Developers come with software to test safety Android Apps




Developers of the social networking site LinkedIn have released a first test version of an analysis tool by which the security of an Android app can be tested. The software also provides a description of the potential hazards of the vulnerabilities.

LinkedIn calls the QARK tool offers the software under open source license. With QARK developers can find vulnerabilities in Java applications for Android, such as weak encryption or private keys which are found in the source code. They get to find dangers to see a description of what is wrong. Moreover dishes out QARK sources where you can read what can be done.

To check whether the vulnerabilities are actually exploited generates QARK adb commands that previously had been using. Partly because the tool actually creates a test application that allows vulnerabilities in the Android app to show, so writes security researcher Tony Trummer LinkedIn.

Despite the automation of finding vulnerabilities, Trummer recommends that organizations still manually perform security audits. According to him, there are always namely undiscovered vulnerabilities that can be exploited. In addition, server-side APIs are yet to be explored and, how logical, too, “no perfect tool.”

LinkedIn’s developers say the next time significantly to QARK tinkering. They want, among other things reduce the number of false positives and false negatives. They also want to also test programs that generates QARK the tool automatically tested for vulnerabilities. Finally, they are working on support for Windows, as provisionally QARK only runs on Mac and Linux.


In: Technology & Gadgets Asked By: [15469 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »