Stowaway - static analysis tool for identifying permission use in Android apps
Mon, 2012.10.22 - 15:50 — müzso
"Parts of the Android API are protected with permissions. In order to access protected API calls, developers must request the appropriate permissions in their applications' manifests. If a developer asks for more permissions than an application needs, then the application is overprivileged. Preventing overprivilege is important. Extra permissions may (1) unnecessarily deter users from installing applications, (2) unnecessarily accustom users to accepting lots of permissions, and (3) needlessly increase the potential damage of application vulnerabilities. Stowaway -a static analysis tool- detects overprivilege in compiled Android applications. Stowaway determines the set of API calls that an application uses and then maps those API calls to permissions. Automated testing tools were used on the Android API to build the permission map."
The tool itself seems to be not yet publicly available, but the website lets you upload an APK for analysis and review the results.
The tool itself seems to be not yet publicly available, but the website lets you upload an APK for analysis and review the results.
All of my own contents here (if not noted otherwise) are licensed under the
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License. My posts reflect my personal opinion and shall not be associated with any of my employers.
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License. My posts reflect my personal opinion and shall not be associated with any of my employers.
Recent comments
1 year 43 weeks ago
3 years 12 weeks ago
3 years 12 weeks ago
3 years 14 weeks ago
3 years 15 weeks ago
3 years 22 weeks ago
3 years 22 weeks ago
3 years 22 weeks ago
3 years 22 weeks ago
3 years 23 weeks ago