Sciweavers

CCS
2015
ACM

Perplexed Messengers from the Cloud: Automated Security Analysis of Push-Messaging Integrations

8 years 6 months ago
Perplexed Messengers from the Cloud: Automated Security Analysis of Push-Messaging Integrations
In this paper, we report the first large-scale, systematic study on the security qualities of emerging push-messaging services, focusing on their app-side service integrations. We identified a set of security properties different push-messaging services (e.g., Google Cloud Messaging) need to have, and automatically verified them in different integrations using a new technique, called Seminal. Seminal is designed to extract semantic information from a service’s sample code, and leverage the information to evaluate the security qualities of the service’s SDKs and its integrations within different apps. Using this tool, we studied 30 leading services around the world, and scanned 35,173 apps. Our findings are astonishing: over 20% apps in Google Play and 50% apps in mainstream Chinese app markets are riddled with security-critical loopholes, putting a huge amount of sensitive user data at risk. Also, our research brought to light new types of security flaws never known before, w...
Yangyi Chen, Tongxin Li, XiaoFeng Wang, Kai Chen 0
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where CCS
Authors Yangyi Chen, Tongxin Li, XiaoFeng Wang, Kai Chen 0012, Xinhui Han
Comments (0)