The increasing use of mobile devices and applications has led to a rise in potential cyber-attacks, particularly malware attacks. To counter these threats, researchers have developed systems to detect and remove malware from mobile devices. However, a paradox emerges: as researchers improve their malware detection algorithms, malware creators develop new and sophisticated techniques to evade detection. These detection algorithms are packaged as mobile applications that users install on their devices. This study delves into the realm of apps designed to protect against malware, aiming to ascertain whether they possess security vulnerabilities that malicious actors can exploit. Such vulnerabilities could endanger both the user's mobile device and their data. The Open Web Application Security Project (OWASP) has established a list outlining the top ten security issues prevalent in mobile applications. In this research, an automated tool is employed to assess whether antimalware apps exhibit any of these OWASP vulnerabilities. The outcomes reveal that every antimalware app analyzed contains certain vulnerabilities. This implies that the security shortcomings commonly identified in ordinary applications are also present in antimalware apps, thereby diminishing their robustness. Consequently, it becomes crucial to instill security considerations right from the initial design phase of these protective applications. This investigation serves as a reminder to users, developers, and organizations that protective apps may carry vulnerabilities, even though their primary purpose is to enhance security.

Author: Polra Victor Falade

Published in: International Conference for Internet Technology and Secured Transactions (ICITST-2023)

• Date of Conference: 13-15 November 2023
• DOI: 10.20533/ICITST.2023.0009
• ISBN: 978-1-913572-63-1
• Conference Location: St Anne’s College, Oxford University, UK