A certification process for android applications

Date of this Version


Document Type

Conference Paper

Publication Details

Published version

Kalutarage, H.K., Krishnan, P., & Shaikh, S.A. (2012). A certification process for android applications. Paper presented at the 6th International Workshop on Foundations and Techniques for Open Source Software Certification. 1-2 October 2012, Thessaloniki, Greece

Access the conference

2012 HERDC submission. FoR code: 080309

© Copyright Springer, 2012


The last decade has seen the emergence of mobile platform for software applications. An important factor in the remarkable growth in this area is the development of Android and a community of mobile application developers sharing open sourced and free software. While the emphasis for Android has been openness and user control, this brings with it challenges of validating and securing mobile apps. Development of dedicated tools and techniques to test mobile apps for functional and nonfunctional properties has been limited so far. Such an effort is made more difficult given frequent version updates for Android in its short history (over ten in ten years). The need for better security and assurance for mobile apps, on the other hand, is ever so more as apps providing important services such as banking, navigation, and identity management emerge. This paper attempts to converge on current concepts and practices of testing mobile apps. We provide a structured checklist approach to vulnerability assessment and permission mapping of mobile apps, which is underpinned by a set of available tools, and ultimately contribute to a framework for certification of mobile apps. The proposed certification process combines diverse sources and has a focus on automation



This document has been peer reviewed.