The Java platform provides various cryptographic APIs to facilitate secure coding. However,
correctly using these APIs is challenging for developers who lack cybersecurity training …

Cryptographic (crypto) algorithms are the essential ingredients of all secure systems: crypto
hash functions and encryption algorithms, for example, can guarantee properties such as …

We propose a novel hybrid method to analyze the security vulnerabilities in Android
applications. Our method combines static analysis, which consists of metadata and data flow …

Many apps performing security-sensitive tasks (eg, online banking) attempt to verify the
integrity of the device they are running in and the integrity of their own code. To ease this …

Cryptographic functions play a critical role in the secure transmission and storage of
application data. Although most crypto functions are well-defined and carefully-implemented …

Modern Android apps consist of both host app code and third-party libraries. Traditional
static analysis tools conduct taint analysis for API misuses on the entire app code, while third …

Using API should follow its specifications. Otherwise, it can bring security impacts while the
functionality is damaged. To detect API misuse, we need to know what its specifications are …

In the last decade, a series of papers were published on using static analysis to detect
cryptographic API misuse. In each paper, apps are checked against a set of rules to see if …

Smartphones and their applications have become a predominant way of computing, and it is
only natural that they have become an important part of financial transaction technology …

Application Programming Interfaces (APIs) are the primary mechanism that developers use
to obtain access to third-party algorithms and services. Unfortunately, APIs can be misused …