Effective Security Assessment of Mobile Apps with MAVeriC: Design, Implementation, and Integration of a Unified Analysis Environment for Mobile Apps. Design, Implementation, and Integration of a Unified Analysis Environment for Mobile Apps

Mobile applications, aka apps, mark the perimeter of the ecosystems of many service providers. Thus, their security assessment is crucial for any company aiming at protecting both customer data and other strategic assets. In fact, software analysts face an extremely hard problem due to, for example, continuous and fast development of new apps and the specific threat model of their organizations. For these reasons, new methodologies and tools are urgently required to drive and possibly automatize the process.In the last years, Poste Italiane carried out several initiatives to reduce the security incidents response time. More recently, MAVeriC was proposed as a unified security analysis platform for Android apps. MAVeriC was designed to achieve a seamless integration of both dynamic and static analysis techniques.In this chapter we present the integration of MAVeriC within the industrial business processes of Poste Italiante. We show how MAVeriC contributed to improve the effectiveness and efficiency of the threat identification as well as the reaction procedures. In particular, we discuss how the automatic security analysis was exploited for two distinct activities. Finally, we describe the application of MAVeriC to a case study involving a real-world application. Such case study is also important for identifying and discussing current limitations and future directions of this research line.