CyLab's AppScanner: Cloud-Based Mobile Application Security

Monday, March 19, 2012



Researchers at Carnegie Mellon University's CyLab have dedicated significant time and resources in an attempt to address security concerns involved with the rapid increase in use of mobile devices and the myriad of applications available.

"With the widespread adoption of smartphones, mobile applications have gained mainstream popularity. However, the potential privacy and security risks associated with using mobile apps are quite high, as smartphones become increasingly integrated with our lives, being able to access our email, social networking accounts, financial information, personal photos, and even our cars and homes," CyLab notes.

The security research organization has released a free application security scanner that is uniquely designed to provide more comprehensive analysis by leveraging the collective wisdom of a wide variety of security resources.

AppScanner is "an automated cloud-based service based on crowdsourcing and traditional security approaches to analyze mobile applications," CyLab states.

The researchers intend for the AppScanner project to produce actionable intelligence regarding the functionality of software designed for mobile devices and the potential consequences to both security and privacy for the end-user.

"Considering the large and growing number of mobile applications, our envisioned service builds on crowdsourcing, virtualization, and automation to enable large-scale analysis of apps. AppScanner provides end-users with more understandable information regarding what mobile apps are really doing on their devices," CyLab explains.

To better the fundamental apsects of the AppScanner project, Cylab has issued a white paper that examines the initiative and how the cloud-based crowdsourcing methodology will work to provide more useful information on applications than is currently available.

"This paper offers an overview of our vision for building AppScanner, as well as work to date in specific components, including automated traversal and monitoring of mobile applications, and interactive visual presentation of app traversal results. Armed with transparent and descriptive information regarding app behavior, users can make better decisions when installing and running apps."

About Carnegie Mellon CyLab: CyLab ( is a bold and visionary effort, which establishes public-private partnerships to develop new technologies for measurable, secure, available, trustworthy and sustainable computing and communication systems. CyLab is closely affiliated with the CERT Coordination Center, a leading internationally recognized center of Internet security expertise.

The Cylab white paper on the AppScanner project can be found here:


Possibly Related Articles:
Application Security Cloud Computing Tools Mobile Devices Smart Phone Headlines Carnegie Mellon CyLab AppScanner Crowdsourcing
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.