"New Tool Detects Unsafe Security Practices in Android Apps"

Computer scientists at the Columbia University developed a new tool called CRYLOGGER to detect when an Android app is misusing cryptography. The tool detects whether an Android app violates guidelines set by expert cryptographers and organizations such as the National Institute of Standards and Technology (NIST) and the Internet Engineering Task Force (IETF) in which security standards are defined to secure sensitive data. Android apps are supposed to use cryptographic algorithms to make users' sensitive data, such as credit card numbers, passwords unintelligible, thus maintaining their security. However, app and library developers can misuse the Application Programming Interfaces (APIs) of cryptographic algorithms through parameter misconfiguration as well as the use of weak passwords and constant keys. CRYLOGGER can analyze closed-source apps without modifying an app's code, examine the actual parameters used by an app, detect when two apps are communicating insecurely, and more. This article continues to discuss the development, capabilities, and testing of CRYLOGGER. 

Columbia Engineering reports "New Tool Detects Unsafe Security Practices in Android Apps"