ZertApps – Certified Security for Mobile Applications

projektbildSmartphones get more common in both the private and the business environment. According to the association BITKOM every third German already owns a smartphone – and the trend is increasing. A key success factor is the ability of smartphones, to conveniently download and install application programs (apps) provided in “App Stores” over the Internet. However, with the opportunities of this development great risks go hand in hand, especially by the growing number of mobile applications from often unknown origin. This increases the risk to spread malicious software that disguises itself as a useful application. In addition, weaknesses in Apps can be used by attackers as entry points to gain access to company data. The joint project ZertApps (Certified Security for mobile applications) will concentrate on this issue.

App analyzes and certification for more safety

ZertApps supports in depth analysis and subsequent security certification of apps before they are released for public use. This obvious approach is already rudimentary pursued of AppStore operators such as Google. Crucial for the actual increase in app security are the quality of the analytical methods used and the safe preparation and administration of certificates to prevent imitations. There are still large research and development needs, the ZertApps association will take up because the existing mechanisms cannot be easily bypassed by malware vendors.

Expansion of existing analytic processes

The specific, going beyond the state of the art approaches of Cert Apps are based on an application-specific optimized combination of static and dynamic analyzes, the integration of the security models of platform-specific environments (here is intended to take primarily Android into account) and cross-platform HTML5 and Java environments and the consideration of security issues that can only arise from the interplay of several apps.

Duration: 01.01.2014 – 31.12.2015
Partner: OTARIS Interactive Services GmbH, datenschutz cert GmbH, SAP AG, Fraunhofer-Institut für Sichere Informationstechnologie SIT, TU Darmstadt
Sponsor: BMBF