiple or all apps for vulnerabilities using an easy to use user-interface.
The Scheduled Scan feature allows the user to configure a scheduled scan of installed apps using SecureMe - Droid. At present scheduler can run weekly/monthly/yearly.
To avoid exploitation due to excessive Android permission, SecureMe - Droid requires only two permissions to run on an Android:
1. Internet Access (android.permission.INTERNET)
2. Run at startup (android.permission.RECEIVE_BOOT_COMPLETED
SecureMe - Droid does not access or transmit any sensitive user information and respects privacy at all times. The data that accessed from user's device are:
The only information which gets accessed and transmitted are listed below:
1. Application Name
2. Application Package Name
3. Application Version Number
4. Application Version Name
5. SecureMe - Droid Search Depth setting (1-5 only)
6. SecureMe - Droid Vulnerability Details settings (1 or 0)
Presenters:
-
Vishal Asthana
- Director (India) - Security Compass
Preventive side of AppSec appeals to me as a result of which, researching various aspects of SDLC Security and Agile Security will always be of interest. To that effect, was fortunate to have led a cross-org. 2012 SAFECode paper on Practical Software Security Guidance for Agile practitioners. Regarding my current employment, setup and manage the India operations and contribute as a tech. resource, as and when needed. Been in the industry for 1.5 decades now, across geographies and industries.
-
Abhineet Jayaraj
- Security Consultant - Security Compass Inc.
Abhineet Jayaraj is a Security Consultant at Security Compass. Majorly works in the field of web application, mobile application and infrastructure security & spends time in research-n-development with skills of a quick-n-dirty coder. Like to automate tasks to ease some security testing.
Links:
Similar Presentations: