Evaluate and Mitigate Security Concerns in Mobile Applications
💡 Compromise a person's smartphone and you get unfiltered access to that person's life.
- OWASP MASVS Foreword
Our phones store our personal information, pictures, notes, and banking information. They are essentially ubiquitous both in our professional and in our social lives. Hacks and data leaks on a large scale are a common occurrence and cause enormous damage to both people and businesses.
Bontouch develops some of Sweden’s largest apps, among them banking, medical, and travel apps that have high security and privacy requirements. We have an interest in delivering secure and trustworthy products to users via our partners.
We envision two different approaches to this task:
- One approach is to analyze mobile application security industry standards, like the Mobile AppSec Verification Standard, and to assess and determine what they recommend as best practices, and how existing codebases adhere to them. Which recommendations are already being followed, and which can be improved?
- Another approach is to focus more on the practical analysis work. Investigate methods and tools for e.g. static analysis of source code or reverse engineering. This might involve comparing existing tools, writing custom rules, or building your own analysis engine.
You will have access to multiple codebases, on multiple platforms, that are suitable candidates to use as test data.
This thesis project may suit you if...
- You have an interest in computer systems security.
- You have an interest in build automation and static analysis.
- You have an interest in adhering to secure coding guidelines.