Proceedings ArticleDOI
FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps
Steven Arzt,Siegfried Rasthofer,Christian Fritz,Eric Bodden,Alexandre Bartel,Jacques Klein,Yves Le Traon,Damien Octeau,Patrick McDaniel +8 more
- Vol. 49, Iss: 6, pp 259-269
Reads0
Chats0
TLDR
FlowDroid is presented, a novel and highly precise static taint analysis for Android applications that successfully finds leaks in a subset of 500 apps from Google Play and about 1,000 malware apps from the VirusShare project.Abstract:
Today's smartphones are a ubiquitous source of private and confidential data. At the same time, smartphone users are plagued by carelessly programmed apps that leak important data by accident, and by malicious apps that exploit their given privileges to copy such data intentionally. While existing static taint-analysis approaches have the potential of detecting such data leaks ahead of time, all approaches for Android use a number of coarse-grain approximations that can yield high numbers of missed leaks and false alarms. In this work we thus present FlowDroid, a novel and highly precise static taint analysis for Android applications. A precise model of Android's lifecycle allows the analysis to properly handle callbacks invoked by the Android framework, while context, flow, field and object-sensitivity allows the analysis to reduce the number of false alarms. Novel on-demand algorithms help FlowDroid maintain high efficiency and precision at the same time. We also propose DroidBench, an open test suite for evaluating the effectiveness and accuracy of taint-analysis tools specifically for Android apps. As we show through a set of experiments using SecuriBench Micro, DroidBench, and a set of well-known Android test applications, FlowDroid finds a very high fraction of data leaks while keeping the rate of false positives low. On DroidBench, FlowDroid achieves 93% recall and 86% precision, greatly outperforming the commercial tools IBM AppScan Source and Fortify SCA. FlowDroid successfully finds leaks in a subset of 500 apps from Google Play and about 1,000 malware apps from the VirusShare project.read more
Citations
More filters
Proceedings ArticleDOI
IccTA: detecting inter-component privacy leaks in Android apps
Li Li,Alexandre Bartel,Tegawendé F. Bissyandé,Jacques Klein,Yves Le Traon,Steven Arzt,Siegfried Rasthofer,Eric Bodden,Damien Octeau,Patrick McDaniel +9 more
TL;DR: IccTA, a static taint analyzer to detect privacy leaks among components in Android applications goes beyond state-of-the-art approaches by supporting inter- component detection and propagating context information among components, which improves the precision of the analysis.
Proceedings ArticleDOI
Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs
TL;DR: A novel semantic-based approach that classifies Android malware via dependency graphs that is capable of detecting zero-day malware with a low false negative rate and an acceptable false positive rate while tolerating minor implementation differences is proposed.
Proceedings ArticleDOI
Automated Test Input Generation for Android: Are We There Yet? (E)
TL;DR: In this paper, a comparison of the main existing test input generation tools for Android apps is presented, based on four metrics: ease of use, ability to work on multiple platforms, code coverage, and ability to detect faults.
Proceedings ArticleDOI
Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps
TL;DR: Amandroid as mentioned in this paper is a static analysis for security vetting of Android apps, and built a general framework called Amandroid for determining points-to information for all objects in an Android app in a flow-and context-sensitive way across Android apps components.
Proceedings ArticleDOI
Information-Flow Analysis of Android Applications in DroidSafe
TL;DR: DroidSafe achieves unprecedented precision and accuracy for Android information flow analysis and detects all malicious information flow leaks inserted into 24 real-world Android applications by three independent, hostile Red-Team organizations.
References
More filters
Journal ArticleDOI
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
William Enck,Peter Gilbert,Seungyeop Han,Vasant Tendulkar,Byung-Gon Chun,Landon P. Cox,Jaeyeon Jung,Patrick McDaniel,Anmol Sheth +8 more
TL;DR: TaintDroid as mentioned in this paper is an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data by leveraging Android's virtualized execution environment.
Proceedings ArticleDOI
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
William Enck,Peter Gilbert,Byung-Gon Chun,Landon P. Cox,Jaeyeon Jung,Patrick McDaniel,Anmol Sheth +6 more
TL;DR: Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, this work found 68 instances of misappropriation of users' location and device identification information across 20 applications.
Proceedings ArticleDOI
Dissecting Android Malware: Characterization and Evolution
Yajin Zhou,Xuxian Jiang +1 more
TL;DR: Systematize or characterize existing Android malware from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software.
Proceedings ArticleDOI
Precise interprocedural dataflow analysis via graph reachability
TL;DR: The paper shows how a large class of interprocedural dataflow-analysis problems can be solved precisely in polynomial time by transforming them into a special kind of graph-reachability problem.
Proceedings ArticleDOI
A survey of mobile malware in the wild
TL;DR: The incentives behind 46 pieces of iOS, Android, and Symbian malware that spread in the wild from 2009 to 2011 are analyzed and the effectiveness of techniques for preventing and identifying mobile malware is evaluated.