Reference : Highly precise taint analysis for Android applications
Reports : Other
Engineering, computing & technology : Computer science
Highly precise taint analysis for Android applications
Fritz, Christian [> >]
Arzt, Steven [> >]
Rasthofer, Siegfried [> >]
Bodden, Eric [> >]
Bartel, Alexandre [> >]
Klein, Jacques mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC)]
Le Traon, Yves mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)]
Octeau, Damien [> >]
McDaniel, Patrick [> >]
[en] Today’s smart phones are a ubiquitous source of private and
confidential data. At the same time, smartphone users are
plagued by malicious apps that exploit their given privileges
to steal such sensitive data, or to track users without their
consent or even the users noticing. Dynamic program analyses
fail to discover such malicious activity because apps have
learned to recognize the analyses as they execute.
In this work we present FlowDroid, a novel and highly
precise taint analysis for Android applications. A precise
model of Android’s lifecycle allows the analysis to properly
handle callbacks, while context, flow, field and objectsensitivity
allows the analysis to track taints with a degree
of precision unheard of from previous Android analyses.
We also propose DroidBench, an open test suite for
evaluating the e↵ectiveness and accuracy of taint-analysis
tools specifically for Android apps. As we show through a set
of experiments using SecuriBench Micro, DroidBench and
a set of well-known Android test applications, our approach
finds a very high fraction of data leaks while keeping the
rate of false positives low. On DroidBench, our approach
achieves 93% recall and 86% precision, greatly outperforming
the commercial tools AppScan Source and Fortify SCA.

File(s) associated to this reference

Fulltext file(s):

Open access
Highly Precise Taint Analysis for Android Application.pdfPublisher postprint722.4 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.