The Study of Improvement and Risk Evaluation for Mobile Application Security Testing

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 733)

Abstract

The popularity of mobile devices has caused them to become indispensable to, and because of increasing dependency on mobile devices following sharp growth in mobile device applications, effective security testing specifications have become essential. However, developers do not prioritize security during mobile application development, causing unscrupulous individuals to exploit loopholes or vulnerabilities in the applications or develop malicious applications to steal sensitive user data, resulting in user information leakage and financial losses. The security specifications for mobile device applications in Taiwan regarding data authorization, data storage, data protection, transmission protocol, transmission protection, application execution, application security, system execution, and system security remain inadequate. Mobile device testing specifications were analyzed in this study, and the specification priorities of documents across countries were categorized. The Open Web Application Security Project and National Institute of Standards and Technology were used as the specification standard with the Cloud Security Alliance’s white paper on mobile device specifications to provide more complete security testing specifications for mobile applications. Recommendations were provided based on the testing procedures, improvement methods, and risk assessment of the test items to reduce personal information leakage and financial losses.

Keywords

Mobile phone security Mobile applications Inspection specification 

References

  1. 1.
  2. 2.
  3. 3.
    Introduction to the Industrial Development Bureau, Ministry of Economic Affairs, https://www.moeaidb.gov.tw/external/view/rwd_tw/intro/index01.html
  4. 4.
    Introduction to the National Communications Commission, http://www.ncc.gov.tw/chinese/content.aspx?site_content_sn=2255&is_history=0
  5. 5.
    Introduction to Cloud Security Alliance, http://www.twcsa.org
  6. 6.
    Smith, M.: Computer Security-Threats, Vulnerabilities and Countermeasures, Information Age, pp. 205–210, October 1989Google Scholar
  7. 7.
    National Communications: 2015 Report on Information Security Inspection of Built-in Software for Mobile Phone Systems 104 (2016)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of FinanceNational Formosa UniversityYunlinTaiwan

Personalised recommendations