Team
What's New
Sep 12, 2019 Ghera's second Android security bug report was acknowledged as medium priority, fixed and released as a patch for Android 10 by the Android Security team. Here are a few related links: Security Bulletin , CVE-2019-9463 , and Acknowledgements .
Aug 05, 2019 Rekha evaluation was published in the Journal of Empirical Software Engineering
Mar 20, 2019 A new benchmark was added to the Web category that illustrates an unauthorized acces vulnerability stemming from the lack of authorization logic when interacting with a remote server. With this addition, Ghera now has 60 benchmarks.
Feb 28, 2019 With the addition of 2 new benchmarks to the Web category, Ghera now captures 59 known vulnerabilities.
Feb 21, 2019 A new Web benchmark that illustrates an unauthorized resource access to a content provider via JavaScript in WebView was added. This brings the total number of Ghera benchmarks to 57.
Dec 03, 2018 Ghera's first Android security bug report was acknowledged as High priority and fixed by Android Security team. Security Bulletin , CVE-2018-9548 , and Acknowledgements .
Dec 03, 2018 A new ICC benchmark that illustrates a DoS vulnerability stemming from unhandled exceptions was added to Ghera.
Aug 27, 2018 With the addition of 2 new lean benchmarks to Networking category, Ghera now captures 55 known vulnerabilities.
Aug 10, 2018 New wiki posts about path-permission and external storage vulnerabilities.
Jul 10, 2018 Added description for 12 new benchmarks and one new category to Ghera Website.
June 25, 2018 The results from evaluating the effectiveness of free Android app security analysis tools in detecting known vulnerabilities is available. (PREPRINT )
June 14, 2018 Added 12 new benchmarks and one new category to Ghera.
May 24, 2018 Added support for Android API levels 26 and 27 and dropped support for Android API levels 19 and 21.
Feb 18, 2018 Fully automated functional testing support was added.
Nov 08, 2017 Ghera was presented at PROMISE'17 . Here's the slide deck .