A Security Vulnerability Assessment in Selected Android Applications

Student: Oluwaseyifunmi Michael Alayerogun (Project, 2025)
Department of Cyber Security
Elizade University, Ilara-Mokin, Ondo State

Abstract

ABSTARCT
This research explores the security posture of Android applications by integrating static analysis with the Common Vulnerability Scoring System (CVSS) to detect, evaluate, and prioritize vulnerabilities. Android’s widespread use across sectors has amplified concerns about app security, especially given its open-source nature and inconsistent development practices. To address these challenges, five Android applications—2go, Facebook, Hitwe, Kee2Pass, and TikTok—were selected and analyzed using tools such as MobSF, Apktool, and JADX. The methodology involved decompiling APKs, scanning for vulnerabilities, and assigning CVSS v3.1 base scores to quantify their severity. The findings revealed a range of vulnerabilities, including insecure data storage, poor network security, permission misuse, and weak encryption practices. Each vulnerability was classified and scored, with Kee2Pass and 2go showing the highest average risk levels. Jaccard similarity analysis further compared shared vulnerability patterns across the apps. The study not only highlights recurring flaws in popular mobile applications but also presents a structured, replicable approach for developers and security analysts to detect and prioritize vulnerabilities based on their actual risk impact, thereby improving app security management practices

Keywords
android security vulnerability assessment mobile app security android applications cybersecurity data protection android vulnerabilities security analysis app security testing information security malware risks mobile threats
Filters
Institutions