The misunderstanding and incorrect configurations of cryptographic primitives have exposed severe security vulnerabilities to attackers. Due to the pervasiveness and diversity of cryptographic misuses, a comprehensive and accurate understanding of how cryptographic misuses can undermine the security of an Android app is critical to the subsequent mitigation strategies but also challenging. Although various approaches have been proposed to detect cryptographic misuse in Android apps, studies have yet to focus on estimating the security risks of cryptographic misuse. To address this problem, we present an extensible framework for deciding the threat level of cryptographic misuse in Android apps. Firstly, we propose a general and unified specification for representing cryptographic misuses to make our framework extensible and develop adapters to unify the detection results of the state-of-the-art cryptographic misuse detectors, resulting in an adapter-based detection tool chain for a more comprehensive list of cryptographic misuses. Secondly, we employ a misuse-originating data-flow analysis to connect each cryptographic misuse to a set of data-flow sinks in an app, based on which we propose a quantitative data-flow-driven metric for assessing the overall risk of the app introduced by cryptographic misuses. To make the per-app assessment more useful for app vetting at the app-store level, we apply unsupervised learning to predict and classify the top risky threats to guide more efficient subsequent mitigation. In the experiments on an instantiated implementation of the framework, we evaluate the accuracy of our detection and the effect of data-flow-driven risk assessment of our framework. Our empirical study on over 40,000 apps and the analysis of popular apps reveal important security observations on the real threats of cryptographic misuse in Android apps.

翻译：对密码原语的误解和错误配置给攻击者暴露了严重的安全漏洞。由于加密误用的普遍性和多样性，全面准确地理解加密误用如何破坏Android应用的安全性，对于后续的缓解策略至关重要，但也极具挑战性。尽管已有多种方法被提出用于检测Android应用中的加密误用，但现有研究尚未聚焦于评估加密误用的安全风险。为解决这一问题，我们提出了一个可扩展的框架，用于判定Android应用中加密误用的威胁等级。首先，我们提出了一种通用且统一的规范来表示加密误用，使我们的框架具有可扩展性，并开发适配器来统一现有最优加密误用检测器的检测结果，从而形成一个基于适配器的检测工具链，以获取更全面的加密误用列表。其次，我们采用基于误用起源的数据流分析，将每个加密误用与应用中的一组数据流汇点关联起来，在此基础上提出了一种量化的数据流驱动指标，用于评估加密误用给应用引入的整体风险。为了使逐应用评估在应用商店层面的应用审查中更具实用性，我们应用无监督学习来预测并对高风险威胁进行分类，以指导后续更高效的缓解工作。在对框架实例化实现的实验中，我们评估了检测的准确性以及框架中数据流驱动风险评估的效果。基于对超过40,000个应用的实证研究以及对热门应用的分析，我们揭示了关于Android应用中加密误用真实威胁的重要安全观察结果。