Reference : IccTA: Detecting Inter-Component Privacy Leaks in Android Apps
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/20058
IccTA: Detecting Inter-Component Privacy Leaks in Android Apps
English
Li, Li mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Bartel, Alexandre [TU Darmstadt]
Bissyande, Tegawendé François D Assise mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Klein, Jacques mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Le Traon, Yves mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Arzt, Steven [TU Darmstadt]
Rasthofer, Siegfried [TU Darmstadt]
Bodden, Eric [TU Darmstadt]
Octeau, Damien [Pennsylvania State University]
McDaniel, Patrick [Pennsylvania State University]
2015
2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE 2015)
Yes
International
2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE 2015)
from 16-05-2015 to 24-05-2015
[en] Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating wallpapers) and (2) use the device microphone (to change background following noise changes). With these permissions, the application could silently record user conversations and upload them remotely. To give more confidence about how Shake Them All actually processes what it records, it is necessary to build a precise analysis tool that tracks the flow of any sensitive data from its source point to any sink, especially if those are in different components.
Since Android applications may leak private data carelessly or maliciously, we propose IccTA, a static taint analyzer to detect privacy leaks among components in Android applications. IccTA goes beyond state-of-the-art approaches by supporting inter-component detection. By propagating context information among components, IccTA improves the precision of the analysis. IccTA outperforms existing tools on two benchmarks for ICC-leak detectors: DroidBench and ICC-Bench. Moreover, our approach detects 534 ICC leaks in 108 apps from MalGenome and 2,395 ICC leaks in 337 apps in a set of 15,000 Google Play apps.
Fonds National de la Recherche - FnR
Researchers ; Professionals ; Students
http://hdl.handle.net/10993/20058

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
li-iccta-preprint.pdfAuthor preprint205.76 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.