Appicaptor

Framework for App Analyses

Which apps are your employees allowed to install on company tablets and smartphones? Allowing your employees to use apps indiscriminately jeopardizes your company’s security. The lack of sufficient IT security expertise among many app developers often leads to unintended security gaps. Although the various app stores check for malware, they do not consider the specific app security features and their correct implementation. To address this issue, Fraunhofer SIT as developed »Appicaptor«, an automated analysis framework that assesses whether apps comply with customer-specific IT security policies.

For companies and public authorities, mobile devices offer flexibility but also present considerable risks. Untested apps pose a major threat. They often contain security vulnerabilities or flawed implementation of basic security features. For greater efficiency, many app developers rely on third-party components, which can cause errors to spread across numerous applications. Cybercriminals can exploit these vulnerabilities in a targeted manner, for example to steal passwords or access sensitive business information. Because widely used apps with poor security are easier to exploit than distributing malicious software directly, even popular apps may present significant risks to enterprises and government agencies. At the same time, the demands for protecting sensitive data are increasing.

Range of Services

  • „„App tests with cyclic update of the respective app security assessment   
  • Recommendation of safer apps depending on their functionality and safety requirements
  • Concepts for the secure use of mobile devices (integrated mobile device management)
  • „„Technical consultation
  • IT security guidelines
  • „„Providing app recommendation lists (whitelist / blacklist)
  • „„Support in secure app development
  • „„Automatic basic tests and compliance checks
  • „„In-depth manual app vulnerability analyses
  • „„Expert tests of app binaries and app source code audits
  • „„Development of concepts, procedures and tools for IT securityesting of mobile services and devices

For requesting a sample report send an email to an appicaptor@remove.this.sit.fraunhofer.de