30. Crowd Sourced Current Solutions Inadequate
Internal Teams Developers
Dev Site A Dev Site B
Security Consultants
• Very expensive
• In short supply
iPhone • Time to results too long
Dev Site C Apps
Crowd
Internal Sourcing Tools
• Do not scale across sites
Open 3rd Party • Very high noise ratio
Source Open Software Software Vendors • Can not test 3rd party code
Source SYMC MSFT • Separation of duties issue
Outsourced
Developers
Offshore • Do not know how to write
Oracle secure code
Provider
• Prioritize time-to-ship,
functionality over security
Processes
• Difficult to implement
Eastern China • Years to fine tune
Europe India • Low adoption (< 1% of US
Contractors companies CMMI Level 5
certified)
Unknown
Skills
31. 53,000 Applications Analyzed
Android Market: ~48,000
3rd Party Markets: ~5,000
Permissions Requested
Average: 3
Most Requested: 117
Top “Interesting” Permissions
GPS information: 24% (11,929)
Read Contacts: 8% (3,626)
Send SMS: 4% (1,693)
Receive SMS: 3% (1262)
Record Audio: 2% (1100)
Read SMS: 2% (832)
Process Out Calls: 1% (323)
Use Credentials : 0.5% (248)
32.
33. 52,000 Applications Analyzed
• Android Market:
• 3rd Party Markets:
Third Party Libraries
• Total Third Party Libraries:
• Top Shared Libraries
-
-
-
-
-
-
-
-