More Apps More Problems

264 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
264
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

More Apps More Problems

  1. 1. Risk - noun `riskThe possibility of loss or injury
  2. 2. • •• •• •• •• •• •• • • • • • • • •
  3. 3. • •• •• •• •• •• ••••••
  4. 4. •••••
  5. 5. ••••• •
  6. 6. •••••
  7. 7. •••••••
  8. 8. • • • • • •
  9. 9. ••••
  10. 10. • ‣ ‣• ‣ ‣
  11. 11. • ‣• ‣ ‣
  12. 12. • ‣ ‣•
  13. 13. Crowd Sourced Current Solutions Inadequate Internal Teams DevelopersDev Site A Dev Site B Security Consultants • Very expensive • In short supply iPhone • Time to results too long Dev Site C Apps Crowd Internal Sourcing Tools • Do not scale across sites Open 3rd Party • Very high noise ratio Source Open Software Software Vendors • Can not test 3rd party code Source SYMC MSFT • Separation of duties issue Outsourced Developers Offshore • Do not know how to write Oracle secure code Provider • Prioritize time-to-ship, functionality over security Processes • Difficult to implement Eastern China • Years to fine tune Europe India • Low adoption (< 1% of US Contractors companies CMMI Level 5 certified) Unknown Skills
  14. 14. 53,000 Applications Analyzed Android Market: ~48,000 3rd Party Markets: ~5,000Permissions Requested Average: 3 Most Requested: 117Top “Interesting” Permissions GPS information: 24% (11,929) Read Contacts: 8% (3,626) Send SMS: 4% (1,693) Receive SMS: 3% (1262) Record Audio: 2% (1100) Read SMS: 2% (832) Process Out Calls: 1% (323) Use Credentials : 0.5% (248)
  15. 15. 52,000 Applications Analyzed• Android Market:• 3rd Party Markets:Third Party Libraries• Total Third Party Libraries:• Top Shared Libraries - - - - - - - -
  16. 16. •• ‣••
  17. 17. •••
  18. 18. Whitelisting• Conduct static analysis of candidate applications• Create a whitelist• Use an unbiased 3rd party• Enforcement via mobile policy

×