Risk Finder | GreenBee株式会社

Risk Finder

feature

RiskFinder supports secure Android app development

Smartphones open up important cell phone functions to application developers, and if developers do not design and code with security in mind, damage can occur, such as the leakage of smartphone users' personal information or the misuse of fee-based cell phone functions by malware. If developers do not design and code with security in mind, damage can occur.

RiskFinder is an Android app vulnerability diagnostic web service that supports secure app development by detecting app vulnerabilities and problems with over 500 checks. (Click here for details http://www.riskfinder.co.jp/feature.html)

Surprisingly large number of Android app vulnerability-related reports

There were 163(*) vulnerability reports related to Android reported to IPA in 2015. Most of the reported problems are easily preventable with an understanding of Android specifications and characteristics, but the number of reports has not decreased since the first report in 2008.

(*)From http://jvndb.jvn.jp/ (as of December 28, 2015, our total)

Why vulnerability-related reports are not decreasing

Some of the major reasons can be listed below.

  • It is difficult to find time for a detailed source code review during application development.
  • Android has unique specifications and characteristics, and an engineer without knowledge cannot properly design an application.
  • When libraries created by others (other companies) are incorporated into an application, it is impossible for the developer to be aware of any vulnerabilities in the library.

Limitations of vulnerability countermeasures relying on engineers' knowledge and experience

In order to provide secure applications while keeping up with the latest specifications of the ever-evolving Android OS, there is a limit to vulnerability countermeasures that rely only on the knowledge and experience of engineers.
We need a mechanism to diagnose the entire application comprehensively.
RiskFinder is a web service that performs vulnerability diagnostics specifically for Android. It can diagnose vulnerabilities without the need for source code, and can detect problems within the libraries used by the application.
For more information http://www.riskfinder.co.jp/feature.html

RiskFinder is a product developed by sMedio's 100% subsidiary, Tao Software Inc.
The product page for Tao Software Co.this way (direction close to the speaker or towards the speaker)The following is a list of the most common problems with the